Radware’s Emergency Response Team (ERT) has been following a trend in outages effecting bitcoin exchanges over the last several weeks.
Download a Copy Now
Abstract
Radware’s Emergency Response Team (ERT) has been following a trend in outages effecting bitcoin exchanges over the last several weeks. Predicted by Radware last yeari, attacks against bitcoin exchanges and marketplaces seem correlated with currency value fluctuations and have exponentially grown due to the rise in value of bitcoin – hitting an all-time high of $2,995 USD on June 11ii.
Figure 1: BTC-E suffers from a DDoS attack
Background
Obviously, bitcoin investors would like to see its value increase. Regardless, as its value increases, it becomes increasingly valuable to more people. This increased attention is creating profitable opportunities for cyber criminals. For example, the WannaCryiii campaign locked up computers around the world demanding bitcoin exchanges for a decryption key.
Since then, several crypto-currency exchanges around the world have been experiencing outages related to either a flood of natural traffic due to market fluctuations and demand or malicious traffic from denial-of-service attacks.
This past week, both Bitfinix and BTC-e announcediv that their networks were experiencing service degradation due to a denial-of-service attack. Coinbase reported experiencing issues with load times that resulted in users not being able to login or view the websites of the targeted exchanges.
Figure 2: Bitfinex status page
Bitcoin exchanges have also been the victim of multi-million dollar heists. In August, a Hong Kong-based Bitfinexv reported that hackers stole $71,000,000 USD. Last month, Bleeping Computersvi reported that South Korean bitcoin exchange Yapizon announced that their systems were breached and $5,500,000 USD was stolen.
DDoS attacks on bitcoin exchanges are not new. They happen oftenvii, but recent outages come at bitcoin’s peak and were followed by a decline in value after the attacks. Outages caused by a flood of traffic from legitimate users or malicious traffic prevent users from accessing their mobile apps, websites and API. As a result, these users panic as the price of the coin fluctuates while they are locked out.
Attack Types and Reasons for Concern
- Denial of Service
- Cyber-ransom
- User account seizure
Leading bitcoin exchanges typically excel in service availability, so much so that some users have turned into full-time traders, providing them a platform to store and trade thousands of dollars of cryptocurrency in real time. System overloads need to be avoided so that traders’ real-time market interactions are not interrupted. When a trading platform goes down, users are unable to access their wallets and fear that bitcoin’s value will fluctuate, resulting in the company suffering reputation damage.
Figure 3: Coinbase outage
Status Pages
What's Expected Next
Bitcoin is slowly becoming accepted around the world. With this acceptance comes more users and this demand puts a strain on the networks. Ramping and manipulations to influence the BTC/USD exchange are only the beginning; a high bandwidth attack from a botnet could take the exchange down. Some of these services are dealing with hundreds of thousands of requests at a time and can even fail from a burst of legitimate traffic as a result of a change in value.
In addition, as the value and popularity of the currency rises, Radware expects more ransomware and RDoSviii campaigns. Bitcoin is the preferred currency for cyber criminals on the Darknet and it’s also the currency of choice for extortionists. It is expected that as bitcoin continues to rise in value, cyber criminals will continue to rely on cryptocurrencies as a means for payment. The wallets and exchanges that house the currency will also be targeted at a persistent rate.
Bitcoin exchanges might experience denial-of-service attacks by hacktivists seeking to compromise or seize accounts. In the past, hacktivists groups such as Anonymous launched denial-of-service attacks against PayPal after refusing to process payment for Wikileaks.
Organizations Under Attack Should Consider
Effective DDoS protection solutions:
- A hybrid DDoS protection solution that combines on-premise detection and mitigation with cloud DDoS protection for volumetric attacks. It provides quick detection, immediate DDoS attack mitigation and prevents internet pipe saturation.
- Solution must distinguish between legitimate and malicious traffic, protect the SLA and block the attack.
- An integrated, synchronized DDoS protection solution that can protect from multi-vector attacks combining DDoS with web-based exploits such as website scraping, Brute Force and HTTP floods.
- A cyber-security emergency response plan that includes an emergency response team and DDoS protection solutions and process in place. Identify areas where help is needed from a third party.
Effective Web Application protection elements (against web intrusions, defacement and data leakage):
- IP-agnostic device fingerprinting – Having the ability to detect attacks beyond source-IP using by developing a device fingerprint that enables precise activity tracking over time
- Automatic and real time generation of policies to protect from Zero-day, unknown attacks
- Shortest time from deployment to a full coverage of OWASP Top-10
Radware's hybrid attack mitigation solution provides a set of patented and integrated technologies designed to detect, mitigate and report todays most advanced threats. Dedicated hardware and cloud based DDoS protection solutions protect against attacks in real time and help ensure service availability.
Under Attack and in Need of Expert Emergency Assistance? Radware Can Help.
Radware offers a service to help respond to security emergencies, neutralize the risk and better safeguard operations before irreparable damages occur. If you’re under DDoS attack or malware outbreak and in need of emergency assistance,
Contact us with the code "Red Button".
i
https://blog.radware.com/security/2016/07/bitcoin-exchanges-attack/
ii
https://www.coinbase.com/charts
iii
https://blog.radware.com/security/2017/06/smb-vulnerabilities-wannacry-adylkuzz-sambacry/
iv
https://www.infosecurity-magazine.com/news/worlds-largest-bitcoin-exchange/
v
https://www.bloomberg.com/news/articles/2016-08-05/hacked-bitcoin-exchange-says-it-will-spread-losses-among-users
vi
https://www.bleepingcomputer.com/news/security/hacked-south-korean-bitcoin-exchange-loses-5-5-million/
vii
https://themerkle.com/top-5-cryptocurrency-exchanges-hit-by-ddos-attacks/
viii
https://security.radware.com/ddos-threats-attacks/cyber-ransom-spring-2017/