Hacker Stole Up To $9,000 Worth of Bitcoin Every Day

A hacker who redirected a group of bitcoin mining pools stole a total of $83,000 (£49,300) over a four month period.

Revealed by researchers at Dell's SecureWorks cyber intelligence division, the four-month attack began in February and continued until May without those affected noticing that some of the bitcoins they were mining were not being sent to their own bitcoin wallets.

At its peak the attacker was stealing $9,000 in a single day from the mining pools.

The hacker used a staff user account at a Canadian internet service provider (ISPs) to redirect the traffic of 19 separate ISPs and hijacking and taking control of the processing power of bitcoin mining pools.

Among the networks which the hacker took control of was Amazon's. The researchers would not reveal which Canadian ISP the attacks originated from.

Bitcoin miners are the people who use specialised computer equipment to solve complex mathematical equations in order to mint new bitcoins. A lot of miners group together into mining pools in order to group their processing power and subsequently share the spoils of whatever bitcoins are mined.

BGP hijacking

The attacker, who may have been a rogue employee at the unnamed Canadian ISP, was able to carry out the attack on 22 separate occasions with each attack lasting just 30 seconds so that identifying the attack was difficult.

The attacker used a vulnerability in the border gateway protocol (BGP) - the routing instructions that tell traffic where to go at the connection points between the internet's largest networks.

The hacker controlled a server which sent out a "reconnect" command which reconfigured the mining pools to contribute their processing power to generate bitcoins which the hacker was then able to recoup.

As well as targeting bitcoin mining pools, the hacker also stole some other cryptocurrencies including dogecoin and worldcoin, but the researchers at Dell SecureWorks said the majority of the estimated $83,000 stolen was from bitcoin.

One of the researchers Joe Stewart came across the attack when he noticed his own mining rig had been redirected, however he told IBTimes UK that most people don't check their rigs for weeks at a time, meaning the hacker was able to carry out these attacks unnoticed.

Dell's researchers say this specific type of attack is unlikely to be repeated but the security risks of BGP - which have been discussed for over 15 years - will continue to be a worry for bitcoin miners as well as the wider internet.