On August 17, 2022, an attacker was able to steal approximately $235,000 in cryptocurrency by employing a BGP hijack against the Celer Bridge, a service which allows users to convert between cryptocurrencies.
In this blog post, I discuss this and previous infrastructure attacks against cryptocurrency services. While these episodes revolve around the theft of cryptocurrency, the underlying attacks hold lessons for securing the BGP routing of any organization that conducts business on the internet.
In a detailed blog post earlier this month, the threat intelligence team from Coinbase explained how the attack went down. (Note: Coinbase was not the target of the attack.) In short, the attacker used a BGP hijack to gain control of a portion of Amazon’s IP address space.
Doing so allowed it to impersonate part of the Celer Bridge infrastructure, which was hosted by Amazon, and issue malicious smart contracts. These “phishing contracts” stole the victim’s assets by redirecting them to the attacker’s wallet.