AAPL Stock: 123.38 ( + 0.61 )

Printed from

Researchers discover cryptocurrency hack costing mining pools $83,000

updated 12:52 pm EDT, Fri August 8, 2014

Network compromise redirected mining pool traffic to alternate server

Security researchers have discovered a vulnerability in the way cryptocurrencies, such as Bitcoin, are stored in mining pools, allowing for funds to be stolen. Discovered by the Dell SecureWorks Counter Threat Unit, the exploit has allegedly already been used at least once, with one attacker said to have acquired approximately $83,000 using the technique.

The attack used fake "Border Gateway Protocol" (BGP) broadcasts, an external routing protocol typically used to allow networks to see each other. The Register reports the attackers spoofed the broadcast in order to route communications to their servers, instead of legitimate mining servers hosted by Amazon, Digital Ocean, OVH, and other hosting networks. Rather than the mining pool issuing payouts for work completed, the rerouted traffic allowed the attacker to instead receive the rewards.

A total of 51 networks were compromised by the technique across 19 Internet providers, the research team advised. The $83,000 attack was a sustained campaign which lasted between February and May of this year, and though the researchers tracked the broadcasts to an unnamed Canadian ISP's router, the identity of the attacker remains unknown. Due to the nature of the attack, it is hypothesized that it could be a rogue employee or an ex-employee of the ISP with an unchanged router password, or a malicious hacker. The ISP in question has been informed and put a stop to the malicious BGP broadcasts, but did not feed back any further details about the issue.

Since the attack hinges on being able to create BGP broadcasts, a process which requires both the sender and the recipient to be manually configured before communication can start, the research team advises that BGP peering is still "reasonably secure," with hijacking being a minimal threat. Even so, it suggests to ISPs that they opt in to the Resource Public Key Infrastructure, while pool servers could use the SSL protocol to prevent such redirection attempts.

The exploit is the latest security incident to occur to companies connected to Bitcoin. In March, Bitcoin exchange Flexcoin closed after the theft of approximately $620,000 in the currency. In the same month, large exchange Mt. Gox discovered a cache of Bitcoins thought to have been stolen by hackers, and though the 200,000 bitcoin collection was worth $115 million at the time, it still had another 600,000 bitcoin left to account for.

by MacNN Staff





Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

Entry-level 27-inch Retina iMac

The 27-inch Apple iMac with 5K Retina display is already one of the best value-for-money Macs that Apple has ever released. It was som ...


Most Commented