On September 10th a massive DDOS attack began against several hosting companies that are known for hosting various cryptocurrency sites and several cryptocurrency sites who are hosting sites themselves.
Coin Fire, Chain Radio, Free Talk Live, Bitcoin PR, Silk Road 2.0, Agora, and many other sites were knocked offline after a sustained DDOS attack began against several routers and DNS systems. The attack which bypassed CloudFlare entirely and instead focusing on the root hosting providers connections was able to bring several sites offline.
Several stay offline this morning after over five days of sustained attack.
Coin Fire was among those sites who were initially hit very hard and after several hours and working in to the middle of the night we were unable to bring things back online until we worked directly with the CloudFlare Enterprise team to devise a solution that would allow us to work with our provider on bringing our site back online at least via a cached mode before bringing it fully back online.
The attacks are still ongoing via a new attack vector once again going directly after the routers and equipment in the provider’s space. This was quickly once again resolved for Coin Fire but several sites still stay offline at the time this feature is going to press including Chain Radio.
This wasn’t your standard script kiddie method of madness but rather a concentrated, direct and hard hitting DDOS attack against the very routing equipment and servers that provide bandwidth services for a range of cryptocurrency sites.
We spoke with several technical teams about the DDOS attacks at various cryptocurrency sites.
Rockstar at Chain Radio reported that Chain Radio was still offline as all four of the streaming servers they are using to broadcast are being attacked directly.
We’ve worked for the past several days to attempt to bring our station back online but these attacks are extremely advanced and direct to our streaming machines. Unlike most websites we can’t place our streaming servers behind the protection of CloudFlare and to be honest with you it seems that CloudFlare is having difficulty protecting sites behind the company’s protection at this time as well.
We believe we have a solution to this massive attack and are preparing to roll it out and bring things online but I don’t want to go in to specifics right now as we want to be sure we have resolved the issue before showing our cards.
– Rockstar at Chain Radio
At the time we published this article Chain Radio remains offline due to the DDOS attack with the website being sustained by an advanced caching system with CloudFlare. Coin Fire has donated an Enterprise subscription to Chain Radio of CloudFlare service to the station to bring it back online soon and the station has reached out to law enforcement for help about the attacks.
Justin at Bitcoin PR Network also reported the DDOS had brought the group’s site offline who was also using CloudFlare’s free service.
This has to be the most advanced DDOS attack we have seen to date. The attack vector used completely bypasses all protection that CloudFlare offers with a basic plan. We spent the entire weekend fighting the attack instead of working with our clients and this attack has cost us a significant level of business. The attackers initially sent a ransom demand but we of refused to make a payment and within a few hours the attacks started and were sustained.
In the end we still didn’t pay the ransom but we did upgrade to the highest level of CloudFlare service and worked directly with our hosting provider to protect ourselves against the attack. For security purposes CloudFlare and our hosting company have asked us to not show the attack vector used as fears are that due to the sophistication of this attack it could be used to bring down even more sites and the current level of work required to defend against it is so high.
– Justin at Bitcoin PR Network
Silk Road 2.0 has also been under a very similar attack. The administrator’s for Silk Road 2.0 have stated this is the most advanced DDOS attack they have seen to date.
Defcon posted some updates as the attack began stating:
We are facing a very sophisticated DDoS attack, the most advance methods we have faced yet.
The dev team is working around the clock to get marketplace service restored, as well as watch the security of our systems closely.
Much of the downtime you have seen is intentional on our part: if this is an attempt to locate our servers through packet analysis, we do not want to make it easy for our adversary and would rather be offline while we adapt our defenses.
We apologize for the inconvenience, thank you for your patience as we rush to remedy the situation.
As the team worked to restore the hidden service Defcon posted the following update:
After days of analysis and incredible work by the dev team, we are now successfully filtering a large portion of the inbound traffic flood.
We consider this a partial restoration of service. The marketplace is still slow, but it should be loading much more consistently now.
Keep in mind that any time Silk Road is offline for more than a day, users rush our withdrawal system with requests. We always expect withdrawal delays to occur immediately after we recover from downtime, for this reason. The withdrawal queue is currently processing requests, but there are many being submitted. As always, contact support if you ever see a withdrawal delayed for more than 12 hours.
This battle is not yet won, but we are online.
To the attackers: DDoSing us is a pointless waste of everyone’s time. Compete with us fairly. We will not touch your servers.
The attacks on cryptocurrency sites have yet to relent and many in the community have begun questioning who has the resources and the desire to bring so many sites offline in such a massive and concentrated effort.
Coin Fire has worked actively with law enforcement, and the CloudFlare Enterprise team in determining the best course of action to counter these attacks and how to prevent further attacks in the near future.
Latest posts by Coin Fire (see all)
- Film Distributor Lionsgate Accepting Bitcoin - October 6, 2015
- Federal Investigations of Cryptsy Underway - October 4, 2015
- Security Alert: Used Cloudminr.io? Change ALL Passwords. More than 79 thousand users impacted. - July 13, 2015