26 Apr '17, 8pm

The Antbleed Backdoor can shutdown up to 70% of Bitcoin mining power

The Antbleed Backdoor can shutdown up to 70% of Bitcoin mining power

The Antbleed Backdoor Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer. The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining. The patch was introduced here (pastebin) and can be seen in the source: here (github) How bad is it? At worst, this firmware backdoor allows Bitmain to shut off a large section of the global hashrate (estimated to be at up to 70% of all mining equipment). It can also be used to directly target specific machines or customers. Standard inbound firewall rules will not protect against this...

Full article: http://www.antbleed.com/

Tweets

Backdoor Code Discovered in Popular Bitcoin Mining Equipment

Backdoor Code Discovered in Popular Bitcoin Min...

bleepingcomputer.com 27 Apr '17, 10am

An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a r...

Backdoor Could Allow Company To Shut Down 70% o...

news.slashdot.org 27 Apr '17, 10pm

"An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a ...

Bitmain Can Remotely Shut Down Your #Antminer (...

bitcoinmagazine.com 26 Apr '17, 10pm

Major Bitcoin mining hardware producer Bitmain can remotely shut down almost all active Antminer machines. Dubbed the “Ant...

Also latest bitmain firmware fix calls home. sa...

reddit.com 29 Apr '17, 1am

Do not use URL shortening services: always submit the real link. Begging/asking for bitcoins is absolutely not allowed, no...

Bitmain Claims Antbleed Had No Malicious Intent...

cointelegraph.com 30 Apr '17, 3pm

Bitmain was caught up in a controversy surrounding its recent patch on its open source codebase. The Bitcoin community har...

Avoiding a shutdown is not enough [Commentary]

defensenews.com 25 Apr '17, 11am

This week, we can expect the usual “Will we avoid a government shutdown?” media stories, this time with a focus on the bat...