Friday, March 13, considered to be an unlucky date across the globe, emerged true to its reputation for BitMEX, as the crypto exchange faced two DDoS attacks on the network at 02:16 UTC and 12.56 UTC. Fortunately, the exchange was quick to identify the attack and stop it before any greater loss. BitMEX tweeted on Tuesday that it has identified the root cause of the two DDoS attacks, and also published an entire report of investigation on its website.
We have identified the root cause of two DDoS attacks at 02:16 UTC and 12:56 UTC, 13 March 2020. For a full account of what happened and how we are responding, please refer to our blog: https://t.co/RS7YtX1xOD
— BitMEX (@BitMEXdotcom) March 17, 2020
The report was published by Arthur Hayes, co-founder and CEO of BitMEX, in which he stated that the DDoS attacks delayed or prevented requests to and from the platform, which resulted in disruptions to the users. He further added,
“At 02:16 UTC a botnet began a DDoS attack against the BitMEX platform. We discovered shortly afterward that this botnet had been responsible for a similar, yet unsuccessful, attack a month ago on 15 February. Based on our access logs, we believe the attackers identified their target in February, then waited for the moment their attack would make the most market impact.”
As per the report, BitMEX’s security team saw database CPU usage reach 100%, with 99.6% of that CPU IO wait, which they misinterpreted to be a hardware failure with their cloud provider.
“The DDoS caused the processing of messages in our API layer to slow down, delaying them from hitting our trading engine. Once the DDoS attack had been identified and stopped, the API was able to send messages to the trading engine without delay.”
Just a few hours after the first attack, BitMEX was attacked again, possibly by the same attacker(s), at 12:56 UTC; however, as the team was now familiar with the first incident, the impact of the second attack was subsidized considerably. A thorough investigation of the attacks showed that about 156 accounts were affected, to whom the platform made a total refund of 40297 XBT.
The company has confirmed that the personal and financial data of the affected accounts is absolutely safe, as the DDoS attack is not a hack, but a merely an attempt to slow down the system by overwhelming it with requests.