Antminer in China Particularly Attacked by Virus hAnt for BTC Ransom
For the past few months, a “ghost” has been haunting Chinese bitcoin miners. A mysterious hacker has implanted a virus in mining machines for bitcoin ransom or inducing more to get infected, according to a report by local crypto media Yibenchain.
hAnt – hacking Antminer
Citing a bitcoin miner under the pseudonym cC, on the evening of Jan 5, his miners management interface suddenly turned green with an ant in the middle and mining pickaxes on both sides. Click the green screen, a message would pop out reading (in both English and Chinese)
Image credit to Yibenchain
“I am hAnt! I continue to attack your Antminer. As long as you spread the infected machine, my server verifies that there are 10 new IPs and the number of antminers reaches 1,000. I will stop attacking you! Otherwise I will turn off your antminer’s fan and overheat protection, which will cause you to burn your machine or will burn the house.
Click the ‘Diwnload firmware patch’ button to download the firmware patch with your specific ID. Just update it to your normal Antminer to get infected.
You can bring the machine that updated the patch to another computer room to complete the infection, or induce others to use the firmware patch in the network group.
Or support 10 BTCs, I will stop attacking.”
The virus name – hAnt – seems to suggest that it is particularly hacking Antminers. Mining pool BTC.Top founder Jiang Zhuo’er told us that they had been tracking it for a long time. According to data he has collected, the virus has once been detected in Antminer bitcoin miner S9, T9 and even litecoin miner L3+. It is a Linux based virus, which could be on your PC, antminer if anywhere.
The hacker threatens to burn the mining machine even the house if miners reject to spread the virus or pay 10BTC ransom. In fact, few would do so since it’s not difficult to fix the infection. According to cC, The first solution is to format the SD card of the infected miners, that means to flash a new operating firmware, but it takes long time – almost 4 days, during which the breakdown of his machines has lost him thousands of yuans; if it doesn’t work, mining operators can further replace the byte library and the control panel, or even sell the machines.
Overclocking firmware the culprit
According to Jiang, it is very likely that the virus comes from an overclocking firmware released by an anonymous source.
Many miners would like to overclock their mining equipment to boost the hash power, taking Antminer S9 for example, its hash power could increase by 33.33% from 13.5T to 18T by simply overclocking the firmware. While their power consumption and heat would also spike in the meanwhile, which may shorten these dosed miners’ lifespan. In this context, overclocking firmware is not encouraged by most miner makers, instead, it is often developed by some individual players.
This makes a miner vulnerable to infection by hackers, for firmware is a program written into the hardware, much underlying than the operating system. If the firmware carries a virus, hackers can do whatever they want with the miners.
“Infected miners continue to spread the virus furtively instead of having an immediate breakdown this time. The hacker to some extent controls the onset of the virus. ” In the view of Jiang Zhuo’er, the villain behind the incident is very cunning.
He analyzed technically the virus developer should not be a Chinese, but the overclocking firmware carrying virus is mainly spread through the domestic Baidu Wangpan, a cloud service provided by Baidu.
“It suggests two possibilities – the hacker is deliberately targeting China where bitcoin mines are concentrated; Second, Chinese miners inadvertently helped spread the virus before they realized the overclocked firmware was infected.” said Jiang.
How to prevent it
“Avoiding installing third-party firmware of unknown origin and regularly changing the login password of routers and miners may be the best way for miners to prevent virus infection.” Jiang suggested.
The virus has so far been evolving into many variants. “The latest variant can even monitor miners change their passwords and record the new ones.” What makes the miners most angry is that the timing chosen by the hackers is often impossible for them to take actions effectively, such as surreptitiously switching the mining address into the hacker’s account in late night; Some hackers only target certain machines, stealing a few hours’ hash power a day, really hard for miners to notice. While the few hours could bring the hacker 2,400 yuan ($355) by hijacking the hashpower from a bitcoin mine holding 4,000 mining machines.
The event again raised bitcoin players’ concerns about hackers lurking in the shadows. There are even worries about whether the bitcoin network could collapse completely in a sudden attack by hackers.
“It’s hard to see that happening. The hash power of bitcoin network is still highly decentralized with numerous mines, it’s quite difficult for hackers to just figure out the network location of these mines.” Said Mr Jiang.
The decentralization of bitcoin has built an ecosystem with unshakable stability across the network despite those tricky hackers.
Big Hi there, this is Lylian, an editor with 8btc. Interested in new stuff going on around the world. Get the latest Chinese policies on blockchain and cryptocurrency for you...
COMMENTS(12)
Trick or treat in #crypto mining? #hAnt virus detected particularly in #Antminers, overclocking firmware be the culprit. check out your #cryptominers or PCs based on Linux system
emhttps://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom …
@BITMAINtech not providing up to date firmware/cgminer/bmminer source code(they are legally supposed to do so) makes problems like these worse by making it more difficult for other developers to fix their security bugs https://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom ….
you hardware from communist, you take the risk
hAnt, a virus spreading to bitcoin miners, mainly in China, demands a ransom of 10 BTC or it overheats the rig. According to this report, it takes four days to fix the problem—or you can just sell the miner!https://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom …
i’ve said for years that bitcoin is a standing pentest bounty.https://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom …
Shit. https://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom … HT Eric Meltzer
Zooko, don’t block me this time.
I love your foodtakes.
But… In the name of decentralisation. Please consider Equihash 144.5. I’m the first one to switch my miningrig. Promise.
Well that’s no good.
Hackers target Bitcoin miners with sophisticated digital to analog attackhttps://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom …
This style of attack most closely resembles stuxnet, which targeted programmable logic controllers in nuclear centrifuges
https://en.m.wikipedia.org/wiki/Stuxnet
Looks like something like Titan.io would have solved that also.
This is why one reason of why we have been building MinderOS:https://news.8btc.com/antminer-in-china-particularly-attacked-by-virus-hant-for-btc-ransom …
Please sign in first