BTCC Suffers DDoS Attacks But Ignores Ransom Demands

BTCC image

Editor’s Note: A BTCC representative contacted CCN to note the reference to the Reddit post citing a ransom demand of 1 BTC is for a previous DDoS attack, not the current one. The article has been corrected.

BTCC, the Shanghai, China-based digital currency exchange, suffered a distributed denial of service (DDoS) attack, the company noted on Dec. 31, 2015, on Twitter. The attack hampered BTCC’s access to its APIs and other services for a period of time. It marks the most recent in a growing number of DDoS attacks demanding bitcoin ransoms, including one in November against CCN.

“Our website is under DDoS attack, which is hampering access to our APIs and other services,” BTCC tweeted on Dec. 31. “We are working quickly to resolve the situation.”

In referencing a previous DDoS attack faced by the exchange, BTCC received an anonymous email demanding “something like 1 BTC,” according to a Reddit post by an individual claiming to have received information from a BTCC project manager.

As of Jan. 2, BTCC did not post anything about the attacks on its website to cite its latest attack.

Attacker Makes Threats

The attacker said they would raise the ransom amount if payment was not received and the attacks would continue, the Reddit post noted.

When BTCC did not respond, a brief DDoS attack hit which was bigger than what BTCC expected: close to 10 Gbps. The company’s DDoS protection provider then contacted BTCC and said the attack was huge, and a higher fee was required to protect against such an attack.

BTCC increased its payment to its DDoS protection service.
Following the surprisingly large attack, the extortionist emailed BTCC again demanding 10 BTC immediately or to expect more attacks.

When BTCC failed to respond to this demand, another attack began that lasted several hours. When its servers suffered a partial loss of functionality, BTCC upgraded its servers.
Following the attack, the extortionist emailed again saying, the price was now 30 BTC.

BTCC Defenses Take Effect

Once again, BTCC did not respond and attacks resumed.
Attacks and threats continued for a while. However, the attacks did not disrupt BTCC’s networks for more than a few minutes following the upgrades. Eventually, BTCC stopped noticing attacks.

BTCC’s defensive measures appeared to take some wind out of the extortionist’s demands, as the next email said the payment was only 0.5 BTC.

When BTCC once again refused to pay, the attacker sent them an email asking them if they spoke English.

One Reddit comment suggested the DDoS attack could have been related to the industry debate over the block size.

Also read: PSA: Cryptsy down, claiming DDoS

CCN Offered A Bounty

On Nov. 23, 2015, CCN and its sister website, Hacked, suffered a DDoS attack and a ransom demand of 2 BTC to reveal “fatal security vulnerabilities” on the website. The extortionist also threatened to contact advertisers to advise them the websites were down.

CCN was able to mitigate the attacks by amping up its DDoS protection. The websites were down for a few hours.

CCN offered a 5 BTC reward to anyone who helped identify the extortionist in leading to a police report. CCN required: 1) the extortionist’s ID, 2) their address, 3) information about similar attacks on other sites, and 4) other relevant information.

In June, ProtonMail, an encrypted email provider, paid 15 BTC as ransom to stop a series of DDoS attacks. The incident was also believed to be a part of a wider to disrupt the encrypted email provider, the kind of service used by those embracing privacy and encryption.

Images from Shutterstock and BTCC.