DDOS attacks on cryptocurrency exchanges: why hackers attack exchanges?
Cryptocurrency exchanges are completely virtual trading platforms, in most cases operating on the “client-server” principle. This format is substantiated by the nature of digital assets, also it removes geographic and jurisdictional constraints. With the increase of popularity of crypto exchange it attracts the attention not only of investors and traders, but also of hackers.
The hackers have various tools to stop the site and access user data, including DDOS attacks. What is it, how does it work, and why would hackers organize DDOS attacks on the crypto exchange?
What is a DDOS attack?
The “Denial of Service” (DoS) attack is a hacker attack on the site’s server that creates an overload of hardware so that the server cannot respond to the requests of conscientious users.
In a DoS attack, hackers generate a huge number of requests to the server that either overload the server’s bandwidth or consume all computing resources. Due to a DoS attack, a site or other software shell (such as an application) works incorrectly, responds to user queries with delays, or the server becomes temporarily unavailable.
DoS attacks are divided into several varieties and can be performed through the operation of different server flaws:
- Overloading of bandwidth;
- Software errors;
- Limited resources.
The gradual increase in capacity and server bandwidth resulted in a reduction in DoS efficiency due to the inability to generate enough requests from a single client. As a result, DoS evolved into DDoS (Distributed Denial of Service) attacks that use several (sometimes tens or hundreds) clients to generate queries. DDoS attack is more complex and divided into two stages:
- Capturing client nodes – occurs through malicious software, mail viruses and other viral code distribution channels. The virus may be inactive until the time of the DDoS attack and usually contains a small program that should make the PC request a specific server.
- Request Generation – when a sufficient number of nodes are captured, the hacker simultaneously activates them, causing queries to be made to the target server. The effectiveness of such an attack is higher than that of a regular DoS, and the chance of success increases proportionally to the number of captured nodes.
DDoS does not always take place through node capture – in some cases, node owners coordinate ahead of time and organize the reloading of the server consciously, trying to achieve a certain goal or thus express their protest.
DDoS-protection is carried out at various levels – from blocking large volumes of traffic by Internet service providers to correctly configuring the server with the installation of specialized software. More on the DDoS security of the cryptocurrency exchange, Binaryx will say “Someone”:
Why do hackers attack cryptocurrency exchanges?
The DDoS attack achieves only one goal: temporarily shut down the site. That means, it is impossible to steal user data directly through DDoS or to access the accounts of the exchange. Usually, hackers attack a crypto exchange for two reasons:
- Shutdown with blackmail – the revenue of the exchange is generated by a charged commission on trade transactions, so even a few hours of downtime leads to finance losses, as DDoS can disable the server for several days. Not to mention reputational damage (who wants an exchange that is not working at key price moments?). Therefore, after a successful DDoS, its organizers contact the owners of the exchange and demand a ransom for stopping the request wave and restoring the servers.
- Distraction – to stop a DDoS attack need the concerted work of the entire site team, the connection of backup servers and additional computing power. And while the exchange team is busy fighting DDoS, hackers can use unattended exploits to access user data or interfere with the trading process.
It is also worth remembering that in most countries cryptocurrency exchanges are unregulated, allowing DDoS to be used as a tool to eliminate competitors. How does it work? In a period of active market value movement, when traders are interested in opening and closing deals every minute, one exchange orders a DDoS attack on its competitor. In most cases traders have accounts on multiple sites, so when a competitor is unable to process traders’ queries, traders are more likely to use the order’s site.
Can hackers steal user funds by using DDOS?
As mentioned, DDoS does not allow access to server data, including user accounts. However, if DDoS is used to cover another attack, the risk of theft is still present and depends on how assets are stored and removed from the exchange.
If the exchange keeps most of its funds in “cold” wallets, with private keys only at responsible person (or a few persons) and key data are not stored on the exchange server, even under the cover of DDoS hackers will not be able to reach the site’s reserves (more about Binaryx storage here). And if the withdrawal or transfer procedure is carried out using 2FA, then we can say that user accounts are safe.
The truth indirect DDoS attacks can still lead to a loss of profit for traders or investors due to:
- The inability to close/cancel an order – every second is important on a volatile cryptomarket, especially in times of active price dynamics of key assets. If the server due to DDoS cannot process the trading command and close or stop the order in time then there is a high chance of the negative deal after the site “unfolds”.
- The inability to remove funds from the site – is a special feature of DDoS attacks. The pause can be caused both by a server overload and by a team wishing to hedge against further attacks. This leads to a loss of liquidity of the trader who cannot use his funds to work on another site until DDoS is eliminated.
Although DDoS is a major nuisance to exchange users and limits their ability to make profits and manage the assets stored on the site, it is still a relatively low-risk attack. The probability of unauthorized access to data or theft of funds due to DDoS is very low and such a development is only possible on one-day sites with poorly organized storage and transfer mechanisms.
Cases of DDOS attacks on cryptocurrency exchanges?
The interest of hackers in cryptocurrency exchanges increases as the amount of stored assets and the number of users increases. But over the past few years large venues have suffered relatively rarely from DDoS – since the 2020’s, the most known attacks it was:
- The attack on the Exmo Exchange on February 15, 2021 – Exmo servers became temporarily unavailable, but the problem was quickly eliminated.
- The attack on Binance on 29 April 2020 – was reported by the site’s founder, Changpeng Zhao, who claimed that competitive organizations were involved. The attack did not affect the performance of exchage.
- The attack on BitMEX on March 13, 2020 – coincided with the collapse of the cryptomarket in the context of a general decline in markets due to the coronavirus. During the price reduction period, users lost access to asset management.
- The attack on Bitfinex on February 28, 2020 – led to a short-term shutdown. It took less than an hour to resolve the problem.
Of course, there have been many more such attacks – the only large-scale sites reports of successful DDoS that have led to the exchange shutdown. Unsuccessful DDoS or attacks on unknown platforms go unnoticed, although they usually do not have serious consequences.
Also in summing up 2020, Kaspersky Labs noted a general downward trend in DDoS, as it is more profitable for hackers to use captured PCs for mining than to attack the site. However, the data show a decline only in easy-to-organize short-term attacks, while complex (smart) DDoS scored only 10%.
As virtual trading platforms, cryptocurrency exchanges are subject to various hacking attacks, including DDoS attacks. DDoS attacks involve sending requests from multiple captured nodes to the server to overload the site and shut it down. DDoS attacks do not provide access to users data, their organizers pursue other goals:
- Shutdown of the exchange and subsequent blackmail;
- Distraction and cover up other attacks.
Using DDoS, it is also impossible to steal user or site reserves funds, although if it is a DDoS cover then attacks directed at receiving user data and keys (for example, fishing) may follow. Loss of assets due to DDoS occurs only when the assets cannot be managed, resulting in a negative trading deal closure.
The increase in exchange capacity (and decline in DDoS efficiency), the spread of DEX, and the increase in the cost of cryptocurrencies have led to a reduction in DDoS attacks on the stock market over the past few years. Since 2020, only four major sites have reported about DDoS, and in no case have these attacks resulted in serious consequences.
A full-scale DDoS attack on Binaryx is also unlikely, as the exchange uses multiple layers of security at the software and hardware level. In addition, even if the attackers succeed in stopping the servers from operating, they will not be able to access the Binaryx reserve repository, and cant steal the users’ funds.