Cryptocurrency attack due to BGP hijacking

Recently, there was an attack on Klayswap [1] believed to be due to BGP hijacking [2]. From the public data on routeviews, we can see that there were announcements for the hijacked IP ranges, for example: U|A|1643854199.000000|routeviews|route-views.wide|||2497||||2497 6461 9457|9457||| The weird part is that the path from AS6461 to AS9457 does not show up in any other routes. As far as I can tell from public information, there is no transit nor peering relationship between AS6461 and AS9457. As such, it seems likely a peer or customer of AS6461 was impersonating AS9457. I sent an email to Zayo's abuse email asking if they could provide any additional information but did not receive a response. If anyone has additional information, please reach out. Especially information about where the announcement may have originated. -- Andrew Wesie Theori, Inc. [1] [2]
participants (1)
Andrew Wesie