Researchers discover serious Bitcoin routing attack that isolates Bitcoin network and blocks block propagation, leading to revenue loss and widespread vulnerabilities (paper download)

Researchers from the Swiss Federal Institute of Technology and the Hebrew University say they have discovered that "Internet routing attacks" and "malicious Internet service providers (ISPs)" can attack the Bitcoin network. The researchers have published a research paper: "Bitcoin Kidnapped: Routing Attacks on Cryptocurrencies" that describes these attacks and provides some countermeasures. The researchers will also present the paper at the "2017 IEEE Security and Privacy Symposium" in May this year.

We already know a lot about Bitcoin attack vectors, such as double spending, 51% attacks, DDoS, eclipsing, and transaction malleability. However, the authors of the paper assert:

“There is a significant attack vector that is being missed: attacking Bitcoin through the internet routing infrastructure itself.”

Although Bitcoin nodes can be run anywhere in the world, researchers found that most nodes are hosted using a small number of Internet Service Providers (ISPs). Specifically, they found that 13 ISPs host 30% of the nodes in the entire Bitcoin network. In addition, 60% of Bitcoin connections are through 3 ISPs.

The paper states:

“Taken together, these two features make it relatively easy for a malicious ISP to intercept large amounts of Bitcoin traffic. Any third party along the forwarding path can eavesdrop on, delete, modify, inject, or delay Bitcoin messages such as blocks or transactions.”

The paper warns against two of these types of attacks

The paper also describes two types of attacks that are said to be realistic at present. The first is called a " splitting attack " and aims to split the Bitcoin network or "completely disconnect some nodes from the network." The second is called a " delay attack " and aims to delay the propagation of new blocks to some Bitcoin nodes without interrupting the connection between blocks and nodes.

To determine the impact these attacks might have, the authors of the paper set up a network and simulated them. They hijacked their own nodes in natural conditions to understand the impact of the "splitting attack". For the "delay attack", they used an interception software against their own Bitcoin nodes. They ultimately concluded that:

“The potential damage these attacks could do to Bitcoin is worrisome. By isolating a portion of the Bitcoin network or preventing block propagation, attackers could cause a massive waste of mining power, which would lead to lost revenue and widespread vulnerabilities such as double spending.”

Possible countermeasures

The paper provides various recommendations to counter both types of routing attacks. While there is no cure for all attack types, the more countermeasures that are deployed, the more effective Bitcoin users’ defenses will be.

The paper offers several long-term and short-term recommendations, including increasing the diversity of node connections, choosing Bitcoin nodes that are routed farther away, monitoring round-trip communication times, and even encrypting all node traffic. The research team also suggests monitoring any additional statistics so that any deviation from normal behavior can be immediately identified.

View all countermeasures.