Vicious competition causes frequent DDos attacks on exchanges. What is the cost of the attack?

Source: Financial Network Chain Finance

Cryptocurrency exchange Bitfinex tweeted on February 28 that it was suspected of being subjected to a distributed denial of service attack (DDoS) and is investigating the matter. During this time Bitfinex interrupted trading services and the page was under maintenance. In the early morning of the 29th, there was also a brief outage of the Binance Exchange, which was subsequently repaired.

Bitfinex is the second exchange explicitly attacked by DDoS after the cryptocurrency exchange OKEx on February 27.

DDoS attacks, or distributed denial-of-service attacks, occur when a hacker tries to overwhelm a system with the activities of other systems (usually through a robot). The purpose of the DDoS attack by the hacker is to control the attack from the internal platform, or to ask the victim to ransom to stop the attack.

It is understood that OKex experienced multiple DDoS attacks between 23 pm on the 27th and 5 am the next day, and the attack traffic gradually increased from 200G to 400G. (G is the unit of data volume)


There are two main forms of DDoS. One is a traffic attack, which is mainly targeted at network bandwidth. That is, a large number of attack packets cause network bandwidth to be blocked. Legal network packets are flooded with false attack packets and cannot reach the host. The resource exhaustion attack is mainly an attack on the server host, that is, the host's memory is exhausted or the CPU is occupied by the kernel and applications through a large number of attack packages, making it impossible to provide network services. In severe cases, the system under DDoS attack will be down.

Under normal circumstances, the spoofing technology and basic protocols used by DDoS are difficult to identify and defend. Through packet filtering or rate-limiting measures, attacks can only be stopped simply. At the same time, requests from legitimate users are also rejected, causing business interruption or service quality. decline.

At the same time, DDoS events are bursty, often in a short period of time, a large amount of DDoS attack data can exhaust network resources and service resources.

Similar to the digital currency exchange, the game industry is also the “hardest hit area” for DDoS traffic attacks. Both industries are online centralized operations, which require extremely high server stability. The main causes of DDoS attacks in the gaming industry are vicious competition in the industry and malicious harassment by hackers. There are reports that the daily loss of game companies after suffering DDoS attacks can reach millions of dollars. A large number of game products go offline within 2-3 days after being attacked. Players generally fall from tens of thousands to hundreds of people after 2-3 days of attack. The decline in the number of users caused by the attack is the most direct and effective attack on game manufacturers. Because in the Chinese game industry, there are "cottage goods" or imitation games. Once the player experience is not good, he can't get on the game and will quickly switch to other similar games.

Some analysts have pointed out that the DDoS attack in the cryptocurrency trading industry is also suspected of vicious competition in the industry. Because there are multiple exchanges on the market for users to choose, once the user experience is poor, the user cannot be logged in or the exchange is down, and the user's property is damaged, the user will have the intention to switch to another exchange.

As DDoS attacks become more and more intelligent, the cost of attacks continues to decrease, so how about DDoS attack costs?

According to the analysis of 360 security experts, the cost of a large-scale DDoS attack is difficult to calculate, but the higher-cost DDoS has certain characteristics, such as: attack source computers and IP addresses are large, attack traffic is large, and the duration is long. At the same time, the more attack sources are scattered, the more difficult it is to trace the identity of the attacker.

Some cybersecurity experts estimate that controlling 1000 botnet computers to launch a DDoS attack basically costs about $ 7 an hour. For forums or websites that provide attack services, the cost of an hour of attack is about $ 25, which means that the profit of one hour of 1,000 botnet attacks is $ 18. The cost of an attack will fluctuate to varying degrees. The three main factors that affect the price are: the length of the attack, the source of the "chuck" and the target of the attack. Under normal circumstances, DDoS attacks take a 300-second cycle and cost $ 5, and the 4-hour continuous attack is about $ 400; computer botnets are more expensive than IoT devices. The cost of attacking a target is also high.

It is understood that DDoS attack services can be purchased in dark production channels such as the dark web, and targeted DDoS attacks can be quickly deployed. At the same time, there are abundant network security products to prevent DDoS attacks. Cloud computing service providers such as Alibaba Cloud and Amazon also provide corresponding defense support for DDoS attacks. However, compared with the lower cost of DDoS attacks, the cost of preventing DDoS attacks may be higher, and the game between the two sides is reflected in the financial and technical strength to a certain extent.

In the past ten years, DDoS attacks have become one of the main threats to websites, servers, and networks. Since the official implementation of China ’s Cyber ​​Security Law in 2017, cyber attacks have been included in the legal provisions of organizations that implement cyber attacks. And individuals will be held legally responsible.