Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
We examine the influence that Internet routing attacks (such as BGP hijacks) and malicious Internet Service Providers (ISP) can have on the Bitcoin cryptocurrency. Because of the extreme efficiency of Internet routing attacks and the centralization of the Bitcoin network in few networks worldwide, we display that the following two attacks are practically possible today:
Partition attack: Any ISP can partition the Bitcoin network by hijacking few IP prefixes.
Delay attack: Any ISP carrying traffic from and/or to a Bitcoin knot can delay its block propagation by twenty minutes while staying downright under the radar.
The potential harm to Bitcoin is worrying. Among others, these attacks could reduce miner’s revenue and render the network much more susceptible to dual spending. These attacks could also prevent merchants, exchanges and other large entities that hold bitcoins from performing transactions.
The purpose of our research is to inform the Bitcoin users and miners as well as suggest long and short-term countermeasures. Check our paper for more details.
Bitcoin hosting centralization makes it vulnerable to routing attacks
Albeit one can run a Bitcoin knot anywhere on earth, the knots that compose the network today are far from being spread uniformly around the globe.
Particularity, our results indicate that most of the Bitcoin knots are hosted in few Internet Service providers (ISPs): thirteen ISPs (0.026% of all ISPs) host 30% of the entire Bitcoin network (left graph).
Moreover, most of the traffic exchanged inbetween Bitcoin knots traverse few ISPs. Indeed, our results indicate that 60% of all possible Bitcoin connections cross three ISPs. In other words, three ISPs can see 60% of all Bitcoin traffic (right graph).
Together, these two characteristics make it relatively effortless for a malicious ISP to intercept a lot of Bitcoin traffic.
Cumulative fraction of Bitcoin knots as a function of the number of hosting ISPs (left). Cumulative fraction of all possible Bitcoin connections as a function of the number of ISPs that intercept them (right). Data was collected from five November two thousand fifteen to fifteen November 2016.
Routing attacks are pervasive and do divert Bitcoin traffic
A BGP hijack is a routing attack in which an ISP diverts Internet traffic by advertising fake announcements in the Internet routing system.
Such attacks are frequent. Actually, our results indicate that up to hundreds of thousands of hijacks happen each month. Some of those events also affect a ample number of Internet destination: up to 30,000 IP prefixes (left graph).
These attacks already affect the Bitcoin network, today. Indeed, we found that, each month, at least one hundred Bitcoin knots are the victims of BGP hijacks, while four hundred forty seven distinct knots (∼8% of the Bitcoin knots) ended up hijacked in November two thousand fifteen (right graph).
Number of bitcoin clients whose traffic is diverted by BGP hijacks per month (left). Number of hijack events per month (right). Data was collected from October two thousand fifteen to March 2016.
Attack#1: Routing attacks can partition Bitcoin into chunks
An attacker can use routing attacks to partition the network into two (or more) disjoint components. By preventing knots within a component to communicate with knots outside of it, the attacker compels the creation of parallel blockchains. After the attack stops, all blocks mined within the smaller component will be discarded together with all included transactions and the miners revenue.
- Step 0: Knots of the left and the right side of the network communicate via Bitcoin connections denoted by blue lines.
- Step 1: The attacker wishes to split the network into two disjoint components: one on the left hand-side and one on the right hand-side.
- Step Two: The attacker attracts the traffic destined to the left knots by performing a BGP hijack.
- Step Trio: Soon after the hijack, all traffic sent from the right to the left side is forwarded through the attacker (crimson lines).
- Step Four: The attacker cuts these connections, effectively partitioning the network into two lumps.
- Step Five: During the attack, knots within each side proceed communicating with knots of the same side.
Attack#Two: Routing attacks can delay block delivery by twenty minutes
An attacker can use routing attacks to delay the delivery of a block to a victim knot by twenty minutes while staying downright undetected. During this period the victim is unaware of the most recently mined block and the corresponding transactions. The influence of this attack varies depending on the victim. If the victim is a merchant, it is susceptible to dual spending attacks. If it is a miner, the attack wastes its computational power. Ultimately, if the victim is a regular knot, it is incapable to contribute to the network by propagating the last version of the blockchain.
- Step 0: Knots A and B advertise the same block to the victim, knot C.
- Step 1: Knot C requests the block via a GETDATA from knot A. The attacker switches the content of the GETDATA such that it triggers the delivery of an older block from knot A.
- Step Two: The older block is delivered.
- Step Trio: Shortly before twenty minutes after the original block request made by knot C, the attacker triggers its delivery by modifying another GETDATA message originated by C.
- Step Four: The block is delivered just before the twenty minutes timeout. The victim does not disconnect from knot A.
Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one significant vector has been left out however: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic.
This paper presents the very first taxonomy of routing attacks and their influence on Bitcoin, considering both small-scale attacks, targeting individual knots, and large-scale attacks, targeting the network as a entire. While challenging, we display that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ∼50% of the mining power—even when considering that mining pools are powerfully multi-homed. We also demonstrate that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages.
We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data.
The potential harm to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a broad range of exploits such as dual spending. To prevent such effects in practice, we provide both brief and long-term countermeasures, some of which can be deployed instantly.