A joint project by ETH Zurich and Aviv Zohar of the Hebrew University in Israel has shown how the crypt-currency can be attacked via the internet’s routing structure.
The purpose of the research is to inform Bitcoin users and miners as well as to start a discussion on how the security of the ecosystem can be increased.
The two kinds of attack studied were internet routing attacks (such as BGP hijacks) and malicious Internet Service Providers (ISP).
Let’s look at these two kinds of attack in more detail.
Hosting centralisation vulnerability
The main security threat to the Bitcoin blockchain comes from the fact that most of the Bitcoin nodes are hosted by a few ISPs. According to the research, 13 ISPs (or around 0.026% of total ISPs available) currently host 30% of the whole Bitcoin network.
As well as hosting, the majority of the traffic exchanged between Bitcoin nodes goes through an even smaller number of ISPs. 60% of all possible Bitcoin connections cross 3 ISPs, meaning these 3 ISPs can see nearly two thirds of all Bitcoin traffic.
The research points towards the possibility of a malicious ISP being able to intercept a large portion of Bitcoin traffic.
A ‘BGP hijack’ is a routing attack in which an ISP diverts traffic by advertising fake announcements in the internet routing system. These kinds of attacks are already affecting the Bitcoin network, with at least 100 Bitcoin nodes being subject to BGP hijacks in November 2015.
The first kind of routing attack that Bitcoin is particularly vulnerable to, according to the research, is partition attacks.
Here, an attacker attempts to partition the network into two or more distinct components. This will stop the nodes within each component from being able to communicate with nodes in other components.
The attacker can then force the creation of parallel blockchains. When the attack is over, all of the blocks mined in the smaller components will be discarded.
The other kind of routing attack highlighted by the research are delay attacks.
The aim here is to delay the delivery of a block by a set amount of time while making sure it stays undetected. During this delay, the victim will not be able to see the most recently mined blocks or corresponding transactions.
This delay could lead to double spending attacks for merchants or wasting the computational power of miners. If the victim is a regular node, they will be unable to propagate the latest version of the blockchain.
You can read the research and check out the paper here.