Hackers Steal About $230,000 in Cryptocurrency Using BGP to Hijack IP Segments

On August 17, 2022, Quickhost.uk , an unknown network operator in the United Kingdom, suddenly announced through BGP broadcast that an IP segment 44.235.216.0/24 belonging to Amazon AS16509 needs to be routed through its network AS20943. An address in this IP segment, 44.235.216.69, was used to host cbridge-prod2.celer.network — a subdomain used by the cryptocurrency exchange Celer Bridge, a key smart contract user interface. The attackers obtained a TLS certificate by proving control of the subdomain to the certificate authority GoGetSSL, then hosted their own smart contracts on the domain, and subsequently stole $234,866.65 worth of encryption from 32 accounts accessing the domain currency. The BGP hijacking lasted more than three hours , and Amazon finally regained control of the address segment. This isn’t the first time Amazon has been hijacked by BGP, it suffered a similar attack in 2018 with the same goal of stealing cryptocurrencies.

This article is reprinted from: https://www.solidot.org/story?sid=72867
This site is for inclusion only, and the copyright belongs to the original author.