Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem

We present an empirical investigation into the prevalence and impact of distributed denial-of-service (DDoS) attacks on operators in the Bitcoin economy. To that end, we gather and analyze posts mentioning "DDoS" on the popular Bitcoin forum bitcointalk.org. Starting from around 3 000 different posts made between May 2011 and October 2013, we document 142 unique DDoS attacks on 40 Bitcoin services. We find that 7% of all known operators have been attacked, but that currency exchanges, mining pools, gambling operators, eWallets, and financial services are much more likely to be attacked than other services. Not coincidentally, we find currency exchanges and mining pools are much more likely to have DDoS protection such as CloudFlare, Incapsula, or Amazon Cloud. We show that those services that have been attacked are more than three times as likely to buy anti-DDoS services than operators who have not been attacked. We find that big mining pools (those with historical hashrate shares of at least 5%) are much more likely to be DDoSed than small pools. We investigate Mt. Gox as a case study for DDoS attacks on currency exchanges and find a disproportionate amount of DDoS reports made during the large spike in trading volume and exchange rates in spring 2013. We conclude by outlining future opportunities for researching DDoS attacks on Bitcoin.