Researchers from ETH Zurich and the Hebrew University have found how “internet routing attacks” and “malicious Internet Service Providers (ISPs)” can attack the Bitcoin network. In their research paper entitled “Hijacking Bitcoin: Routing Attacks on Cryptocurrencies”, they describe the attacks as well as countermeasures against them. The paper will be presented at the 2017 IEEE Symposium on security and privacy in May.
nternet Routing Attack Vector
There are already many known Bitcoin attack vectors such as double spending, the 51% attack, DDoS, eclipsing, and transaction malleability. However, the authors asserted that:
One important vector has been left out though: attacking the currency via the Internet routing infrastructure itself.
While a Bitcoin node can be run from anywhere on earth, the researchers found that most of them are hosted with a few ISPs. Specifically, they found that 13 ISPs host 30% of the entire Bitcoin network. In addition, 60% of all possible Bitcoin connections cross 3 ISPs.
“Together, these two characteristics make it relatively easy for a malicious ISP to intercept a lot of Bitcoin traffic,” they wrote, adding that “any third-party on the forwarding path can eavesdrop, drop, modify, inject, or delay Bitcoin messages such as blocks or transactions.”
Two Types of Attacks Warned
The paper then describes two types of attacks claimed to be practical and possible today.
The first is called a “Partition attack” which aims to partition the Bitcoin network or “completely disconnect a set of nodes from the network”. The second is called a “Delay attack” which aims to delay the propagation of new blocks to a set of Bitcoin nodes without disrupting their connections.
To determine their effects, the authors set up a network and initiated the attacks on themselves. They performed a hijack in the wild against their own Bitcoin nodes to learn the effect of a Partition attack. For a Delay attack, they used an interception software against their own Bitcoin nodes. They eventually came to the conclusion that:
The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending.
The paper offers various suggestions to combat the routing attacks of both kinds. While nothing is a cure for all attack types, the more countermeasures deployed, the more effective a defense Bitcoin users will have.
Both long and short-term countermeasures were suggested. Recommended strategies include increasing the diversity of node connections, selecting Bitcoin peers that are routed further away, monitoring round-trip communication times, and even encrypting all node traffic. The research team also proposes monitoring any other additional statistics so that deviations from normal behaviors can be immediately identified at each node.