Bitcoin Exchanges Buckle Under DDoS Attacks

Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.

Mathew J. Schwartz, Contributor

February 12, 2014

5 Min Read
(Image: <a href="http://www.flickr.com/photos/zcopley/8337050500/sizes/l/" target="_blank">zcopley</a>)

The world's biggest bitcoin exchange Tuesday ceased offering withdrawals after it was subjected to what site administrators said was a distributed denial-of-service (DDoS) attack involving "mutant transactions."

BitStamp, which handles the world's biggest volume of bitcoin trades, said in a statement Tuesday that failsafe controls in its trading software "suspended processing bitcoin withdrawals due to inconsistent results reported by our bitcoin wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking."

Just what are transaction malleability attacks involving mutant transactions? According to a statement released Monday by Tokyo-based bitcoin exchange MtGox, transaction malleability involves a "design issue" that's well-known in the bitcoin community, but which "has been largely ignored," that could allow an attacker "to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash."

That analysis refers to the bitcoin ecosystem's reliance on the so-called bitcoin blockchain, which is meant to serve as a single record for all bitcoin transactions, including lists of which bitcoin addresses sent funds to other bitcoin addresses. All of those transactions are verified -- digitally signed -- using hashes, which in theory should be impossible to spoof.

[For more on recent DDoS activity, see DDoS Attack Hits 400 Gbit/s, Breaks Record.]

"But here's where malleability comes in," according to an overview of transaction malleability attacks published by CoinDesk. "The user's digital signatures used as part of the hash to 'sign' the transaction are meant to be in a certain format. That format wasn't always properly checked."

As a result, attackers can sometimes use a digital signature that's good enough to be accepted, but which produces an entirely different -- and still valid -- hash. Then the race is on, with the attacker attempting to get their mutant transaction committed to the bitcoin blockchain before the legitimate transaction gets added.

"Of course only one of the two transactions can be validated," according to MtGox. "However, if the party who altered the transaction is fast enough -- for example with a direct connection to different mining pools, or has even a small amount of mining power -- it can easily cause the transaction hash alteration to be committed to the blockchain." At that point, the attacker can cash in the on bitcoins they never owned.

While these mutant -- or malformed -- transaction attacks have been seen before, the volume of such attacks recently spiked, triggering denial-of-service conditions at multiple exchanges, starting Friday at MtGox, which halted bitcoin withdrawals after experiencing what it said was a technical issue.

Bitcoin exchange BTC likewise announced Tuesday that it had also temporarily suspended trading, and that some previous trades might take time to clear. "Due [to] DDOS on bitcoin network there is a delay possible with crediting of transactions madden between 10-11 February. Be patient please," BTC tweeted.

How can transaction malleability attacks be stopped? Gavin Andresen, chief scientist at the Bitcoin Foundation, said that the problem doesn't stem from some fundamental bitcoin security flaw, but rather relates to how bitcoin software has been implemented by bitcoin developers, exchanges, and digital wallet providers. "The issues that MtGox has been experiencing are due to an unfortunate interaction between MtGox's highly customized wallet software, their customer support procedures, and an obscure -- but long-known -- quirk in the way transactions are identified and not due to a flaw in the bitcoin protocol," he told the BBC.

MtGox echoed that assessment, saying that its developers are "working with the bitcoin core development team and others to mitigate this issue." Likewise, BitStamp said that "blocking the vulnerability should only require code-level improvements by exchanges," and said it was confident that "everything will be back to normal shortly."

Of course, these mutant transaction attacks are hardly the first hurdles to hit either the infrastructure used to process or store bitcoins, or bitcoin users themselves.

On the latter front, Apple-focused security site SecureMac Sunday warned that it discovered variants of the OS X malware CoinThief available for download via CNET's Download.com, as well as via MacUpdate.com.

"The malware is being distributed disguised as price tickers for bitcoin and litecoin -- another type of cryptocurrency -- which have been available on download.com since early December," SecureMac lead developer Nicholas Ptacek wrote in the alert. The latest variants of CoinThief -- named "Bitcoin Ticker TTM for Mac" and "Litecoin Ticker" -- are similar to previously seen versions, except for the addition of a new browser extension for Firefox.

Ptacek said that the malware had been downloaded just 57 times via Download.com, and 365 times via MacUpdate.com. As of Wednesday morning, furthermore, the malware had been excised from MacUpdate.com, but remained available for download via Download.com.

SecureMac first posted a warning about CoinThief Friday, saying that it had been billed as software -- named both as BitVanity and StealthBit -- for sending and receiving payments to bitcoin stealth addresses, and was available for free download, either as source code or a precompiled binary, from the GitHub code repository.

But the malware instead used malicious browser extensions to sniff all Internet traffic "looking specifically for login credentials for many popular bitcoin websites, including MtGox and BTC-e, as well as bitcoin wallet sites like blockchain.info," Ptacek said. "When login credentials are identified, such as when a user logs in to check their bitcoin wallet balance, another component of the malware then sends the information back to a remote server run by the malware authors."

Multiple thefts have been reported as a result of installing the malware, including Reddit user "allinfinite," who claimed to have lost about 20 bitcoins, which would have been valued at about $20,000, to the malware.

As of Monday, according to VirusTotal, only one antivirus product was detecting the malware, and only on Windows systems. By Wednesday, however, 16 out of 49 antivirus engines were detecting the malware.

Having a wealth of data is a good thing -- if you can make sense of it. Most companies are challenged with aggregating and analyzing the plethora of data being generated by their security applications and devices. This Dark Reading report, How Existing Security Data Can Help ID Potential Attacks, recommends how to leverage security data effectively in order to make informed decisions and spot areas of vulnerability. (Free registration required.)

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights