Researchers have found, what they claim is, a way to attack the bitcoin network using a weakness in the way the Internet operates.
The exploit, created by researchers at Swiss university for science and technology ETH Zurich, relies on the fact that a key piece of the Internet’s underlying technology, called the Border Gateway Protocol (BGP), is broken.
The Internet is a network of networks, known as autonomous systems (AS). BGP is used to route traffic between them. Most users will never need to use it, but your ISP needs it to tell traffic where to go.
This all works well, assuming your ISP is trustworthy. But, what happens if it isn’t? Like much of the rest of the Internet, BGP was developed by trusting souls; collegial types, interested in solving technical problems, but operating back then in a rarified environment largely devoid of criminal activity.
These engineers developed BGP, on the back of three napkins in 1989, to solve a routing problem for a network that was expanding quickly and experiencing growing pains. It was a short-term solution based on an honor system, for which no long-term replacement ever came. Read this excellent article for a more in-depth history.
Nearly 28 years later, in a network filled with ne’er do wells, attackers can do some nasty things using BGP. Some of them are accidental. Pakistan Telecom cut off YouTube to most of the Internet in 2008 when it tried using BGP to cut off traffic to YouTube. Unfortunately, the routing configuration it entered propagated across the world.
Attacks can be even more damaging if they’re intentional. BGP hijacking is common. It is a great way for an attacker with ulterior motives to get network traffic to pass through specific bits of the Internet that it might not otherwise see.
The researchers discovered that most of the traffic on the bitcoin network traverses a handful of ISPs. 60% of all bitcoin connections cross just three ISPs. Should one or more of those ISPs decide to hijack the traffic using BGP, they can engineer two kinds of attack, the paper warns.
The first temporarily carves the bitcoin network in two, by configuring BGP to cut connections between computers in the network. This is a problem for bitcoin’s blockchain algorithm, which relies on all computers reaching a consensus together and updating a network-wide shared ledger with the same information about bitcoin transactions.
Artificially creating two groups of machines means that each group will be working on its own ledger, and they will quickly become uncoordinated. In blockchain terminology, this is known as a fork, because it’s like a fork in a road – each group has happily taken its own path in the road, and there are now two.
The bitcoin network resolves forks when all computers can talk to each other again, at which point the ledger with the most transactions wins, and the alternative fork in the blockchain is discarded.
An attacker with BGP hijacking capability could use that situation to their advantage by transacting with someone in the smaller group – perhaps sending them some bitcoins in return for an online service – only to then collapse the fork and claim that the transaction never happened. This is known as a double spending attack.
There’s another attack, too. This one focuses on a single bitcoin node, and uses BGP hijacking to delay the delivery of bitcoin blocks.
The bitcoin network creates new blocks roughly every 10 minutes, and these contain the latest transactions that happened on the network. These blocks propagate throughout the network as individual nodes request them from others. This is how everyone on the network stays on the same page and understands who has sent bitcoins to whom.
Using BGP hijacking, an attacker could alter network routing to ensure that a victim requesting the latest bitcoin block receives an older block, which doesn’t show the latest transactions. The BGP hijacker would only allow the latest block through just short of 20 minutes later. This stops the victim from seeing the latest transactions on the network. Attackers can use this technique to spend bitcoins twice, or to disrupt the network by targeting large numbers of nodes, potentially altering the value of bitcoin by damaging confidence in the network.
Whereas network participants will eventually uncover the first attack, this second attack would go completely undetected, the researchers point out.
None of this is a fault in the bitcoin protocol per se. After all, the Internet and its associated protocols, such as BGP, are simply the rails on which bitcoin and many other services run. If anything, we can blame bitcoin’s economic patterns for exacerbating the problem. The concentration of bitcoin mining in China – well over half of all bitcoins are mined using Chinese mining pools – has gone a long way towards worsening what would otherwise be a theoretical issue.
3 comments on “Internet routing weakness could cost Bitcoin users”
That’s interesting, but it has nothing to do with BGP really. You can use any Routing Protocol and other applications to affect network traffic, depending on whatever the ISP uses to communicate with other ISPs/it’s Clients and internally. While it must use BGP to affect incoming traffic from other networks, it does not need to for outgoing traffic. Also If you use BGP to change the outgoing or incoming traffic path from and to other ISPs it will affect ALL traffic for the subnets for which the path was changed.
Therefor, it will not only take the Bitcoin update 10min longer than it should, it will also take the YouTube cat video 10min longer to load. In addition to that, you cannot (or should not be able to) advertise subnets smaller than /24 through BGP. Meaning you cannot change the incoming routing path (from the ISPs view) for less than a /24 subnet.
To effectively change the routing path for Bitcoin traffic, the ISP would need to be able to identify BitCoin network traffic. As BitCoin uses Port 8333 that’s easily done, but it’s also quite easy to use a VPN to circumvent your ISP. If the traffic has been identified it is possible to affect it in any imaginable and unimaginable way, without relying on BGP.
In addition to that it is important to know that anyone can look at different BGP routing tables.
You do not need to be a network engineer at an ISP, you can use so called Looking Glasses to see how the BGP routing table looks in different parts of the world from the view of different entities. That also means that BGP path manipulations are not a very stealthy way of subversively affecting BitCoin traffic 🙂
This has, in my opinion, nothing to do with BGP. BGP is just one tool ISPs use to affect traffic, but there are many more, much more granular and more powerful tools to affect the traffic.
Please ignore the bit about BGP changes affecting all traffic, that is not necessarily true.
Additionally I’d like to add the fact that BGP is indeterministic. It is not possible to reliably predict the effect of routing changes made through BGP (for examples see RFC 4264). One reason more not to use BGP for such an attack. In addition to all of this one has to remember that the global BGP IPv4 routing table contains millions of entries. So changes made to BGP could take many minutes to propagate… This does not sound like an effective attack method to me.
just wait for multiple confirmations (like one always should) and these problems are gone.