Two cryptocurrency exchanges have reported multiple distributed denial-of-service (DDoS) attacks on their systems in the last week.
What are DDoS attacks?
DDoS attacks target websites and online services. The hackers’ aim is to overwhelm the targeted websites with more traffic than the server or network can accommodate. The goal is to render the website or service inoperable. A severe attack can take a service offline, or may cause slow responses for website users. This may be combined with an extortion threat of a more devastating attack unless the company pays a cryptocurrency ransom.
OKEx suffered two attacks
OKEx, which is said to be based in Malta, has reportedly suffered two attacks. According to its CEO, Jay Hao, OKEx first suffered an attack on Feb. 27. It happened once more the next day; the first attack routed as much as 200 gigabytes per second of traffic, but the second attack was of 400 gigabytes severity.
The attack was conducted shortly after completion of the exchange’s “temporary system maintenance”, which had options and futures trading disabled during the maintenance period.
In a separate event, DDoS attack fell upon Bitfinex on Friday morning as well. The attack reportedly lasted for an hour until 5:30 AM, severely crippling the exchange’s activity during that period as throughput fell close to zero.
The Hong Kong-headquartered platform’s trading services were offline for a period of under an hour, but at press time Bitfinex says services are back to normal.
“The attacker tried to concurrently exploit several platform features to increase load in the infrastructure. We use a variety of different prevention mechanisms to guard against such a DDoS attack. Still, the huge number of different IP addresses used and the sophisticated crafting of the requests towards our API v1 exploited an internal inefficiency in one of our non-core process queues,” said Paulo Ardoino, Bitfinex Chief Technology Officer.
With the need to react quickly to avert an escalation in damage, the exchange took the decision to go into maintenance. The CTO said it was “not due to the inability of the platform to resist, rather it was a decision taken in order to quickly bring in the countermeasures and patch for all similar attacks.”
There is currently no tangible evidence against the identity of the hackers, and no proof that the attacks are connected, although reportedly similar.