BGP leaks and cryptocurrencies
A BGP leak occurred on April 24, 2018, where an attacker attempted (and possibly succeeded) to steal cryptocurrencies using the leaked IP space. The Internet is composed of routes, and authorities are in charge of distributing IP addresses to avoid duplication. A BGP leak occurs when someone not allowed by the owner of the space announces IPs. This can be due to a configuration mistake or malicious intent. In this case, eNet Inc (AS10297) announced more specifics of Amazon routes from 11:05 to 13:03 UTC today. The BGP hijack affected AWS DNS and was against myetherwallet.com. The attacker stole Ethereum by using the login information they obtained through a phishing website hosted on Russian providers. Solutions for securing BGP include adding terms to RIR databases, setting up RPKI/ROA records, using DNSSEC, enabling HSTS, and utilizing DANE.
Company
Cloudflare
Date published
April 24, 2018
Author(s)
Louis Poinsignon
Word count
1345
Language
English
Hacker News points
196