ISP-rerouting hackers steal $83,000 in various cryptocurrencies

A report published by Dell’s SecureWorks says that hackers were able to steal roughly $83,000 in bitcoin and other cryptocurrencies by exploiting a weakness in how web traffic is routed. The report claims that 19 internet service providers, including big players like Amazon and DigitalOcean, were impacted. The exploit allowed hackers to briefly gain control of at least one P2Pool bitcoin pool server, as well as pools for Dogecoin, Worldcoin and HoboNickels.

The attacks may have been more widespread, as the nature of the attack makes confirmation a somewhat labor-intensive process. At least 22 attacks, each lasting less than 30 seconds, have been confirmed thus far. The attacks were routed to a router on an ISP in Canada, and all of the BTC thefts paid out to a single address. SecureWorks estimates that the attacker made roughly $9,000 per day during the height of the hacking activity.

The attacks are interesting in part because they don’t exploit a weakness in any of the involved cryptocurrency systems, but rather the ISP level of the network. This prompted SecureWorks to suggest that the likely culprit is most likely a current or former employee of the ISP with access to the router’s password. SecureWorks also noted that pools could prevent the attacks in future by requiring miners to use Secure Socket Layer (SSL) protocols.