Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies

Bitcoin is without a doubt the most successful cryptocurrency in circulation today, making it an extremely valuable target for attackers. Indeed, many studies have highlighted ways to compromise one or several Bitcoin nodes. In this paper, we take a different perspective and study the effect of large-scale network-level attacks such as the ones that may be launched by Autonomous Systems (ASes). We show that attacks that are commonly believed to be hard, such as isolating 50% of the mining power, are actually within the reach of anyone with access to a BGP-enabled network and hijacking less than 900 prefixes. Once on path, AS-level adversaries can then partition the Bitcoin network or delay block propagation significantly. The key factors that enable these attacks are the extreme centralization of Bitcoin, both from a routing and a mining perspective, along with the fact that Bitcoin messages are sent unencrypted, without integrity guarantees. We demonstrate the feasibility of large-scale attacks in practice against the deployed Bitcoin software and quantify their disruptive network-wide impact. The potential damage to Bitcoin is severe. By isolating a part of the network or delaying the propagation of blocks, network-level attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of attacks such as double spending. We provide several suggestions on approaches to mitigate such attacks employing both short-term and long-term measures.

[1]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM.

[2]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[3]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[4]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[5]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.

[6]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[7]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[8]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[9]  Lixia Zhang,et al.  BGPmon: A Real-Time, Scalable, Extensible Monitoring System , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[10]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[11]  Hubert Ritzdorf,et al.  Tampering with the Delivery of Blocks and Transactions in Bitcoin , 2015, IACR Cryptol. ePrint Arch..

[12]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[13]  Andrew Miller,et al.  Discovering Bitcoin ’ s Public Topology and Influential Nodes , 2015 .

[14]  Alexandra Boldyreva,et al.  Provable security of S-BGP and other path vector protocols: model, analysis and extensions , 2012, IACR Cryptol. ePrint Arch..

[15]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[16]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[17]  Nick Feamster,et al.  Location diversity in anonymity networks , 2004, WPES '04.

[18]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[19]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[20]  Sharon Goldberg,et al.  How secure are secure interdomain routing protocols , 2010, SIGCOMM '10.

[21]  Aviv Zohar Bitcoin , 2015, Commun. ACM.

[22]  Steven J. Murdoch,et al.  Sampled Traffic Analysis by Internet-Exchange-Level Adversaries , 2007, Privacy Enhancing Technologies.

[23]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[24]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[25]  Ghassan O. Karame,et al.  Is Bitcoin a Decentralized Currency? , 2014, IEEE Security & Privacy.

[26]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[27]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[28]  Hannes Hartenstein,et al.  A simulation model for analysis of attacks on the Bitcoin peer-to-peer network , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[29]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[30]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.