Man-in-the-Middle Attack

A man-in-the-middle (MITM) attack is one in which an attacker secretly relays — and possibly alters — communications between two parties who believe they are talking directly to each other. In the Bitcoin context, the most studied variant operates at the internet-routing layer: by hijacking Border Gateway Protocol (BGP) routes, an attacker can intercept the traffic flowing between nodes before it reaches its destination.

Routing attacks on Bitcoin

The 2017 ETH Zürich study Hijacking Bitcoin: Routing Attacks on Cryptocurrencies showed that because BGP does not authenticate route announcements, a malicious autonomous system can advertise forged IP prefixes and pull Bitcoin traffic through itself. From there it can mount a partitioning attack (splitting the network in two) or a delay attack (slowing block delivery to a victim by up to ~20 minutes). A real 2014 incident saw an attacker hijack routes to redirect mining-pool traffic and skim an estimated tens of thousands of dollars in coins.

Defenses

Block and transaction data are not encrypted by default in the legacy Bitcoin P2P protocol, which is what makes interception and tampering possible. Mitigations include opportunistic transport encryption (BIP-324), running nodes across multiple network paths and providers, using Tor or VPN diversity, and monitoring for sudden peer-connectivity changes. Crucially, a routing MITM cannot forge a valid signature or a valid proof-of-work — it can only delay, partition, or eclipse.

MITM interception frequently feeds an Eclipse Attack and complements a Sybil Attack at the network layer.