Bijack: Breaking Bitcoin Network with TCP Vulnerabilities

Shaoyu Li; Shanghao Shi; Yang Xiao; Chaoyu Zhang; Y. Thomas Hou; Wenjing Lou

doi:10.1007/978-3-031-51479-1_16

Bijack: Breaking Bitcoin Network with TCP Vulnerabilities

Shaoyu Li, Shanghao Shi, Yang Xiao, Chaoyu Zhang, Y. Thomas Hou, Wenjing Lou

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Recent studies have shown that compromising Bitcoin’s peer-to-peer network is an effective way to disrupt the Bitcoin service. While many attack vectors have been uncovered such as BGP hijacking in the network layer and eclipse attack in the application layer, one significant attack vector that resides in the transport layer is largely overlooked. In this paper, we investigate the TCP vulnerabilities of the Bitcoin system and their consequences. We present Bijack, an off-path TCP hijacking attack on the Bitcoin network that is able to terminate Bitcoin connections or inject malicious data into the connections with only a few prior requirements and a limited amount of knowledge. This results in the Bitcoin network topology leakage, and the Bitcoin nodes isolation. We measured the real Bitcoin network and discovered that more than 1700 (27%) of the reachable Bitcoin nodes are vulnerable to our attack whose physical locations are spread across the world. We evaluated the efficiency and impacts of the Bijack attack in real-world settings, and the results show that Bijack successfully realizes several fatal Bitcoin attacks without too much effort.

Original language	English
Title of host publication	Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings
Editors	Gene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
Pages	306-326
Number of pages	21
DOIs	https://doi.org/10.1007/978-3-031-51479-1_16
State	Published - 2024
Event	28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands Duration: Sep 25 2023 → Sep 29 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14346 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th European Symposium on Research in Computer Security, ESORICS 2023
Country/Territory	Netherlands
City	The Hague
Period	9/25/23 → 9/29/23

Bibliographical note

Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Keywords

Bitcoin
Network security
TCP

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-51479-1_16

Cite this

Li, S., Shi, S., Xiao, Y., Zhang, C., Hou, Y. T., & Lou, W. (2024). Bijack: Breaking Bitcoin Network with TCP Vulnerabilities. In G. Tsudik, M. Conti, K. Liang, & G. Smaragdakis (Eds.), Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings (pp. 306-326). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14346 LNCS). https://doi.org/10.1007/978-3-031-51479-1_16

Li, Shaoyu ; Shi, Shanghao ; Xiao, Yang et al. / Bijack : Breaking Bitcoin Network with TCP Vulnerabilities. Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings. editor / Gene Tsudik ; Mauro Conti ; Kaitai Liang ; Georgios Smaragdakis. 2024. pp. 306-326 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{deea443a0e514da3ab3c3c049b0964c3,

title = "Bijack: Breaking Bitcoin Network with TCP Vulnerabilities",

abstract = "Recent studies have shown that compromising Bitcoin{\textquoteright}s peer-to-peer network is an effective way to disrupt the Bitcoin service. While many attack vectors have been uncovered such as BGP hijacking in the network layer and eclipse attack in the application layer, one significant attack vector that resides in the transport layer is largely overlooked. In this paper, we investigate the TCP vulnerabilities of the Bitcoin system and their consequences. We present Bijack, an off-path TCP hijacking attack on the Bitcoin network that is able to terminate Bitcoin connections or inject malicious data into the connections with only a few prior requirements and a limited amount of knowledge. This results in the Bitcoin network topology leakage, and the Bitcoin nodes isolation. We measured the real Bitcoin network and discovered that more than 1700 (27%) of the reachable Bitcoin nodes are vulnerable to our attack whose physical locations are spread across the world. We evaluated the efficiency and impacts of the Bijack attack in real-world settings, and the results show that Bijack successfully realizes several fatal Bitcoin attacks without too much effort.",

keywords = "Bitcoin, Network security, TCP",

author = "Shaoyu Li and Shanghao Shi and Yang Xiao and Chaoyu Zhang and Hou, {Y. Thomas} and Wenjing Lou",

note = "Publisher Copyright: {\textcopyright} 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 28th European Symposium on Research in Computer Security, ESORICS 2023 ; Conference date: 25-09-2023 Through 29-09-2023",

