Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem

  • Marie Vasek
  • Micah Thornton
  • Tyler MooreEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8438)


We present an empirical investigation into the prevalence and impact of distributed denial-of-service (DDoS) attacks on operators in the Bitcoin economy. To that end, we gather and analyze posts mentioning “DDoS” on the popular Bitcoin forum Starting from around 3 000 different posts made between May 2011 and October 2013, we document 142 unique DDoS attacks on 40 Bitcoin services. We find that 7 % of all known operators have been attacked, but that currency exchanges, mining pools, gambling operators, eWallets, and financial services are much more likely to be attacked than other services. Not coincidentally, we find currency exchanges and mining pools are much more likely to have DDoS protection such as CloudFlare, Incapsula, or Amazon Cloud. We show that those services that have been attacked are more than three times as likely to buy anti-DDoS services than operators who have not been attacked. We find that big mining pools (those with historical hashrate shares of at least 5 %) are much more likely to be DDoSed than small pools. We investigate Mt. Gox as a case study for DDoS attacks on currency exchanges and find a disproportionate amount of DDoS reports made during the large spike in trading volume and exchange rates in spring 2013. We conclude by outlining future opportunities for researching DDoS attacks on Bitcoin.


Exchange Rate Money Supply Currency Exchange Content Distribution Network Digital Currency 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank the anonymous reviewers and paper shepherd Fergal Reid for their helpful feedback. This work was partially funded by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific via contract number N66001-13-C-0131. This paper represents the position of the authors and not that of the aforementioned agencies.


  1. 1.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009).
  2. 2.
    Chaum, D.: Achieving electronic privacy. Sci. Am. 267, 96–101 (1992)CrossRefGoogle Scholar
  3. 3.
    Gallu, J.: Bitcoin Ponzi scheme alleged by SEC in lawsuit against Texas man. Bloomberg, July 2013.
  4. 4.
    Jeffries, A.: Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt. The Verge, August 2012.
  5. 5.
    Leyden, J.: Linode hackers escape with \({\$}\)70k in daring Bitcoin heist. The Register, March 2012.
  6. 6.
    Moore, T., Christin, N.: Beware the middleman: empirical analysis of bitcoin-exchange risk. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 25–33. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Leyden, J.: How mystery DDoSers tried to take down Bitcoin exchange with 100Gbps crapflood. The Register, October 2013.
  8. 8.
    Johnson, B., Laszka, A., Grossklags, J., Vasek, M., Moore, T.: Game-theoretic analysis of DDoS attacks against Bitcoin mining pools. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014 Workshops. LNCS, vol. 8438, pp. 72–86. Springer, Heidelberg (2014)Google Scholar
  9. 9.
    Bitcoin Wiki: Trade. Accessed 21 Nov 2013
  10. 10.
    Bitcoin Wiki: Category: Pool operators. Accessed 21 Nov 2013
  11. 11.
    CloudFlare: Cloudflare IP ranges. Accessed 21 Nov 2013
  12. 12.
    Harel, U.: Restricting direct access to your website (Incapsula’s IP addresses). Accessed 15 Jan 2014
  13. 13.
    Amazon Web Services: Announcement: Amazon EC2 public IP ranges. Accessed 21 Nov 2013
  14. 14.
    organofcorti: MTGOX volume post Dwolla: a single statistical test, Neighbourhood Pool Watch, July 2013.
  15. 15.
    Ron, D., Shamir, A.: Quantitative analysis of the full Bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  16. 16.
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of Bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, ser. IMC 2013, pp. 127–140. ACM, New York (2013)Google Scholar
  17. 17.
    Möser, M., Böhme, R., Breuker, D.: An inquiry into money laundering tools in the Bitcoin ecosystem. In: 8th APWG eCrime Researchers Summit. IEEE (2013)Google Scholar
  18. 18.
    Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the 22nd International Conference on the World Wide Web, International World Wide Web Conferences Steering Committee, pp. 213–224 (2013)Google Scholar
  19. 19.
    Zuckerman, E., Roberts, H., McGrady, R., York, J., Palfrey, J.G.: 2010 report on distributed denial of service (DDoS) attacks. Technical report 2010-16, Berkman Center Research Publication (2010).
  20. 20.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Proceedings of the 18th International Conference on Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science, vol. (to appear). Springer (2014)Google Scholar
  22. 22.
    Kroll, J., Davey, I., Felten, E.: The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In: Proceedings of the Twelfth Annual Workshop on the Economics of Information Security (WEIS 2013), Washington, DC, June 2013Google Scholar
  23. 23.
    Rosenfeld, M.: Analysis of hashrate-based double-spending (2012).

Copyright information

© IFCA/Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Computer Science and Engineering DepartmentSouthern Methodist UniversityDallasUSA

Personalised recommendations