Routing Attack

Routing attacks, also known as BGP hijacking, occur when an attacker manipulates the Border Gateway Protocol (BGP) — the system that governs how data is routed across the internet — to redirect traffic to their own servers. BGP was designed in an era when internet participants were assumed to be trustworthy, so it lacks robust authentication mechanisms by default. By broadcasting false routing information, an attacker can intercept, redirect, or disrupt the internet traffic of organizations and individuals who are unaware the attack is occurring.

In cryptocurrency trading, routing attacks can be used to redirect traffic to a fake exchange or wallet interface, allowing the attacker to steal credentials, intercept transactions, or perform man-in-the-middle attacks. For blockchain networks themselves, routing attacks pose a more fundamental threat: by isolating a portion of the network's nodes from the rest of the internet, an attacker can partition the blockchain, potentially enabling double-spend attacks or forcing a chain split. Research has demonstrated that a significant share of Bitcoin's mining power and nodes could be partitioned by hijacking a relatively small number of BGP prefixes.

Defending against routing attacks in a crypto context involves a combination of network-level protections and application-layer security. Using HTTPS with certificate pinning prevents man-in-the-middle interception even if traffic is rerouted. Running Bitcoin nodes over Tor or other anonymizing networks can obscure their IP addresses, making them harder to target. At the infrastructure level, organizations and ISPs can adopt Resource Public Key Infrastructure (RPKI), a security framework that adds cryptographic authentication to BGP routing announcements, significantly reducing the viability of hijacking attacks.