Attacks/Breaches
2/12/2014
12:43 PM
Connect Directly
RSS
E-Mail
50%
50%

Bitcoin Exchanges Buckle Under DDoS Attacks

Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users.

The world's biggest bitcoin exchange Tuesday ceased offering withdrawals after it was subjected to what site administrators said was a distributed denial-of-service (DDoS) attack involving "mutant transactions."

BitStamp, which handles the world's biggest volume of bitcoin trades, said in a statement Tuesday that failsafe controls in its trading software "suspended processing bitcoin withdrawals due to inconsistent results reported by our bitcoin wallet, caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking."

Just what are transaction malleability attacks involving mutant transactions? According to a statement released Monday by Tokyo-based bitcoin exchange MtGox, transaction malleability involves a "design issue" that's well-known in the bitcoin community, but which "has been largely ignored," that could allow an attacker "to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash."

That analysis refers to the bitcoin ecosystem's reliance on the so-called bitcoin blockchain, which is meant to serve as a single record for all bitcoin transactions, including lists of which bitcoin addresses sent funds to other bitcoin addresses. All of those transactions are verified -- digitally signed -- using hashes, which in theory should be impossible to spoof.

[For more on recent DDoS activity, see DDoS Attack Hits 400 Gbit/s, Breaks Record.]

"But here's where malleability comes in," according to an overview of transaction malleability attacks published by CoinDesk. "The user's digital signatures used as part of the hash to 'sign' the transaction are meant to be in a certain format. That format wasn't always properly checked."

As a result, attackers can sometimes use a digital signature that's good enough to be accepted, but which produces an entirely different -- and still valid -- hash. Then the race is on, with the attacker attempting to get their mutant transaction committed to the bitcoin blockchain before the legitimate transaction gets added.

"Of course only one of the two transactions can be validated," according to MtGox. "However, if the party who altered the transaction is fast enough -- for example with a direct connection to different mining pools, or has even a small amount of mining power -- it can easily cause the transaction hash alteration to be committed to the blockchain." At that point, the attacker can cash in the on bitcoins they never owned.

While these mutant -- or malformed -- transaction attacks have been seen before, the volume of such attacks recently spiked, triggering denial-of-service conditions at multiple exchanges, starting Friday at MtGox, which halted bitcoin withdrawals after experiencing what it said was a technical issue.

Bitcoin exchange BTC likewise announced Tuesday that it had also temporarily suspended trading, and that some previous trades might take time to clear. "Due [to] DDOS on bitcoin network there is a delay possible with crediting of transactions madden between 10-11 February. Be patient please," BTC tweeted.

(Image: zcopley)
(Image: zcopley)

How can transaction malleability attacks be stopped? Gavin Andresen, chief scientist at the Bitcoin Foundation, said that the problem doesn't stem from some fundamental bitcoin security flaw, but rather relates to how bitcoin software has been implemented by bitcoin developers, exchanges, and digital wallet providers. "The issues that MtGox has been experiencing are due to an unfortunate interaction between MtGox's highly customized wallet software, their customer support procedures, and an obscure -- but long-known -- quirk in the way transactions are identified and not due to a flaw in the bitcoin protocol," he told the BBC.

MtGox echoed that assessment, saying that its developers are "working with the bitcoin core development team and others to mitigate this issue." Likewise, BitStamp said that "blocking the vulnerability should only require code-level improvements by exchanges," and said it was confident that "everything will be back to normal shortly."

Of course, these mutant transaction attacks are hardly the first hurdles to hit either the infrastructure used to process or store bitcoins, or bitcoin users themselves.

On the latter front, Apple-focused security site SecureMac Sunday warned that it discovered variants of the OS X malware CoinThief available for download via CNET's Download.com, as well as via MacUpdate.com.

"The malware is being distributed disguised as price tickers for bitcoin and litecoin -- another type of cryptocurrency -- which have been available on download.com since early December," SecureMac lead developer Nicholas Ptacek wrote in the alert. The latest variants of CoinThief -- named "Bitcoin Ticker TTM for Mac" and "Litecoin Ticker" -- are similar to previously seen versions, except for the addition of a new browser extension for Firefox.

Ptacek said that the malware had been downloaded just 57 times via Download.com, and 365 times via MacUpdate.com. As of Wednesday morning, furthermore, the malware had been excised from MacUpdate.com, but remained available for download via Download.com.

SecureMac first posted a warning about CoinThief Friday, saying that it had been billed as software -- named both as BitVanity and StealthBit -- for sending and receiving payments to bitcoin stealth addresses, and was available for free download, either as source code or a precompiled binary, from the GitHub code repository.

But the malware instead used malicious browser extensions to sniff all Internet traffic "looking specifically for login credentials for many popular bitcoin websites, including MtGox and BTC-e, as well as bitcoin wallet sites like blockchain.info," Ptacek said. "When login credentials are identified, such as when a user logs in to check their bitcoin wallet balance, another component of the malware then sends the information back to a remote server run by the malware authors."

Multiple thefts have been reported as a result of installing the malware, including Reddit user "allinfinite," who claimed to have lost about 20 bitcoins, which would have been valued at about $20,000, to the malware.

As of Monday, according to VirusTotal, only one antivirus product was detecting the malware, and only on Windows systems. By Wednesday, however, 16 out of 49 antivirus engines were detecting the malware.

Having a wealth of data is a good thing -- if you can make sense of it. Most companies are challenged with aggregating and analyzing the plethora of data being generated by their security applications and devices. This Dark Reading report, How Existing Security Data Can Help ID Potential Attacks, recommends how to leverage security data effectively in order to make informed decisions and spot areas of vulnerability. (Free registration required.)

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jupiter
100%
0%
jupiter,
User Rank: Apprentice
2/18/2014 | 1:15:57 PM
Re: Recourse?
What you're suggesting requires the abiilty to trace the source of Bitcoins that someone is trying to use. But that's impossible precisely because Bitcoins are designed to be untraceable under such circumstances, which is also a reason why criminals are attracted to it. Personally, I think there are enough downsides to owning Bitcoins that its current valuation is not sustainable over long term. That is, the demand will not remain high enough to continue to support the valuation, especially if there are more stories of Bitcoin robberies or accidental losses.
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
2/13/2014 | 9:03:45 AM
Re: Bitcoin pricing
DDoS also attack on LiquidVPN and affected one of Liquid VPN authorization servers and their main database used for authorization has failed.
Whoopty
50%
50%
Whoopty,
User Rank: Strategist
2/13/2014 | 8:54:05 AM
Bitcoin pricing
Mt Gox may have suffered a big blow to its reputation because of all this talk of bitcoin issues, but the pricing of the currency itself has nose dived. It'll be interesting to see how long it takes for it to bounce back, or if we'll see a settling at a new price point. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
2/12/2014 | 4:45:13 PM
Recourse?
Is  there any recourse for someone like Reddit user "allinfinite," "who claimed to have lost about 20 bitcoins, which would have been valued at about $20,000, to the malware." Can the issuer confirm that the coins were stolen, invalidate them (and thus make it less attractive to steal bitcoins), and reissue? Or is it like losing cash - you're out of luck?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.