Threat Alert: Bitcoin Exchanges and Websites Experiencing DDoS Attacks Over the last several months, our ERT Research team has noticed a growing trend of attackers targeting Bitcoin exchanges and websites that deal with Bitcoin directly.These websites are increasingly becoming the target of denial of service campaigns for a number of reasons.First, they are mainly targeted by extortionists, but they are also experiencing attacks from competition and user aggression.Bitcoin-related sites attract a lot of attention and demand from their users, but this also plays against them.This dedicated user base requires instant access and live updates about market conditions and the current value of Bitcoin.When these services go down, thousands of users are left locked out of their accounts, which can result in reputation damage or financial loss for their users.This is also why extortionists choose to target these sites; not only do they have Bitcoin on hand, but some are not willing to go offline even for a moment due to the fear of losing clients.

This year we have already seen a number of Bitcoin start-ups shut down due to persistent denial of service campaigns and data breaches.Coinkite Inc, a secure wallet service, was reported to have been the victim of a 3-year DDoS campaign that started one month after they launched in 2012.Both Coin Wallet and BitQuick were also forced to shut down following extensive data breaches on their network.[You might also like: The Rise of Booter and Stresser Services] There has also been a number of Bitcoin-related services that have been targeted with denial of service attacks over the last several months that did not result in a company shutdown.These companies include BitHope, Poloniex Exchange, Bitcoin, Classic Nodes, BitStamp, RushWallet, BitGo, BTC-e, CoinKite, BTCC, Indacoin and BitIt.Bitcoin is still an evolving currency that experiences peaks of high volatility sometimes caused by an attack.Digital currency can provide a more rewarding and alternative payment experience for users, but also creates a security risk for those who are managing large scale, connected exchanges.

Attacks on these networks can be hard to predict but should always be expected.Attacks against Bitcoin exchanges and marketplaces will continue to experience denial of service attacks at a persistent rate due to their user base alone.Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.Share this:Daniel Smith Daniel Smith is an information security researcher for Radware’s Emergency Response Team.He focuses on security research and risk analysis for network and application based vulnerabilities.bitcoin backingDaniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets.bitcoin armory watch onlyAs a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.ethereum video tutorial

The DDoS extortion criminal group, DD4BC, has been hunted ever since the group’s formation in July 2014 by their victims and law enforcement.One of their first victims, Bitalo Bitcoin Exchange, issued a 100 bitcoin bounty in November 2014 for information on the full and proven identity of the perpetrators.Additionally, an international cooperation of law enforcement has been tracking the group for over a year and a half.DD4BC’s luck finally ran out.12, Europol announced that one person has been arrested and another detained as part of Operation Pleiades, a cooperative investigation that included law enforcement agencies from Austria, Bosnia and Herzegovina, Germany, the UK and Europol.[switch poker bitcoinALSO ON CSO: Europol confirms raid against DDoS extortion ring DD4BC ]One would hope that the arrest would signal an end of DDoS extortion activity, but all signs point to a continuation of this type of behavior.etoro bitcoin trading

The vast majority of victims do not pay the ransom and choose to wait it out or strengthen their countermeasures, but just enough websites pay the ransom to make it worthwhile for the attackers.Copycats have already sprung up with similar methods and objectives to DD4BC.DD4BC’s (shorthand for “DDoS 4 Bitcoin”) methods were simple, but very effective: they would choose a victim, such as a financial institution or online gambling company, and launch a DDoS attack on the organization’s website.bitcoin verdienen videosThe DDoS attack, in most cases, would render the website inoperable or slow for visitors.bitcoin exchange swedenDD4BC would then email a ransom “note” demanding payment.local bitcoin to electrumThe ransom notes typically had the same attributes:There are not any public, confirmed cases of a company paying a ransom to DD4BC; after all, it could be very embarrassing and call the company’s security posture into question, and encourage additional attacks from copycats.bitcoin what is mh/s

However, many ransom notes have been made public and it is possible to track the payment of Bitcoin due to the nature of the cryptocurrency’s public ledger.It’s not entirely conclusive, but there is strong evidence that many website operators paid the ransom, according to a 2015 report on DD4BC released by Arbor Networks.[MORE ON CSO: Many ransomware victims plead with attackers ]Arbor Networks found that payments were regularly made to the Bitcoin wallets in the ransom notes; although small in monetary amount, they were steady enough to make the operation profitable.Considering that botnets that launch DDoS attacks can be leased very cheaply, the return on investment is attractive, even though the perpetrators are not likely to get rich.Copycats have already sprung up; one notable example is the Armada Collective’s attack against ProtonMail in November 2015.Their methods and objectives are a near facsimile of DD4BC’s and this attack is the only confirmed case of the victim paying the ransom.

ProtonMail came under sustained DDoS attack and received a ransom note promising to stop if the company paid.The company did pay - but the attacks did not stop.This appears to be because ProtonMail’s woes were made public, which led to even more copycat attackers joining in, hoping to get paid also.What should a company do if they are attacked and receive a ransom note?Roland Dobbins, principal engineer at Arbor Networks explains, “Organizations targeted in DDoS extortion attacks should never pay the extortionist - as we've seen on many occasions, the extortionist keeps coming back for additional payments, and others in the criminal underground will eventually hear that paying organizations are easy marks, as well, and they'll end up being constantly bombarded by DDoS attacks.”It may be tempting to just pay the ransom, to get the attackers to move on or to buy time to strengthen defenses, but this is not a good strategy.It’s best to build these type of attacks into risk models and incident response plans before they occur.