Earlier today, an article by Richard Chirgwin on The Register brought back to light a nasty attack vector that can be exploited to intercept and manipulate traffic related to Bitcoin and its network, called a “routing attack.”
Various attack methods are described in this paper on arXiv by Apostolaki, Zohar, and Vanbever on March 24, 2017, this method of attack works at both large and small scale on the Bitcoin network and can result in widespread revenue loss.
This paper describes the Bitcoin network as largely centralized from a networking standpoint due to the few number of Autonomous Systems that host most of the nodes, making it susceptible to routing attacks and is the first of its kind to examine these networking vulnerabilities in relation to cryptocurrency while also offering solutions.
Routing attacks, however, are not new, and a specific form of routing attack that can be used to slow or stop communications between major parts of the Bitcoin network, called BGP (Border Gateway Protocol) hijacking is a known vulnerability in the way the internet functions–one that can impact a variety of services beyond Bitcoin.
In fact, BGP hijacking is a common problem that has given rise to issues such as when TTNET hijacked a major part of the internet in 2004 and when Pakistan knocked Youtube offline in 2008. In short, this has been a long-standing and well-known issue with the internet with no widely-deployed, effective solution prior to now.
This form of attack was used by hackers to exploit bitcoin miners in 2014, an exploit that netted the attackers upwards of $84,000 in bitcoin, and has been in use in the years since.
BGP hijacking–also known as IP hijacking, route hijacking, and prefix hijacking–takes advantage of the internet routing tables that allow providers (like Verizon and Sprint) to talk between their networks. These providers, which include ISPs, are called Autonomous Systems (AS) and the BGP manages the routing tables for communications between them.
By hijacking this routing data, information can be sent to places where the sender did not intend. Sometimes it occurs accidentally, but others it is an intentional and malicious re-routing of traffic such as is the case with some of the internet’s biggest black holes which continue to suck up data thanks to BGP.
Basically, the internet always has information that is passing back and forth between ASs like ISPs, but somehow the internet needs to stay consistent. This means that sometimes data that doesn’t “match” is dropped to keep the internet the cohesive, shareable thing that we know it as.
“90% of Bitcoin nodes are vulnerable to BGP hijacks.”
Apostolaki, Zohar, and Vanbever
When a hacker intentionally uses BGP vulnerabilities to attack the Bitcoin network, it is likely they will either try to partition the network or delay the network.
If a hacker uses a BGP attack to partition the network, then they use this aforementioned requirement of internet consistency to confuse ISPs into dropping packets of information to make everything match.
They split the network so that one side is communicating amongst itself and the other is doing the same, but the two pieces of the network aren’t talking to each other and staying consistent. It’s basically like a married couple talking to their best friends about an argument but not to one another. Once the network, the couple, comes back together to begin communicating, the stories eventually have to align and become consistent. That means all the outstanding transactions that don’t match up have to be thrown out. This opens up the network to double-spending and major losses in mining.
Diverting Bitcoin traffic using BGP is fast–less than two minutes fast–and it takes less than 100 prefixes to control more than 50% of Bitcoin’s mining power, according to Apostolaki, Zohar, and Vanbever.
Much like the couple who does not communicate, it can also take the Bitcoin network significant time to fully heal from this form of partitioning attack. Although the network recovers quickly in a basic sense from a partitioning attack, it can take hours to become “densely connected” again.
On the other hand, delay attacks are not likely to work on the Bitcoin network on any wide scale thanks to multi-homing, and such an attack would require a coalition of nearly all ASes in a country intentionally participating in such an attack to cause significant issues. Because of this, Apostolaki et al. consider this likelihood very small, especially in comparison to partitioning attacks.
Apostolaki et al. offer a range of solutions including peer selection that takes routing into account and round-trip time monitoring as well as using gateways in different ASes. Longer term solutions include requesting blocks on multiple connections, encrypting Bitcoin communication or adopting MAC, and using UDP heartbeats. For more information on solutions, please view the full-length paper here.