Cryptocurrency attack due to BGP hijacking

Andrew Wesie andrew at theori.io
Fri Feb 11 16:58:14 UTC 2022


Recently, there was an attack on Klayswap [1] believed to be due to
BGP hijacking [2]. From the public data on routeviews, we can see that
there were announcements for the hijacked IP ranges, for example:

U|A|1643854199.000000|routeviews|route-views.wide|||2497|202.249.2.169|211.249.221.0/24|202.249.2.169|2497
6461 9457|9457|||

The weird part is that the path from AS6461 to AS9457 does not show up
in any other routes. As far as I can tell from public information,
there is no transit nor peering relationship between AS6461 and
AS9457. As such, it seems likely a peer or customer of AS6461 was
impersonating AS9457.

I sent an email to Zayo's abuse email asking if they could provide any
additional information but did not receive a response. If anyone has
additional information, please reach out. Especially information about
where the announcement may have originated.

--
Andrew Wesie
Theori, Inc.

[1] https://medium.com/klayswap/klayswap-compensation-plan-99ec4db6742f
[2] https://economist.co.kr/2022/02/07/column/expertColumn/20220207070013230.html


More information about the NANOG mailing list