Unplug the Bitcoin miner and do us all a favour: Antminer has remote shutdown flaw

‘Antbleed’ attack could crock 70 per cent of all mining. Time to try another flavour?


A new branded bug (sigh) has landed, specific to an ASIC-based Bitcoin miner: dubbed “Antbleed”, it allows remote shutdown of hardware sold by a company called "Bitmain".

Bitmain's Antminer cryptocurrency-mining hardware performs a start-up with a remote server, handing over MAC address, serial number and IP address – but as this site details, there's also a curious piece of code in the current firmware:

        if(strstr(rec,"false"))
            if_stop = true;

The upshot is described by the Antbleed site is that at each check-in (a random time between 1 minute and 11 minutes), the firmware expects a response “true” from Bitmain.

If the response is “false”, the device will stop mining Bitcoin – and that could be applied to any device, which the Antbleed site claims could be up to 70 percent of the global hashrate.

Not to mention that the information Bitmain collects is personally-identifiable, and as Bitcoin Magazine says, “mining is a small industry, so it shouldn't even be hard to connect the machine to specific pools, or blocks”.

Since the device runs an unauthenticated API, MITM, DNS or domain hijack attacks make it possible that third parties could exploit the same problem.

The Antbleed site suggests users force the API to treat localhost as the unit's connection to the Bitmain server (auth.minerlink.com) to block the issue – at least until the firmware is patched. ®


Biting the hand that feeds IT © 1998–2020