Cryptocurrency attack due to BGP hijacking

Andrew Wesie andrew at
Fri Feb 11 16:58:14 UTC 2022

Recently, there was an attack on Klayswap [1] believed to be due to
BGP hijacking [2]. From the public data on routeviews, we can see that
there were announcements for the hijacked IP ranges, for example:

6461 9457|9457|||

The weird part is that the path from AS6461 to AS9457 does not show up
in any other routes. As far as I can tell from public information,
there is no transit nor peering relationship between AS6461 and
AS9457. As such, it seems likely a peer or customer of AS6461 was
impersonating AS9457.

I sent an email to Zayo's abuse email asking if they could provide any
additional information but did not receive a response. If anyone has
additional information, please reach out. Especially information about
where the announcement may have originated.

Andrew Wesie
Theori, Inc.


More information about the NANOG mailing list