8 August 2014

BGP Hijacker Steals Bitcoins

Andrew Mcconachie
By Andrew McconachieFormer Intern

Securing BGPResearchers at Dell’s Secureworks have uncovered multiple BGP incidents used to steal bitcoins. According to Secureworks, the attacker used a compromised administrator account at a yet undisclosed Canadian ISP.

With this account they were able to then inject BGP routes which redirected traffic from machines mining Bitcoins to the attacker’s compromised host. Secureworks estimates that at least $83,000 worth of Bitcoins, Dogecoins, HoboNickels, and Worldcoins were stolen over a period of 4 months.

Details such as the identity of the Canadian ISP or which routes were injected are not included in their report. However, there are two obvious technologies that would have prevented this attack. The first, and most obvious, is Border Gateway Protocol(BGP) security. Something like BGP Resource Public Key Infrastructure (RPKI) would have prevented the receiving BGP peer from accepting bogus routes. The second is Transport Layer Security(TLS) connections between the hosts controlling the *coin miners, and the miners themselves.

If either of these technologies had been deployed in this instance the attack would have been mitigated. The easier of the two is TLS, which only requires the two end-points to start encyrpting their peer-to-peer communications, and does not require anything of the intermediary ISPs. Had the miners been using TLS in this instance, the attacker would not have been able to steal Bitcoins. Instead merely interrupting service for the duration of the hijacking attempt.

The report also contains numerous neat graphics exaplaining how a BGP Man in the Middle(MITM) attack works. They unfortunately use routable IPs in their examples, but the graphics still convey the idea quite nicely.

BGP_Hijack

For more information about TLS, and developing secure applications, check out our page on TLS for Applications. Or visit the IETF’s Using TLS in Applications (UTA) working group.

For more information about Securing BGP, and Secure Inter-Domain routing(SIDR), check out our page on Securing BGP. Or visit the IETF’s Secure Inter-Domain Routing(SIDR) working group.

How the Internet Works, Improving Technical Security, Internet Technologies, Open Internet Standards, Rebuilding Trust, Security, To archive, Global,

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Recent Posts

Related Posts

Open Internet Standards 21 May 2026

On Global Accessibility Awareness Day, An Internet for Everyone Must Include Everyone 

Today, 21 May, marks the 15th Global Accessibility Awareness Day (GAAD)–a day dedicated to getting everyone talking, thinking, and learning about...

Open Internet Standards 19 May 2026

An Open Fiber Data Standard to Make the Internet for Everyone

The Open Fibre Data Standard is an open data, open standards initiative to develop and implement a common language...

Open Internet Standards 22 April 2026

Climate and Environmental Sustainability Within the IETF and IRTF

As we celebrate Earth Day 2026, what is the technical community—the people who actually build and operate the Internet—doing about climate and environmental sustainability?