The Bitcoin Network Is Highly Susceptible to Internet Routing Attacks

Bitcoin and cryptocurrency users are often targeted by criminals. We have seen numerous attack vectors affecting this user base already. Whether it is phishing attacks, malware, ransomware, Trojans, or fake ICO projects, the number of threats out there should never be underestimated. According to a brand-new website, internet routing attacks may pose a significant threat to Bitcoin and other cryptocurrencies. Two specific types of attacks may cause a lot of issues in the future.

Internet Routing Attacks and Bitcoin

There are quite a few issues associated with Bitcoin which will cause problems sooner or later. One of these problems involves the centralized “hosting” of Bitcoin nodes. As one would expect, very few people run such a node on their own computer infrastructure at home. Instead, they generally use a VPS or other online solution to add a node to the network. While this is a valid approach, the vast majority of Bitcoin nodes are hosted on just 13 different ISPs. Considering that there are over 50,000 internet service providers worldwide, that is quite worrisome.

To make matters worse, the new website also claims that a large amount of Bitcoin network traffic passes through three different ISPs. That is quite a startling discovery, considering it pertains to almost 60% of all Bitcoin network traffic. This is an unacceptable situation for a cryptocurrency which prides itself on being a decentralized and global solution. A lot will need to change in order to prevent this centralization from becoming a big problem in the near future.

With so few ISPs effectively controlling the Bitcoin network – up to a certain degree – they could quite easily enforce a routing attack against the network. If that were to happen, this handful of ISPs could redirect traffic through fake announcements on the internet routing system. Hijacks are nothing new in the world of online connectivity, and they’ve been happening quite a lot as of late. Some of these attacks have (allegedly) affected the Bitcoin network already. In fact, around one hundred Bitcoin nodes are reportedly hijacked every single month. That is a very worrisome statistic that doesn’t bode well for Bitcoin whatsoever.

The site explains how two different attack vectors can be used to cripple the Bitcoin network. The first attack revolves around splitting the network into different components. Certain nodes would no longer be able to communicate with the rest of the network, creating a parallel blockchain. If this attack were successful, any blocks mined on the smaller “component” would be discarded with all of the transactions and miner revenue included. That would be an economic disaster if a lot of miners suddenly found themselves on the wrong blockchain.

A second type of attack might push the Bitcoin block time back by up to 20 minutes. Right now, network blocks are discovered roughly ten minutes apart, but a proper routing attack would push this time back to 30 minutes. We have seen multiple incidents where the Bitcoin network got clogged up despite normal block generation times. A delay in block time would only compound these problems and result in the network grinding to a halt at some point. Clearly, routing attacks are not to be trifled with whatsoever.

The big question is whether or not anyone will even attempt to pull off such an attack. The site’s researchers have released a prototype implementation of the block delay attack, which can be found on GitHub. For now, no ISP has actually tried to disrupt Bitcoin in a major way, but that doesn’t mean no one won’t do so in the future. A solution to the node problem must be found sooner rather than later, but that is much easier said than done at this point. Running a node should always be done on one’s home computer or capable device, rather than a VPS or centralized server.

  • Greg

    I suspect that as soon as mainstream brokerage firms start offering futures, funds, exchange services, et al, that they’d also want to run a node (or several) throughout their global network forests which (hopefully) would balance things out.

    Yet another sensationalist headline grabbing non story written by JDebunk

    • Eddie Offermann

      Indeed. The original website that posted the analysis seems to be responsible about it: security analysis is always welcome.

      This article would have been better off to take the high points from the source and subject it to analysis, noting that this isn’t something that would likely be accomplish by a hacker group or some script kiddies – this is the sort of hack that pretty much demands nationstate involvement. North Korea could force a hard fork of BTC within their own borders, for instance. A malicious ISP could block or reroute traffic – but we’re talking about malicious internet service providers at a bare minimum, and huge ones at that.

      It’s also worth noting that this isn’t a vulnerability of blockchain or any particular cryptocurrency but rather a vulnerability of the internet as a whole – and that IETF has a proposal specification for “BGPsec” that’s meant to provide authentication of such low level routing info. This wouldn’t necessarily restore service but might alert you when it happens to prevent sites masquerading or to alert the community that something’s afoot. This same vulnerability can be used to bring down Facebook, block Twitter, or prevent you from accessing your offshore bank account.

  • congressive

    People with valuable things are targeted by criminals? Ya don’t say…