Bitcoin Core contributor James Hilliard has found a vulnerability in Bitmain’s Bitcoin Miner S15 firmware which could potentially let an attacker do anything they wanted to an exploited miner, Bitcoin Magazine reports. While the vulnerability has been found in S15 firmware, Hilliard is pretty certain it is not the only one. Hilliard refers to Bitmain’s firmware as "buggy," explaining it “is very poorly designed when it comes to security.”
Hilliard said Twitter user @00whiterabbit wrote an attack code testing the vulnerability. They wanted to show how dangerous the attack might be—the exploit allowed them to do whatever they wanted. They could modify the payout address, shut down the mining altogether, or replace the firmware. While an attack like that would be rendered difficult by a firewall, the possibility of the exploit remains.
Hilliard and @00whiterabbit offered to disclose the exploit to the Chinese mining giant under one condition—that the company would start complying with copyright law and open-source its firmware. Although Bitmain is under GNU General Public License, the company does not provide its users access to the code, in breach of the law.