A vulnerability in Bitmain firmware could deprive miners of their bitcoin

Mining • February 21, 2019, 1:00PM EST
UPDATED: February 21, 2019, 11:59AM EST
The Block

Bitcoin Core contributor James Hilliard has found a vulnerability in Bitmain’s Bitcoin Miner S15 firmware which could potentially let an attacker do anything they wanted to an exploited miner, Bitcoin Magazine reports. While the vulnerability has been found in S15 firmware, Hilliard is pretty certain it is not the only one. Hilliard refers to Bitmain’s firmware as "buggy," explaining it “is very poorly designed when it comes to security.”

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Hilliard said Twitter user @00whiterabbit wrote an attack code testing the vulnerability. They wanted to show how dangerous the attack might be—the exploit allowed them to do whatever they wanted. They could modify the payout address, shut down the mining altogether, or replace the firmware. While an attack like that would be rendered difficult by a firewall, the possibility of the exploit remains.

Hilliard and @00whiterabbit offered to disclose the exploit to the Chinese mining giant under one condition—that the company would start complying with copyright law and open-source its firmware. Although Bitmain is under GNU General Public License, the company does not provide its users access to the code, in breach of the law.

More by Carol Gaszcz