In what’s turning into a series of crypto exchanges with issues this month, Bitfinex and OKEx have both reported a distributed denial-of-service (DDoS) attack.
Just this morning (UTC time), Bitfinex took to Twitter to notify the user that they are investigating what seems to be a DDoS, sharing a status page for further updates on the matter.
A DDoS attack is used to flood a website from many different sources in order to disrupt the service and make it unavailable. It’s like intentionally crowding a shop from all sides, not letting actual buyers come in.
Paolo Ardoino, CTO at Bitfinex, told us that “the attacker tried to exploit concurrently several platform features to increase load in the infrastructure.” While they use a variety of different prevention mechanisms to guard against such attack, “the huge number of different IP addresses used and the sophisticated crafting of the requests towards our API v1 exploited an internal inefficiency in one of our non-core process queues, explains the CTO.
“The matching engine, websockets and core services were not affected by the DDoS attack. However, it was of paramount importance to speedily react in order to avoid any damage escalation. The decision to enter in maintenance was not due to the inability of the platform to resist, rather it was a decision taken in order to quickly bring in the countermeasures and patch for all similar attacks,” Ardoino concludes.
The problem seems to have been promptly resolved. Less than an hour later, Bitfinex stated that “all issues relating to the DDoS attack have now been resolved.” The platform has resumed the services an a “stricter protection level” has been implemented.
Ardoino said that “all funds remained safe during the whole attack and high-trading-performance is now fully re-established.”
An OKEx spokesperson told Cryptonews.com that the exchange “did experience a DDoS attack last night, in fact today as well.” The spokesperson added that, thanks to the technical support and monitoring, the situation “was properly handled within short period of time and no oversea client is impacted. We do not tolerate misbehavior and will continue getting well-prepared in protecting users.”
CEO of OKEx, Jay Hao, commented on the scale of the attack, saying: “We’ve detected a planed DDoS attack to our site, 200G yesterday & 400G just now.” He also said on his Weibo that this was a “large-scale DDoS attack” launched by the exchange’s competitors, apologizing to users for the inconvenience and stating that the team remains watchful.
Matthew Graham, CEO of the China-based advisory company Sino Global Capital, noted that there are rumors in China that the attack comes from another major exchange, but that he’s seen no evidence.
Meanwhile, futures and options trading were temporarily suspended on OKEx this morning in order to implement a system upgrade.
In regards to both exchanges being attacked in the same day, OKEx’s spokersperson said that they “wouldn’t say it is a coordinated attack with Bitfinex.” Bitfinex’s Ardoino wasn’t aware of an attack on OKEx, but said that there was “a level of sophistication that means a deep preparation from the attacker.”