Internet routing attacks (such as BGP hijacks) and malicious Internet Service Providers (ISP) can reduce miners’ revenue and expose their networks to double spending, a study that argues for encrypting Bitcoin traffic or traffic exchanged among miners has shown.

Put together by Maria Apostolaki and Laurent Vanbever of ETH Zürich and Aviv Zohar of Hebrew University, the researchers stressed that the impact of a partitioning attack depends on the number of isolated nodes and how much mining power they have.

“Isolating a few nodes essentially constitutes a denial of service attack and renders them vulnerable to 0-confirmation double spends,” they state in their report. “Disconnecting a considerable amount of mining power can lead to the creation of two different versions of the blockchain. All blocks mined on the side with the least mining power will be discarded and all included transactions are likely to be reversed. Such an attack would cause revenue loss for the miners on the side with least mining power and a prominent risk of double spends. The side with the most mining power would also suffer from an increased risk of selfish mining attacks by adversaries with mining power.”

How it will happen

With more than 16 million bitcoins valued at ∼US$17 billion and up to 300,000 daily transactions (as at March 2017), Bitcoin’s success so far is based on its open and fully decentralized system. Its network uses nodes that are built over a large overlay network and consensus to agree on a set of transactions recorded within Bitcoin’s core data structure: the blockchain so as not to rely on a central entity.

However, the study adds that since most Bitcoin nodes are hosted in few Internet Service providers (ISPs) – 13 ISPs (0.026% of all ISPs) host 30% of the entire Bitcoin network and three ISPs likely to see 60% of all Bitcoin traffic – an attacker can waste 63% of a node’s mining power by intercepting half of its connections for the victim to eventually get each block after a delay of 20 minutes.

When this happens at the node-level, it explains, delay attacks keep the victim eclipsed, essentially performing a denial of service attack or rendering it vulnerable to 0-confirmation double spends. If the node is a gateway of a pool, such attacks can be used to engineer block races, and waste the mining power of the pool.

The waste leads to some created blocks to be discarded and partitioning enables the attacker to filter transactions that clients try to include in the blockchain.

It says:

“In both cases, miners lose potential revenue from mining and render the network more susceptible to double spending attacks as well as to selfish mining attacks. Nodes representing merchants, exchanges and other large entities are thus unable to secure their transactions, or may not be able to broadcast them to the network to begin with. The resulting longer-term loss of trust in Bitcoin security may trigger a loss of value for Bitcoin. Attackers may even short Bitcoin and gain from the resulting devaluation.”

Some of the long and short-term countermeasures suggested include increasing the diversity of node connections, selecting Bitcoin peers while taking routing into account and a small degree of multi-homing by mining pools to protect against powerful attackers.