At 11:05 UTC on April 24, 2018, a small hosting company in Columbus, Ohio, began announcing to the internet's core routers that it was the rightful destination for traffic meant for Amazon Web Services. The routers believed it. They had no reason to do otherwise. The Border Gateway Protocol, designed in 1989 for a network of cooperative academic and government institutions, simply has no built-in mechanism to verify that a network actually controls the addresses it claims. That trust assumption was accurate for the internet BGP was built for. The internet changed. The protocol stayed.
For roughly two hours, DNS queries intended for Amazon's Route 53 service were redirected to a machine serving fake responses, sending visitors of the cryptocurrency wallet MyEtherWallet to a phishing site. About $150,000 in cryptocurrency was stolen. The wallet receiving the funds already held approximately $27 million. Every piece of software involved functioned correctly. eNet (AS10297) announced more-specific routes for Amazon's address space. Its peers, including 1&1 Internet SE, accepted the announcement and passed it along. Cloudflare's resolver in Chicago, Sydney, Bangkok, and Manila all received the bad route. Had a handful of transit providers implemented basic prefix filtering, the hijack would have gone nowhere.
The pattern keeps surfacing. In March 2022, Russian telecoms attempted to block Twitter domestically by black-holing its traffic through a BGP hijack. The hijacked route leaked beyond Russia's borders, briefly disrupting Twitter for users who had nothing to do with Russian censorship policy. In July 2022, Rostelecom misdirected traffic meant for a portion of Apple's network for twelve hours. Whether that was intentional remains disputed. In every case, BGP operated exactly as designed. The protocol trusts what it's told.
After the 2018 MyEtherWallet attack, Amazon published Route Origin Authorizations for its address space, cryptographic signatures that let other networks verify who should be originating those routes. That response became part of a broader push toward RPKI, the Resource Public Key Infrastructure. The aggregate numbers look encouraging. The per-network reality is different.
| Metric | Value |
|---|---|
| IPv4 routes with RPKI signatures | Over 50%, up from 6% in 2017 |
| Tier-1 backbone providers filtering invalid routes | 16 of 17 |
| Individual networks fully protected | ~6.5% of autonomous systems |
The tier-1 deployments cast a long protective shadow over downstream networks, improving aggregate metrics without reflecting widespread voluntary adoption.
And the patches have a known ceiling. RPKI validates who originates a route. It says nothing about the path traffic takes to get there. In August 2022, attackers targeting the Celer Bridge cryptocurrency service forged an AS path that included Amazon's network number as the origin, defeating RPKI validation entirely. The next layer of patches would address path validation. They would also require their own global coordination effort, inheriting the same adoption dynamics as the layer beneath them.
Each patch closes the window for architectural replacement a little further. The workaround accumulates its own dependencies, its own organizational investments, its own constituency that resists displacement. The original trust assumption, designed for a network of a few hundred cooperating institutions, continues to operate underneath everything. The assumption held for the network BGP was built for. The network became something else.