Hackers Reroute ISP Traffic to Steal $83k in Bitcoins

Attackers have managed to reroute internet traffic from numerous internet service providers (ISPs) to steal bitcoins and altcoins.

AccessTimeIconAug 8, 2014 at 11:48 a.m. UTC
Updated Sep 11, 2021 at 11:02 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Hackers have managed to reroute raw internet traffic from numerous internet service providers (ISPs) in an attempt to steal bitcoins.

says it has identified a total of 19 ISPs affected. Data used by Amazon, DigitalOcean and OVH was compromised in the attack.

Each incident lasted just 30 seconds, but the hacker managed to carry out the attack 22 times over the course of four months. The ultimate goal was to seize control of bitcoin miners, organised in mining pools.

Stealing up to $9,000 a day

The attacks appear to have been successful. Dell SecureWorks reports that up to $9,000 in bitcoin and altcoins such as dogecoin was stolen per day.

During the attack, miners believed they were still mining for their pool, while the flow of cryptocurrency generated by their mining operations redirected elsewhere. Researchers believe the culprits employed BGP hijacking to redirect the traffic, using spoofed commands to redirect traffic from ISPs.

The hackers used a staff user account belonging to a Canadian ISP, but the researchers do not know whether the hack was orchestrated by an ISP employee or someone from outside the company. A detailed description of the attack is available on the SecureWorks blog.

Researcher Pat Litke said this sort of attack can easily grab a "large collection of clients" in next to no time.

“It takes less than a minute, and you end up with a lot of mining traffic under your control,” he told Wired.

Six-figure damages?

The researchers concluded that around $83,000 worth of cryptocurrency was stolen in the attacks, though this is not the final tally.

According to the research team, this particular type of attack is difficult to replicate as the attacker must have access to an ISP. Therefore, Dell SecureWorks does not expect such attacks to be widespread.

This is not the first time Dell SecureWorks has tackled security threats related to bitcoin. Earlier this year the firm published a report identifying 146 strains of bitcoin malware. It also issued a number of warnings involving vulnerable browser extensions and other software.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.