Hong Kong based cryptocurrency exchange BitMEX announced today that it suffered an aggressive DDoS attack when it went offline for about 25 minutes.
BitMEX suffered an attack
BitMEX experienced the worst single-day drop in seven years on March 12, when the price of Bitcoin crashed from $7,900 to $3,600. During the massive sell-off in Bitcoin, BitMEX ended up liquidating $1.2 billion worth of long contracts. This was considered one of the biggest long squeezes in the history of cryptocurrency. There were several reports of crypto whales dumping their stock on BitMEX because of which the market nosedived. However, there were some speculations about market manipulation as well.
A few hours later, BitMEX confirmed that it suffered an aggressive DDoS attack when it shut down for a 25-minute period. During this time, the price of Bitcoin also recovered on other exchange. The chief technical officer of the exchange, Samuel Reed, reaffirmed that the exchange had suffered a botnet attack. He also pointed out the flaws in AWS servers which were exploited to run this attack.
What did the attackers do?
According to Reed, botnet attackers gained access to a consistently slow endpoint because of which they could launch an attack on the platform at 12:56 UTC and 02:15 UTC on March 13. The hackers were allegedly probing the system for some time. They had attacked the platform once before last month. The attack was mitigated using the normal DDoS mitigation strategies used by the exchange.
“Mar 13 was a change in strategy for them. The botnet found an endpoint that was consistently, reliably slow. The query they hit did a 400ms reverse sequential scan rather than using the index (Parallel Index Scan / Gather Merge for PG fans) because an ANALYZE hadn’t been automatically run for too long by RDS defaults.”
He said that thousands of scams in parallel were responsible for the database triggering swapping which was pegged to 100% CPU, 99% of which was to wait.
“On AWS, this looks quite a bit like a dying EBS volume, so we failed over the database and service resumed,” he added.
While Reed is talking about the problems on AWS, users are blaming the platform for relying too much on third-party service providers. Reed noted that it has already found the slow query in the system that led to the attack and fixed problems with it.