Security researchers have identified a weakness within cryptocurrencies and how they are are kept in mining pools, enabling funds to be stolen. Uncovered by the Dell SecureWorks Counter Threat Unit, the exploit has apparently already been utilized at least one time, with one attacker believed to have acquired roughly $83,000 while using the technique.
The attack utilized phony “Border Gateway Protocol” (BGP) broadcasts, an outside routing protocol usually utilized to permit networks to discover one another. The Register reports the attackers spoofed the broadcast to be able to route communications to their servers, rather than the legitimate mining servers hosted by Amazon, Digital Ocean, OVH, and other hosting sites. Instead of the mining pool issuing payouts for work accomplished, the rerouted traffic allowed the attacker to alternatively obtain the rewards. The team of experts discovered that another miner pool has lost nearly 8,000 Dogecoins (1Dogecoin = $1.53).
As many as 51 networks were affected by the exploit across 19 Internet providers, the research team cautioned.
The $83,000 attack had been a maintained campaign which survived between February and May of this year, and the researchers followed the broadcasts to an unnamed Canadian ISP’s router, the identity of the attacker continues to be undiscovered. Because of the nature of the attack, it is hypothesized it can easily be a rogue employee or an ex-employee of the ISP with an unchanged router password, or perhaps a malicious hacker.
BGP recommends to ISPs that they opt-in to the Resource Public Key Infrastructure, while pool servers can use the SSL protocol to avoid such redirection efforts.