/plushcap/analysis/cloudflare/bgp-leaks-and-crypto-currencies

BGP leaks and cryptocurrencies

What's this blog post about?

A BGP leak occurred on April 24, 2018, where an attacker attempted (and possibly succeeded) to steal cryptocurrencies using the leaked IP space. The Internet is composed of routes, and authorities are in charge of distributing IP addresses to avoid duplication. A BGP leak occurs when someone not allowed by the owner of the space announces IPs. This can be due to a configuration mistake or malicious intent. In this case, eNet Inc (AS10297) announced more specifics of Amazon routes from 11:05 to 13:03 UTC today. The BGP hijack affected AWS DNS and was against myetherwallet.com. The attacker stole Ethereum by using the login information they obtained through a phishing website hosted on Russian providers. Solutions for securing BGP include adding terms to RIR databases, setting up RPKI/ROA records, using DNSSEC, enabling HSTS, and utilizing DANE.

Company
Cloudflare

Date published
April 24, 2018

Author(s)
Louis Poinsignon

Word count
1345

Language
English

Hacker News points
196


By Matt Makai. 2021-2024.