Threat Alert: Bitcoin Exchanges and Websites Experiencing DDoS Attacks
Over the last several months, our ERT Research team has noticed a growing trend of attackers targeting Bitcoin exchanges and websites that deal with Bitcoin directly. These websites are increasingly becoming the target of DDoS attacks for a number of reasons. First, they are mainly targeted by extortionists, but they are also experiencing attacks from competition and user aggression.
Bitcoin-related sites attract a lot of attention and demand from their users, but this also plays against them. This dedicated user base requires instant access and live updates about market conditions and the current value of Bitcoin. When these services go down, thousands of users are left locked out of their accounts, which can result in reputation damage or financial loss for their users. This is also why extortionists choose to target these sites; not only do they have Bitcoin on hand, but some are not willing to go offline even for a moment due to the fear of losing clients.
This year we have already seen a number of Bitcoin start-ups shut down due to persistent denial of service campaigns and data breaches. Coinkite Inc, a secure wallet service, was reported to have been the victim of a 3-year DDoS campaign that started one month after they launched in 2012. Both Coin Wallet and BitQuick were also forced to shut down following extensive data breaches on their network.
There has also been a number of Bitcoin-related services that have been targeted with denial of service attacks over the last several months that did not result in a company shutdown. These companies include BitHope, Poloniex Exchange, Bitcoin, Classic Nodes, BitStamp, RushWallet, BitGo, BTC-e, CoinKite, BTCC, Indacoin and BitIt.
Bitcoin is still an evolving currency that experiences peaks of high volatility sometimes caused by an attack. Digital currency can provide a more rewarding and alternative payment experience for users, but also creates a security risk for those who are managing large scale, connected exchanges. Attacks on these networks can be hard to predict but should always be expected. Attacks against Bitcoin exchanges and marketplaces will continue to experience denial of service attacks at a persistent rate due to their user base alone.
Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.