$83,000 in Bitcoin Stolen from Mining Pools

And about enough Dogecoin to buy a cup of coffee.

This week, the cryptocurrency watchdog group and all-around security gurus at the Dell SecureWorks Counter Threat Unit announced that several key Bitcoin mining pools had been plundered for the equivalent of around $83,000 over the course of two months, including an almost-forgettable sum of $2 in Dogecoin.

The attack was launched thanks to the help of the Border Gateway Protocol, which is famously difficult to trace, making it both a haven for hardcore miners and hackers alike.

According to the report, upwards of 50 separate networks were compromised, including those belonging to big name Bitcoin baggers such as Digital Ocean, OVH, and Amazon.

“The threat actor hijacked the mining pool, so many cryptocurrencies were impacted,” the researchers said. “The protocols make it impossible to identify exactly which ones, but CTU researchers have mapped activity to certain addresses.”

bitcoin

Photo: Dell SecureWorks

Researchers claim that while it’s impossible to gauge the exact amount pulled out of the pool during the breach due to the inherently anonymous nature of cryptocurrency, they do have tools available to them which enable their department to run rough estimates on how much was lifted out of the collective coffer while the hacker was in action from mid-Febraury to May of 2014.

“The threat actor hijacked the mining pool, so many cryptocurrencies were impacted,” the researchers write. “The protocols make it impossible to identify exactly which ones, but CTU researchers have mapped activity to certain addresses.”

Along with the Bitcoin breach, users reported a loss of several thousand Dogecoin, the alternative cryptocurrency first made popular on the website Reddit as an offhand joke, which eventually became an actually viable means of paying for minor purchases online. Of course, Dogecoin never took off in the same way that Bitcoin did (currently valued at $597 USD to 1 BTC), and altogether the amount stolen in Doge was worth less than the price of a grande mocha at your local Starbucks.

The attack was able to hijack user’s connections, and redirect them to a server located somewhere in Canada belonging to an unknown address that has yet to be tracked to any one individual in particular. CTU has floated a few theories as to who might have been behind the attack, including an ex-employee of the ISP who used his former position at the company to carefully monitor the traffic of his victims before launching his campaign against computers known to be active in the mining community.

Although the amount stolen in this latest attack is nothing to laugh at, CTU believe that BGP attacks won’t provide too much of a threat for ISPs in Canada, America, or the EU to worry about in the near future.

“BGP peering requires that both networks be manually configured and aware of one another. Requiring human interaction for proper configuration makes BGP peering reasonably secure, as ISPs will not peer with anyone without a legitimate reason. These hijacks and miner redirections would not have been possible without peer-to-broadcast routes.”