Over 140 BTC, the equivalent to nearly $84,000, was the sum “stolen” by a hacker that recently gained access to a Canadian internet provider and redirected the computing power of Bitcoin miners. The hack was discovered by security experts at the digital intelligence company Dell SecureWorks, who noticed something was wrong when their mining power started decreasing.
The researchers traced the activity back to the internet service provider in Canada. However, the name of the company is yet to be revealed. What is also still unclear is how the hacker gained access to the provider’s infrastructure in order to reroute the private mining power to another pool.
Pat Litke from Dell SecureWorks told The Guardian that the experts suspect the hacker might be a current or former employee at the Canadian company, although the possibility of an external hack is not out of the picture.
By gaining administrative access to a router at the ISP, they abused a service known as the Border Gateway Protocol (BGP) that is designed to connect different networks on the internet together. By compromising BGP functions at the ISP, the hacker was able to send traffic destined for a legitimate mining pool to his own pool.
SecureWorkds revealed that the hacker set up two different malicious pools. “By convincing the miners to connect to this second malicious pool rather than the original malicious pool, the hijacker filters out traffic that has already been hijacked so it is not hijacked again”, the researchers’ report confirmed.
The length of the attack is still not clear, as some of the affected Bitcoiners first complained about illicit activity on internet forums in March. But, according to Litke and other researchers, the attacks date back to February. The hack did not involve only Bitcoin, but also other cryptocurrencies such as Dogecoin, HoboNickels and WorldCoin.
Dell SecureWorks is now recommending that pool servers use the Secure Sockets Layer (SSL) encryption protocol in order to prevent new attacks.
Featured image: RR