Major cryptocurrency exchanges Bitfinex and OKEx are reeling from bouts of distributed service denials that were orchestrated over the last 24 hours.
OKEx was the first to experience the DDoS (distributed denial of service) at approximately 11:30 AM EST on Thursday 27th. OKEx CEO Jay Hao posted on the attack on his Weibo page blaming unnamed competitors of his exchange’s woes.
At the time, the attackers routed 200 gigabytes per second of traffic to the OKEx servers, an amount that they could not handle and therefore crippling any legitimate website traffic from accessing the servers.
Following this occurrence, OKEx underwent a system maintenance operation on Friday morning that was scheduled to last a reported 40 minutes. On Friday, OKEx published a notification on the then-upcoming maintenance writing that,
“features of the market quote, order placement, order cancellations, order amendments could be affected for Futures (Coin-margined Futures, USDT-margined Futures), Options Trading. The system maintenance will impact users of the website, APP, the desktop client and API access.”
Once the maintenance exercise was concluded, OKEx was hit again by the second round of DDoS attacks and this time, the attacker routed double the traffic rate (at 400 GB/s).
It was around this time, at approximately 4:30 AM EST on Friday morning that Bitfinex was also hit by a similar attack which has made the community to suspect a common attacker. According to Bitfinex’s status page, it seems the attack lasted an hour during which there was hardly any throughput on the website servers.
As of press time, both exchanges are reporting that the services are back to normal and none of their customers have suffered any direct financial losses.
“Today we were subject to a very sophisticated DDoS attack,” Bitfinex CTO Paulo Ardoino tweeted on Friday morning following the attack. “The entire @bitfinex team worked really hard to completely annihilate it in a short period of time. All funds remained safe during the whole attack and high-trading-performance is now fully re-established.”
A distributed service denial attack (DDoS) is basically an attack on a web property such as a website or web application in which an attacker sends a flood of fake traffic using either bots or a bunch of coordinated computers with the aim of overwhelming the servers.
Depending on the server settings and service agreements between the web property and hosting provider, the victim could end up offline in a severe attack.