Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

We study the impact that Internet routing attacks (such as BGP hijacks) and malicious Internet Service Providers (ISP) can have on the Bitcoin cryptocurrency. Because of the extreme efficiency of Internet routing attacks and the centralization of the Bitcoin network in few networks worldwide, we show that the following two attacks are practically possible today:

Partition attack: Any ISP can partition the Bitcoin network by hijacking few IP prefixes.
Delay attack: Any ISP carrying traffic from and/or to a Bitcoin node can delay its block propagation by 20 minutes while staying completely under the radar.

The potential damage to Bitcoin is worrying. Among others, these attacks could reduce miner's revenue and render the network much more susceptible to double spending. These attacks could also prevent merchants, exchanges and other large entities that hold bitcoins from performing transactions.

The purpose of our research is to inform the Bitcoin users and miners as well as suggest long and short-term countermeasures. Check our paper for more details.

Bitcoin hosting centralization makes it vulnerable to routing attacks

Although one can run a Bitcoin node anywhere on earth, the nodes that compose the network today are far from being spread uniformly around the globe.

Particularity, our results indicate that most of the Bitcoin nodes are hosted in few Internet Service providers (ISPs): 13 ISPs (0.026% of all ISPs) host 30% of the entire Bitcoin network (left graph).

Moreover, most of the traffic exchanged between Bitcoin nodes traverse few ISPs. Indeed, our results indicate that 60% of all possible Bitcoin connections cross 3 ISPs. In other words, 3 ISPs can see 60% of all Bitcoin traffic (right graph).

Together, these two characteristics make it relatively easy for a malicious ISP to intercept a lot of Bitcoin traffic.

Cumulative fraction of Bitcoin nodes as a function of the number of hosting ISPs (left). Cumulative fraction of all possible Bitcoin connections as a function of the number of ISPs that intercept them (right). Data was collected from 5 November 2015 to 15 November 2016.

Routing attacks are pervasive and do divert Bitcoin traffic

A BGP hijack is a routing attack in which an ISP diverts Internet traffic by advertising fake announcements in the Internet routing system.

Such attacks are frequent. Actually, our results indicate that up to hundreds of thousands of hijacks happen each month. Some of those events also affect a huge number of Internet destination: up to 30,000 IP prefixes (left graph).

These attacks already affect the Bitcoin network, today. Indeed, we found that, each month, at least 100 Bitcoin nodes are the victims of BGP hijacks, while 447 distinct nodes (∼8% of the Bitcoin nodes) ended up hijacked in November 2015 (right graph).

Number of bitcoin clients whose traffic is diverted by BGP hijacks per month (left). Number of hijack events per month (right). Data was collected from October 2015 to March 2016.

Attack#1: Routing attacks can partition Bitcoin into pieces

An attacker can use routing attacks to partition the network into two (or more) disjoint components. By preventing nodes within a component to communicate with nodes outside of it, the attacker forces the creation of parallel blockchains. After the attack stops, all blocks mined within the smaller component will be discarded together with all included transactions and the miners revenue.

Attack scenario:

  • Step 0: Nodes of the left and the right side of the network communicate via Bitcoin connections denoted by blue lines.
  • Step 1: The attacker wishes to split the network into two disjoint components: one on the left hand-side and one on the right hand-side.
  • Step 2: The attacker attracts the traffic destined to the left nodes by performing a BGP hijack.
  • Step 3: Soon after the hijack, all traffic sent from the right to the left side is forwarded through the attacker (red lines).
  • Step 4: The attacker cuts these connections, effectively partitioning the network into two pieces.
  • Step 5: During the attack, nodes within each side continue communicating with nodes of the same side.

Attack#2: Routing attacks can delay block delivery by 20 minutes

An attacker can use routing attacks to delay the delivery of a block to a victim node by 20 minutes while staying completely undetected. During this period the victim is unaware of the most recently mined block and the corresponding transactions. The impact of this attack varies depending on the victim. If the victim is a merchant, it is susceptible to double spending attacks. If it is a miner, the attack wastes its computational power. Finally, if the victim is a regular node, it is unable to contribute to the network by propagating the last version of the blockchain.

Attack scenario:

  • Step 0: Nodes A and B advertise the same block to the victim, node C.
  • Step 1: Node C requests the block via a GETDATA from node A. The attacker changes the content of the GETDATA such that it triggers the delivery of an older block from node A.
  • Step 2: The older block is delivered.
  • Step 3: Shortly before 20 minutes after the original block request made by node C, the attacker triggers its delivery by modifying another GETDATA message originated by C.
  • Step 4: The block is delivered just before the 20 minutes timeout. The victim does not disconnect from node A.

Publications

...

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Maria Apostolaki, Aviv Zohar, Laurent Vanbever

IEEE Symposium on Security and Privacy 2017. San Jose, CA , USA (May 2017).

Presentations

...

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

IEEE Symposium on Security and Privacy 2017. San Jose, CA , USA (May 2017).

Code

We release the following code on Github:

People

  • Maria Apostolaki, ETH Zürich
  • Aviv Zohar, Hebrew University,
  • Laurent Vanbever, ETH Zürich, lvanbever ethz ch