According to the latest findings, all AntMiner hardware belonging to the S9, L3, T9 and R4 series that was manufactured after July 11th, 2016 (or probably even earlier than that) is potentially in danger.
Bitmain – the company that manufactures those ASICs – created a backdoor (called Antbleed) in the firmware of the mentioned AntMiner models. It is still not clear what will they do with it, but the backdoor allows Bitmain to remotely shut down any AntMiner in a matter of seconds.
Those miners are owned by end users and since they comprise the 70% of actual Bitcoin mining hashrate, shutting them down could be a strategy Bitmain could potentially use against the mining network.
Besides that, this backdoor allows Bitmain to target specific miners; since the Antbleed constantly sends the miner serial number, MAC address and IP address to Bitmain, the company can have an idea on who is the owner of each miner.
Now, even if Bitmain intentions are not malicious, the backdoor remains open for hackers and hijackers, potentially allowing them to attack all the vulnerable AntMiners globally. One command line is enough to shut them all down at once.
The backdoor was discovered two days ago by examining the source code of the latest firmware.
Is There a Remedy?
There is a way to protect your miner. While using a common firewall won’t make a difference, you can go to /etc/hosts on the device and add the following line:
According to antbleed.com, “This will cause the Antminer to connect to your own local machine bypassing the check-in with Bitmain”
You can check this website for further details: http://www.antbleed.com/
What do you think?
Thank you for reading. As always, your comments, suggestions and questions are welcome.
Subscribe and stay tuned for further updates!