Researchers have found, what they claim is, a way to attack the bitcoin network using a weakness in the way the Internet operates.
The exploit, created by researchers at Swiss university for science and technology ETH Zurich, relies on the fact that a key piece of the Internet’s underlying technology, called the Border Gateway Protocol (BGP), is broken.
The Internet is a network of networks, known as autonomous systems (AS). BGP is used to route traffic between them. Most users will never need to use it, but your ISP needs it to tell traffic where to go.
This all works well, assuming your ISP is trustworthy. But, what happens if it isn’t? Like much of the rest of the Internet, BGP was developed by trusting souls; collegial types, interested in solving technical problems, but operating back then in a rarified environment largely devoid of criminal activity.
These engineers developed BGP, on the back of three napkins in 1989, to solve a routing problem for a network that was expanding quickly and experiencing growing pains. It was a short-term solution based on an honor system, for which no long-term replacement ever came. Read this excellent article for a more in-depth history.
Nearly 28 years later, in a network filled with ne’er do wells, attackers can do some nasty things using BGP. Some of them are accidental. Pakistan Telecom cut off YouTube to most of the Internet in 2008 when it tried using BGP to cut off traffic to YouTube. Unfortunately, the routing configuration it entered propagated across the world.
Attacks can be even more damaging if they’re intentional. BGP hijacking is common. It is a great way for an attacker with ulterior motives to get network traffic to pass through specific bits of the Internet that it might not otherwise see.
Totally forked
The researchers discovered that most of the traffic on the bitcoin network traverses a handful of ISPs. 60% of all bitcoin connections cross just three ISPs. Should one or more of those ISPs decide to hijack the traffic using BGP, they can engineer two kinds of attack, the paper warns.
The first temporarily carves the bitcoin network in two, by configuring BGP to cut connections between computers in the network. This is a problem for bitcoin’s blockchain algorithm, which relies on all computers reaching a consensus together and updating a network-wide shared ledger with the same information about bitcoin transactions.
Artificially creating two groups of machines means that each group will be working on its own ledger, and they will quickly become uncoordinated. In blockchain terminology, this is known as a fork, because it’s like a fork in a road – each group has happily taken its own path in the road, and there are now two.
The bitcoin network resolves forks when all computers can talk to each other again, at which point the ledger with the most transactions wins, and the alternative fork in the blockchain is discarded.
An attacker with BGP hijacking capability could use that situation to their advantage by transacting with someone in the smaller group – perhaps sending them some bitcoins in return for an online service – only to then collapse the fork and claim that the transaction never happened. This is known as a double spending attack.
There’s another attack, too. This one focuses on a single bitcoin node, and uses BGP hijacking to delay the delivery of bitcoin blocks.
The bitcoin network creates new blocks roughly every 10 minutes, and these contain the latest transactions that happened on the network. These blocks propagate throughout the network as individual nodes request them from others. This is how everyone on the network stays on the same page and understands who has sent bitcoins to whom.
Using BGP hijacking, an attacker could alter network routing to ensure that a victim requesting the latest bitcoin block receives an older block, which doesn’t show the latest transactions. The BGP hijacker would only allow the latest block through just short of 20 minutes later. This stops the victim from seeing the latest transactions on the network. Attackers can use this technique to spend bitcoins twice, or to disrupt the network by targeting large numbers of nodes, potentially altering the value of bitcoin by damaging confidence in the network.
Whereas network participants will eventually uncover the first attack, this second attack would go completely undetected, the researchers point out.
None of this is a fault in the bitcoin protocol per se. After all, the Internet and its associated protocols, such as BGP, are simply the rails on which bitcoin and many other services run. If anything, we can blame bitcoin’s economic patterns for exacerbating the problem. The concentration of bitcoin mining in China – well over half of all bitcoins are mined using Chinese mining pools – has gone a long way towards worsening what would otherwise be a theoretical issue.