In June 2016, an internet blackout occurred that left users across Europe stranded. Almost instantly, millions started to report slow connections with applications and web pages. Many had attributed the problem to a fault with the transatlantic cables of web provider TeliaSonera, due to complications with services such as WhatsApp, Reddit, and Slack. However, upon further investigation, it was found that the true culprit of Europe’s internet woes was a Telia engineer who’d misconfigured a key router and accidently redirected all of Europe’s internet traffic to Hong Kong.
This cataclysmic event has been equated to a routing attack: a vulnerability that exists courtesy of the Border Gateway Protocol (BGP), which is the standard protocol that designates how packets move on the internet. BGP was initially created in the fledgling years of the internet and was unfortunately designed to trust all received data. However, in order to capitalize upon BGP’s flaws, you need a large number of resources. In this case, Telia is a Tier 1 network provider and Internet Service Provider (ISP), and is one of fewer than 20 companies that provide basic internet services across Europe. This centralization of power is what turned the Telia engineer’s mishap into a continent-wide network outage. According to researchers, hundreds of thousands of these hijacks happen each month by both legitimate and malicious ISPs, and can affect many internet amenities, including blockchains.
In 2016, analysts announced the discovery of a new flaw in the Bitcoin protocol that makes the cryptocurrency susceptible to internet routing attacks – more specifically, BGP Hijacks. In the paper titled, “Hijacking Bitcoin: Routing Attacks on Cryptocurrencies,” the authors state:
“The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending.”
The heart of the attack occurs once Bitcoin nodes are compromised, as most nodes are only hosted on a select few ISPs. According to recent research, 13 ISPs (0.026 percent of all ISPs) host 30 percent of the Bitcoin network. However, it has been found that most of the connections between Bitcoin nodes cross only 3 ISPs – that’s 60 percent of all Bitcoin traffic!
“These attacks already affect the Bitcoin network, today. Indeed, we found that, each month, at least 100 Bitcoin nodes are the victims of BGP hijacks, while 447 distinct nodes (∼8% of the Bitcoin nodes) ended up hijacked in November 2015.”
Centralization Poses Risk
This centralization of power makes it trivial for a mischievous ISP to interrupt a large amount of Bitcoin traffic and conduct partition attacks and/or delay attacks upon the network. In a partition attack, the perpetrator splits the network into two or more fragmented components, forcing the creation of parallel blockchains and preventing nodes from communicating outside of their partitions. Upon completion of the attack, all mined blocks within the smaller component will be discarded, along with all miner revenue and transactions.
In a delay attack, assailants possess the ability to delay the delivery of blocks by 20 minutes without being detected. In the event that the victim is a merchant, the attack can lead to double spending. If the victim is a miner, the attack wastes the miner’s computational power. If the victim is a node, it will be unable to transmit the latest version of the blockchain and contribute to the network.
The Bitcoin blockchain is susceptible to these attacks because of the centralization of mining pools. Mining pools are employed by savvy entrepreneurs looking to cash in big on blockchain. Most consist of cooperating miners who agree to share block rewards proportional to their contributed hashing power. However, with the higher revenues that are provided by mining pools comes higher risk. A Reddit post from mid-2016 credits China with holding 82.4 percent of the Bitcoin hash power at the time. This is great for the thriving mining industry in China, but the centralization of power leaves the bitcoin blockchain vulnerable and jeopardizes the investments of millions.
While the current state of concern is focused on Bitcoin, other blockchains are not immune to these kinds of attacks. As demonstrated by the researchers, the most poignant of these cases occur in blockchains utilizing mining operations that run on Proof-of-Work systems. Ethereum and other blockchains need to maintain a proactive stance on the health, sustainability, and decentralization of their networks.