Bitcoin exchange BTCC Technology, Ltd. had an interesting time over the new year when it was targeted by a Bitcoin-for-DDoS (Distributed Denial of Service) attack. But in a great story we don’t see often enough, the company held steady and won, complete with a hilarious ending.
The company first came under DDoS attack on December 31 when they received an email from an unknown source demanding they pay 1 Bitcoin ($430) in ransom or the attacks would escalate.
Having ignored the demand, on New Year’s Day BTCC was targeted with a 10 Gbps DDoS attack, the strength of which was not expected by the company’s DDoS mitigation service.
According to a post on Reddit, the DDoS protection provider said something along the lines of, “This thing is huge! You guys aren’t paying us enough for this!” so BTCC paid them more, and the site stayed up.
Naturally, as these things go, the second attack was followed by a new ransom demand by the hacker, who was now asking for a payment of 10 Bitcoin ($4,300) to prevent a further attack.
Instead of paying, BTCC just battened down the hatches waiting for the next attack.
Another, more intense DDoS attack of several hours then followed, causing BTCC’s servers to experience some performance issues, including a partial loss of functionality.
BTCC still refused to pay the ransom and instead upgraded their servers to cope even better with the increasing attacks.
Another ransom email demand was received, with demand for payment of 30 Bitcoins ($12,924) with the hacker adding, “We will keep these attacks up until you pay! … You had better pay up before you go bankrupt! Mwa ha ha!”
BTCC once again ignored the demand, and the attacks recommenced, complete with more demands for Bitcoin.
At this point, BTCC had ramped up their mitigation efforts so much that no matter how much traffic the hacker sent, it didn’t affect their service at all, to the point that the company stopped noticing many of the attacks as they usually failed to disrupt their networks for more than a few minutes after the upgrades they rolled out.
Around this point, despite his or her best efforts and multiple demands, the hacker gave up trying to take the site down, but not before sending one last, hilarious plea to BTCC.
“Hey, guys, look, I’m really a nice person. I don’t want to put you all out of business. What do you say we just make it 0.5 BTC and call it even?”
This email was, like those before it, ignored by BTCC, which resulted in one final email from the now disgruntled, losing hacker: “Do you even speak English?” and that was that.
Although DDoS attacks are serious business and not every company has the capacity to put into place defensive measures, sometimes a story just makes you want to smile.
BTCC 1 vs. hacker 0.