Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Mt.Gox Bitcoin Exchange Hit With DDoS Attack

Bitcoin exchange Mt.Gox added its name to the list of organizations stung by distributed denial-of-service attacks in recent weeks.

Bitcoin exchange Mt.Gox added its name to the list of organizations stung by distributed denial-of-service attacks in recent weeks.

Mt.Gox, which is based in Tokyo, did not respond to a SecurityWeek request for comment before publication, but noted in a statement on its site that it was hit with a DDoS attack April 3 that continued on to April 4.

“While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag,” the company said in a statement April 4.

The company said it is not clear who is behind the attack, but that it may have been aimed at abusing the system for profit.

“Attackers wait until the price of bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can,” according to the company. “Repeat this two or three times like we saw over the past few days and they profit.”

DDoS is a perfect weapon for creating issues in the bitcoin market that can be taken advantage of, said Corero Network Security President Marty Meyer told SecurityWeek.

“The attackers understand that bitcoin exchanges have not taken steps to detach the front-end trade entry (which must be internet facing by definition) and the back-end trade execution and calculation platforms,” he said. “This is much like how banks have web facing on-line banking applications but their back-end applications which perform the actual money transactions are not web-facing.”

In the past few weeks, American Express and the Spamhaus Project were also hit with DDoS attacks. The Spamhaus attack was referred to by some as perhaps the largest DDoS attack to date.

“The global internet growth and use of web applications has simply outpaced organizations who do not have infinite budgets for IT security,” Meyer said. “They attempt to rely on traditional technologies such as firewalls but those are vulnerable to attacks, such as DDoS, which have themselves become more sophisticated and are attacking at the application level. This is a global issue that has been exposed and organizations must take the first step in their security 12 step program and admit they have vulnerabilities. They must also invest in the technology required to prevent the effects of these attacks and work together to share attack data in an open and transparent way with both consumers and with other organizations.”

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...