Bitcoin Mining Pools Targeted in Wave of DDOS Attacks

shutterstock_210302965-scaled
12 March 2015

AntPool, BW.com, NiceHash, CKPool and GHash.io are among a number of bitcoin mining pools and operations that have been hit by distributed denial-of-service (DDOS) attacks in recent days.

The incidents appear to have begun in the first week of March. For example, on 11th March, AntPool owner Bitmain sent an email to customers disclosing the DDOS attacks and advising external pool users to set up failsafe pools in the event of an outage.

According to many of the companies affected by the incidents, those behind the attacks demanded payment in bitcoin in return for stopping the attacks.

BW.com alerted customers via its official blog to possible service disruptions owing to DDOS attacks, but did not say whether or not a ransom notice had been sent. Other pools took to Bitcoin Talk to warn users about the DDOS attacks.

GHash.io operator CEX.io suggested that affected pools are seeing escalating DDOS threats, and said that the source of recent attacks on its pool came with increasing ransom demands.

A spokesperson for CEX.io told CoinDesk:

“The attack has been conducted by a hacker who has already DDOSed CEX.IO in October, 2014. Previously, he demanded 2 BTC for stopping the attack. This time, the payment has been raised to 5 to 10 BTC.”

At least one other mining pool, NiceHash, also reported sustained DDOS attacks last fall.

The alleged source of the DDOS attacks, operating under the name DD4BC, is believed to be behind a number of attacks on digital currency websites and services in the past year.

Incidents tied to DD4BC include an attack last year on the digital currency exchange Bitalo that resulted in the posting of a 100 BTC bounty. Following the recent DDOS threats, Bitmain contributed an additional 10 BTC to the bounty.

Disruptions likely to continue

Affected pools say they have moved to boost in-house defense mechanisms in light of the attacks, but some have warned that future outages may likely occur. Bitmain said that its other services, including the cloud mining platform HashNest, may also be affected in the coming days.

Operators that responded to press queries say they have refused to pay the ransoms and will continue keeping their pools open despite the risk of future DDOS attacks.

Some of the pools have conceded that resolving the situation will be difficult owing to the capabilities believed to be possessed by the source of the attacks.

Bitmain’s Yoshi Goto noted that the attacks appear to be systematic and acknowledged that it remains unclear when the situation will be completely resolved.

“It is a cat and mouse game now but we will do our best,” he said.

CoinDesk will continue monitoring the developments and post updates as they become available.