Bitmain is the biggest mining equipment seller in the world. They produce the famous Antiminers which are the best miners on the market. They are also owning top mining pools for Bitcoin and Litecoin.
They are the ones who currently can decide what forks and what doesnt, due to all the mining power on both chains.
Today it was found out that in firmware from July 2016+ there is a backdoor which was called AntBleed by its finders.
Long story short - by using this API calls they can possibly disable some miners they dont want to be running (ie voting for different blocksize outcome than they want) or fully identify users and their IPs and MAC adresses.
To disable this all you have to do is edit host file for: 127.0.0.1 auth.minerlink.com so there is no callback to home on the checker.
The pastebin of backdoor code is here https://pastebin.com/jREuwQ8b so you can have a deeper look on how it works.
Follow, Resteem and VOTE UP @kingscrown creator of http://fuk.io blog for 0day cryptocurrency news and tips! |
---|
its confirmed from bitmain itself now. they are releasing patch for it.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Satoshi Nakamoto is rolling over in his hypothetical grave.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
beautiful ;)) wanted to answer with some funny image but nothing was good enough for this one-liner
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
If this is legitimate, it puts into question some very dangerous statements, I will be watching this story very closely, as I hope others do as well, good work on due diligence here Crown.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Certainly dangerous, but after looking at the code and what Bitmain has to say for themselves, I don't think this is anything other than sloppy coding. It was fixed fast and props to Bitmain for keeping their code open source.
https://steemit.com/cryptocurrency/@kyle.anderson/bitmain-antminer-backdoor-the-truth-behind-antbleed-bitcoin-attack
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Im sure over next days we will be hearing different things, hence if somebody can read code best if he checks himself. So far all sources claim this to be legit but i have put ? in the topic just in case.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Understood, also anyone who cares to share their findings on this topic pleases tag me in any way you see fit :) would be greatly appreciated.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
After looking at the situation (code myself) and the response from Bitmain this is certainly legit. Take a look here: https://steemit.com/cryptocurrency/@kyle.anderson/bitmain-antminer-backdoor-the-truth-behind-antbleed-bitcoin-attack
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wow, thanks for sharing! They have the full power to shut down anyone they don't want to mine. That's crazy and the definite opposite of "decentralized, free market"!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Good point.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
yeah its almost like the rich and powerful like centralized markets better........
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
meep
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Amazing. All the more reason to like governance models like proof of stake over "how much electricity can we destroy today?" Thanks for sharing.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I've just looked a bit into this.
I tend to believe that if it really was maliciously placed there, it would have been much more obfuscated - both code-wise and communication-wise. Any clever sysadmin will notice that the miner is having some kind of "call home"-functionality (as a sysadmin I do tend both to block outbound firewall by default and monitor attempts on getting through the outbound firewall). Hide the shutdown-message in the blockchain, and it would have been a lot harder to find.
Not saying that it isn't bad - it is bad, but it's quite clearly done out of stupidity, not maliciousity.
Comparing a DoS-vector with information-leaking bugs are also not much honest. Yes, it is bad, but it is not that bad.
The real WTF is that one single hardware vendor now has more than 50% of the bitcoin mining power. It is really time to realize that Proof-of-Work is probably not such a good idea after all.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I agree completely.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
#openhardwaremining the only solution
@bitworkers
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
That is so true, but because of capitalism lets hope for more companies getting skin in the game.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yes. And also people seem to have knowledge of what is open source software but the majority never heard of open hardware.
@bitworkers
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Genial
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I don't know what the truth it, nor am I knowledgeable enough to figure it out, but resteeming nevertheless (just a record of my position).
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
crown is killin it. im curious to know bitmains excuse for this travesty. have we gotten an official response yet? unofficial?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Official response discussed here:
https://steemit.com/cryptocurrency/@kyle.anderson/bitmain-antminer-backdoor-the-truth-behind-antbleed-bitcoin-attack
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
https://github.com/bitmaintech/bmminer/issues/7
This is really stupid; the way it is implemented it's really not useful for the stated purpose - but Hanlon's Razor is strong on this one.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Why I'm not surprised.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit