The DDoS cyberattack suffered this morning by the server of the Bitfinex exchange has ended.
At this time all systems are active and the services are back 100% operational.
The attack has actually lasted very little, less than half an hour, and when it ended it doesn’t seem to have left any traces.
Paolo Ardoino explains:
“The attacker tried to exploit concurrently several platform features to increase load in the infrastructure. We use a variety of different prevention mechanisms to guard against such a Distributed-Denial-of-Service (DDoS) attack. Still, the huge number of different IP addresses used and the sophisticated crafting of the requests towards our API v1 exploited an internal inefficiency in one of our non-core process queues. The matching engine, websockets and core services were not affected by the DDoS attack. However, it was of paramount importance to speedily react in order to avoid any damage escalation. The decision to enter in maintenance was not due to the inability of the platform to resist, rather it was a decision taken in order to quickly bring in the countermeasures and patch for all similar attacks”.
Besides, it was a trivial DDoS attack, an attempt to block the server’s reactivity by flooding it with more connections than it could handle.
This type of attack does not generally cause damage, but only a suspension of the server’s operation, making it simply unable to respond to all requests.
As a precaution, the company suspended all services, waiting for the attack to stop before returning everything online, after having raised protection levels against this type of attack.
Now, with protection levels raised, the server should be better able to withstand this type of attack, although it all depends upon the intensity of the attack.
In fact, the servers of Bitfinex were certainly already protected against this type of attack, albeit this morning such protections were not sufficient.
This means either that they were too low, simply because the danger had been underestimated, or that the attack was launched with more power than expected. In the latter case it is not impossible to completely rule out that it may not happen again in the future, but seeing that the more powerful a DDoS attack is, the more it costs, raising the level of protection means making life much more difficult for attackers.
Often those who launch these attacks do so using a botnet, which is usually rented by the creator. Botnets are created using viruses that propagate over the network, and are created and distributed with the specific purpose of generating a botnet that can then be rented to the highest bidder. For this reason, these attacks are usually quite expensive.
Bitfinex certainly has some enemies, as shown by some ongoing cases against the exchange and its subsidiary Tether, so it is not absurd to imagine that someone has actually decided to use a botnet, probably for a fee, to launch an attack aimed at blocking operations.
However, the fact that the attack lasted less than half an hour would also suggest that the attacker may not have so much money to extend the use of the botnet for a long time.
This also makes it less likely that such an attack would occur again.