Share via


Guest Blog: Using DDoS Attacks to Manipulate Bitcoin pricing

The Bitcoin is a form of digital currency that was first launched back in 2009, and has slowly increased in prevalence across the web since. It’s now accepted by a fair few well known sites, including the Wordpress CMS. However, recent times have seen it gain more publicity following the revelation that financial speculators have been attracted to the currency, recognising it as a potentially lucrative investment opportunity. Unfortunately, this increased publicity has also led to the website being targeted by those seeking to disrupt its growth.

The attacks

In September of this year, the world’s 3rd largest Bitcoin exchange – BTC China – was subjected to a calculating and ruthless DDoS attack. Measured at 100Gbps, the assault was a substantial one, and it was only the actions of DDoS protection firm Incapsula that prevented the exchange being completely shut-down.

Rather than be focused on a DNS amplification style attack, the hackers instead made use of an SYN flood consisting of both small, high frequency and large-low-frequency packets. The technique’s aim was to exploit any security weaknesses within the exchanges’ DNS protocol. The fact that the attack didn’t show any signs of DNS reflection indicate that a large number of compromised servers must have been used. Indeed, the fact that a 50+ Gigabit attack was capable for lasting nine hours was unprecedented in itself.

Though the largest, this attack was not the first of its kind. In March, another 100 Gbps attack not making use use of DNS reflection was reported by Incapsula founder Marc Gaffan. Clearly, the Bitcoin Exchange has become a very viable target. Other Bitcoin Exchanges – including European payment processor BIPS, have also been hit. BIPS stated that they had been hacked to the tune of around 1,300 Bitcoins – or around a million dollar’s worth.

So what are the attackers hoping to achieve?

The general consensus amongst specialists in the sector is that the attacks were unleashed with the aim of disrupting the service. Mt. Gox – another company to be subjected to a DDoS attack, said that the aim was to cause panic buying of the currency.

The end aim, of course, is financial. The attackers will wait until the Bitcoin price reaches a particular value, sell up and then destabilise the exchange. Once everyone begins to panic sell and the price drops, the assaults then stop and the attackers are able to buy up and re-sell at a higher value later. Essentially, the attacks are used to manipulate the financial market.

What to take away from the attacks

Perhaps the key point to take away from the Bitcoin attacks is that DDoS attacks can be used by anyone and for any motive. (Indeed, recent evidence shows that some web users are even renting out the ability to carry out an attack in this form). Motives can be anything from personal vendetta (it’s believed that the initial attack on BTC China was down to an ex-partner) to simple financial gain. All websites that stand to lose out financially in the event of any attack should be investing substantially in their web security processes.

Ella Mason, an experienced freelance writer, wrote this article. Ella specialises in providing useful and engaging advice to small businesses. Follow her on Twitter @ellatmason