year = "2024",

doi = "10.1007/978-3-031-51479-1_16",

language = "English",

isbn = "9783031514784",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "306--326",

editor = "Gene Tsudik and Mauro Conti and Kaitai Liang and Georgios Smaragdakis",

booktitle = "Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings",

}

Li, S, Shi, S, Xiao, Y, Zhang, C, Hou, YT & Lou, W 2024, Bijack: Breaking Bitcoin Network with TCP Vulnerabilities. in G Tsudik, M Conti, K Liang & G Smaragdakis (eds), Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14346 LNCS, pp. 306-326, 28th European Symposium on Research in Computer Security, ESORICS 2023, The Hague, Netherlands, 9/25/23. https://doi.org/10.1007/978-3-031-51479-1_16

Bijack: Breaking Bitcoin Network with TCP Vulnerabilities. / Li, Shaoyu; Shi, Shanghao; Xiao, Yang et al.
Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings. ed. / Gene Tsudik; Mauro Conti; Kaitai Liang; Georgios Smaragdakis. 2024. p. 306-326 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14346 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Bijack

T2 - 28th European Symposium on Research in Computer Security, ESORICS 2023

AU - Li, Shaoyu

AU - Shi, Shanghao

AU - Xiao, Yang

AU - Zhang, Chaoyu

AU - Hou, Y. Thomas

AU - Lou, Wenjing

PY - 2024

Y1 - 2024

N2 - Recent studies have shown that compromising Bitcoin’s peer-to-peer network is an effective way to disrupt the Bitcoin service. While many attack vectors have been uncovered such as BGP hijacking in the network layer and eclipse attack in the application layer, one significant attack vector that resides in the transport layer is largely overlooked. In this paper, we investigate the TCP vulnerabilities of the Bitcoin system and their consequences. We present Bijack, an off-path TCP hijacking attack on the Bitcoin network that is able to terminate Bitcoin connections or inject malicious data into the connections with only a few prior requirements and a limited amount of knowledge. This results in the Bitcoin network topology leakage, and the Bitcoin nodes isolation. We measured the real Bitcoin network and discovered that more than 1700 (27%) of the reachable Bitcoin nodes are vulnerable to our attack whose physical locations are spread across the world. We evaluated the efficiency and impacts of the Bijack attack in real-world settings, and the results show that Bijack successfully realizes several fatal Bitcoin attacks without too much effort.

AB - Recent studies have shown that compromising Bitcoin’s peer-to-peer network is an effective way to disrupt the Bitcoin service. While many attack vectors have been uncovered such as BGP hijacking in the network layer and eclipse attack in the application layer, one significant attack vector that resides in the transport layer is largely overlooked. In this paper, we investigate the TCP vulnerabilities of the Bitcoin system and their consequences. We present Bijack, an off-path TCP hijacking attack on the Bitcoin network that is able to terminate Bitcoin connections or inject malicious data into the connections with only a few prior requirements and a limited amount of knowledge. This results in the Bitcoin network topology leakage, and the Bitcoin nodes isolation. We measured the real Bitcoin network and discovered that more than 1700 (27%) of the reachable Bitcoin nodes are vulnerable to our attack whose physical locations are spread across the world. We evaluated the efficiency and impacts of the Bijack attack in real-world settings, and the results show that Bijack successfully realizes several fatal Bitcoin attacks without too much effort.

KW - Bitcoin

KW - Network security

KW - TCP

UR - http://www.scopus.com/inward/record.url?scp=85184112231&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85184112231&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-51479-1_16

DO - 10.1007/978-3-031-51479-1_16

M3 - Conference contribution

AN - SCOPUS:85184112231

SN - 9783031514784

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 306

EP - 326

BT - Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings

A2 - Tsudik, Gene

A2 - Conti, Mauro

A2 - Liang, Kaitai

A2 - Smaragdakis, Georgios

Y2 - 25 September 2023 through 29 September 2023

ER -

Li S, Shi S, Xiao Y, Zhang C, Hou YT, Lou W. Bijack: Breaking Bitcoin Network with TCP Vulnerabilities. In Tsudik G, Conti M, Liang K, Smaragdakis G, editors, Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings. 2024. p. 306-326. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-51479-1_16