Bitcoin
Bitcoin (BTC)
$102,037.00 1.59383
Bitcoin price
Ethereum
Ethereum (ETH)
$3,954.35 4.46935
Ethereum price
BNB
BNB (BNB)
$721.48 3.87625
BNB price
Solana
Solana (SOL)
$231.90 1.37479
Solana price
XRP
XRP (XRP)
$2.42 0.47364
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000288 0.66036
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000244 -0.60046
Pepe price
Bonk
Bonk (BONK)
$0.0000398 2.56603
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 0.59907
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -0.81631
Popcat price
Bitcoin
Bitcoin (BTC)
$102,037.00 1.59383
Bitcoin price
Ethereum
Ethereum (ETH)
$3,954.35 4.46935
Ethereum price
BNB
BNB (BNB)
$721.48 3.87625
BNB price
Solana
Solana (SOL)
$231.90 1.37479
Solana price
XRP
XRP (XRP)
$2.42 0.47364
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000288 0.66036
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000244 -0.60046
Pepe price
Bonk
Bonk (BONK)
$0.0000398 2.56603
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 0.59907
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -0.81631
Popcat price
Bitcoin
Bitcoin (BTC)
$102,037.00 1.59383
Bitcoin price
Ethereum
Ethereum (ETH)
$3,954.35 4.46935
Ethereum price
BNB
BNB (BNB)
$721.48 3.87625
BNB price
Solana
Solana (SOL)
$231.90 1.37479
Solana price
XRP
XRP (XRP)
$2.42 0.47364
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000288 0.66036
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000244 -0.60046
Pepe price
Bonk
Bonk (BONK)
$0.0000398 2.56603
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 0.59907
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -0.81631
Popcat price
Bitcoin
Bitcoin (BTC)
$102,037.00 1.59383
Bitcoin price
Ethereum
Ethereum (ETH)
$3,954.35 4.46935
Ethereum price
BNB
BNB (BNB)
$721.48 3.87625
BNB price
Solana
Solana (SOL)
$231.90 1.37479
Solana price
XRP
XRP (XRP)
$2.42 0.47364
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000288 0.66036
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000244 -0.60046
Pepe price
Bonk
Bonk (BONK)
$0.0000398 2.56603
Bonk price
dogwifhat
dogwifhat (WIF)
$3.09 0.59907
dogwifhat price
Popcat
Popcat (POPCAT)
$1.25 -0.81631
Popcat price

How Amazon’s 3 Hours of Inactivity Cost Crypto Investors $235,000

News
How Amazon’s 3 Hours of Inactivity Cost Crypto Investors $235,000

Amazon took more than three hours to regain control of the IP addresses it utilizes to host cloud-based services after it suddenly lost control. Findings show that because of this flaw, hackers could steal $235,000 in cryptocurrencies from clients of one of the compromised clients.

How The Hackers Did it

By using a technique called BGP hijacking, which takes advantage of well-known flaws in a fundamental Internet protocol, the attackers took control of about 256 IP addresses. BGP, short for Border Gateway Protocol, is a standard specification that autonomous system networks—organisations that direct traffic—use to communicate with other ASNs.

For enterprises to keep track of which IP addresses legitimately adhere to which ASNs, BGP still primarily counts on the Internet equivalent of word-of-mouth, albeit its critical role in routing massive volumes of data throughout the globe on a real-time basis.

The Hackers Became More Crafty

A /24 block of IP addresses that belongs to AS16509, one of at least 3 ASNs run by Amazon, was abruptly announced to be accessible through autonomous system 209243, which is owned by UK-based network operator Quickhost, in August.

The IP address host cbridge-prod2.celer.network, a subdomain in charge of providing a crucial smart contract user interface for the Celer Bridge crypto exchange, was part of the compromised block at 44.235.216.69.

Since they could show the Latvian certificate authority GoGetSSL that they controlled the subdomain, the hackers utilised the takeover to get a TLS certificate for cbridge-prod2.celer.network on August 17.

Once they had the certificate, the perpetrators deployed their smart contract within the same domain and watched for visitors attempting to visit the legitimate Celer Bridge page.

The fraudulent contract siphoned $234,866.65 from 32 accounts, based on the following report from Coinbase’s threat intelligence team.

It Seems Amazon’s Been Bitten Twice

A BGP assault on an Amazon IP address has resulted in substantial bitcoin losses. An unsettlingly identical incident using Amazon’s Route 53 system for domain names service occurred in 2018. Approximately $150,000 worth of cryptocurrency from MyEtherWallet customer accounts. If the hackers had used a browser-trusted TLS certificate instead of a self-signed one that compelled users to click through a notice, the amount stolen probably might have been greater.

Following the 2018 assault, Amazon added over 5,000 IP prefixes to the Route Origin Authorizations (ROAs), which are openly available records that specify which ASNs have the right to broadcast IP addresses.

The change provided some security from an RPKI (Resource Public Key Infrastructure), which employs electronic certificates to link ASN to their correct IP addresses.

This research shows that the hackers last month introduced AS16509 and the more precise /24 route to an AS-SET indexed in ALTDB, a free registry for autonomous systems to publish their BGP routing principles, to get around the defences.

In Amazon’s defense, It is far from the first cloud provider that has lost control of its IP numbers due to a BGP attack. For over two decades, BGP has been susceptible to careless configuration errors and blatant fraud. Ultimately, the security issue is a sector-wide issue that cannot be resolved by Amazon exclusively.