What is a BGP Routing Attack?
A BGP routing attack hijacks the Border Gateway Protocol (BGP) — the protocol that routes traffic across the internet — to redirect, isolate, or censor a blockchain node’s connections. BGP is the system by which networks (autonomous systems, or ASes) announce which IP address ranges they serve. It is built on trust: if a network announces it owns an IP block it does not actually own, much of the internet may obediently route traffic to the attacker. For blockchains, this means an adversary can quietly redirect a node’s connections to attacker-controlled machines, enabling eclipse attacks, transaction censorship, or even partitioning miners and exchanges from the honest network.
BGP attacks are dangerous precisely because they operate below the blockchain layer. A node’s peer-to-peer encryption and consensus rules can be perfect, and it can still be tricked into talking only to attacker-controlled relays if the underlying IP routing is hijacked. Real-world incidents have shown this is not theoretical.
How a BGP Routing Attack Works / Technical Details
The BGP Hijack
- The attacker (a malicious or compromised ISP/AS) falsely announces to the global routing table that it is the best path to a target IP range — for example, the IPs of a major Bitcoin node, mining pool, or exchange.
- Networks around the world update their routes and start sending traffic for those IPs toward the attacker.
- The attacker can now intercept the traffic (man-in-the-middle), black-hole it (drop the connection), or redirect it to attacker-controlled servers that impersonate the real node.
How This Hits Blockchains
- Node eclipse. By hijacking the routes to a node’s peers, an attacker can fully enclose the node, controlling everything it sees — identical in effect to an eclipse attack but achieved at the routing layer rather than by poisoning peer tables.
- Mining pool isolation. Hijacking routes between miners and their pool can cause miners to waste hash power or submit shares to an attacker.
- Exchange partitioning. Temporarily isolating an exchange’s nodes can enable double-spends, since the exchange credits deposits based on a partitioned view of the chain.
- Transaction censorship. An attacker can selectively drop transactions from specific users or regions.
The 2018 Partition Study
Academic research (“Hijacking Bitcoin: Routing Attacks on Cryptocurrencies,” published at IEEE S&P 2017) demonstrated that an attacker controlling a sizable AS could partition the Bitcoin network into two disjoint islands that would each continue mining independently, then selectively reconnect them to invalidate one side’s work and enable double-spends. The cost was estimated at a tiny fraction of a 51% attack.
Notable Examples and Attack Vectors
The 2018 Amazon BGP Incident
In April 2018, a misconfigured BGP route announcement (originating from a Nigerian ISP and propagated by Amazon’s AS) briefly redirected traffic meant for a large chunk of the internet — including cryptocurrency-related services — through an unexpected path. While this particular event was attributed to misconfiguration rather than malice, it illustrated how a single route announcement can reshape global reachability of crypto infrastructure in minutes.
DNS and Routing Combined Attacks
BGP hijacks are often combined with DNS hijacks: the attacker first redirects DNS resolution for a wallet or exchange domain (via BGP), then serves a fake site to harvest credentials or trick users into signing malicious transactions. Several high-profile wallet-draining incidents have traced back to exactly this kind of layered network attack.
Censorship via Routing
In regions with state-controlled ISPs, BGP-level manipulation has been used to throttle or drop connections to specific crypto nodes and exchanges — a form of censorship that operates entirely outside the chain’s own governance.
How to Protect Against BGP Attacks
For Node Operators and Exchanges
- Use diverse upstream providers. Connect through multiple ASes so no single hijack fully isolates you.
- Peer over encrypted, authenticated transports. Where possible, use TLS, VPN tunnels, or authenticated relay networks so that a hijacked route cannot silently impersonate your peers.
- Monitor route announcements. Tools like RIPE Stat, BGPmon, and RouteViews let you detect suspicious announcements affecting your IP ranges in near real time.
- Deploy RPKI. Resource Public Key Infrastructure cryptographically signs route origins; adopting RPKI (both as an announcer and a validator) dramatically reduces the success rate of hijacks.
- Distribute infrastructure geographically so partitioning one region cannot fully isolate your consensus view.
For the Network
The resilience of Bitcoin and similar networks comes from having thousands of nodes spread across hundreds of independent networks. The more topologically diverse the node set, the harder any single AS-level attacker can partition it. This is a practical argument for running your own node on a non-mainstream ISP.
Frequently Asked Questions
Q: Can’t encryption stop BGP attacks? A: Encryption (TLS) protects the contents of a connection, but a BGP hijack can still redirect or drop the connection itself, causing isolation or censorship even if the attacker can’t read the traffic.
Q: How is a BGP attack different from an eclipse attack? A: An eclipse attack isolates a node by manipulating peer connections at the application layer. A BGP attack achieves isolation (or interception) by manipulating internet routing underneath the application. BGP attacks are one powerful method of eclipsing a node.
Q: Is BGP routing attack a real risk or just academic? A: Real. BGP hijacks happen regularly on the wider internet (often accidentally, sometimes maliciously), and demonstrated research shows they can partition major cryptocurrency networks at far lower cost than a 51% attack.