Skip to main content

Hong Kong Banks Targeted By DDOS Attacks, Bitcoin Payout Demanded

Op-ed - Hong Kong Banks Targeted By DDOS Attacks

On May 9, an international group of hackers launched distributed denial of service (DDoS) attacks on two of the largest financial institutions in Hong Kong. Hong Kong police confirmed that they have received reports from the Bank of China and the Bank of East Asia claiming that the hackers demanded payments in bitcoin.

“The two institutions later received emails demanding payments in bitcoins, or there would be another round of attacks,” a spokesman said.

According to The Standard Hong Kong, the hackers overwhelmed the websites of the two banks with traffic from multiple sources, causing irregular spikes in Internet traffic and forcing some of the websites’ resources to be unavailable.

However, both banks stressed that none of its data and customer accounts were compromised.

Finance Magnets reported that the Cyber Security and Technology Crime Bureau has classified the case as “blackmail” and has begun an investigation.

The attack imposed on the two banks is similar to the DDoS attacks launched on the official corporate websites of banks in China and Hong Kong, most notably the People’s Bank of China in late 2013. The investigators at the time believed that the attacks were a result of the issuance of new rules which prohibited financial institutions from dealing with bitcoin.

The State media reported that they believed “bitcoin fans” have initiated the attack, as a response to prohibiting the use of digital currencies in China.

The local media began to speculate that the recent attack initiated on the Bank of China and the Bank of East Asia might have been launched by a group of hackers known as DD4BC. The group is currently listed on Bitcoin Bounty Hunter and has attacked several websites, including Finnish Bitcoin wallet and exchange Bitalo and Bitcoin sports betting platform Nitrogensports.

“DD4BC threatens the Bitcoin Community with DDoS extortion, blackmailing and slander,” Bitcoin Bountry Hunter explained. “Famous Bitcoin services like and were attacked and blackmailed.”

The banks declined to release information of the emails received by the hackers and the amount of BTC demanded.

If the DDoS attacks are continuing, the two banks may lose up to $100,000 an hour, American Banker reports. AMR (American Banker Reports) stated that “the average bandwidth consumed by a DDoS attack increased to 7.39 gigabits per second, according to Verisign’s analysis of DDoS attacks in the fourth quarter of 2014.”

A few days have passed since the Cyber Security and Technology Crime Bureau began investigating the case, but the case hasn’t showed any progress.