Bitmain is the biggest mining equipment seller in the world. They produce the famous Antiminers which are the best miners on the market. They are also owning top mining pools for Bitcoin and Litecoin.
They are the ones who currently can decide what forks and what doesnt, due to all the mining power on both chains.
Today it was found out that in firmware from July 2016+ there is a backdoor which was called AntBleed by its finders.
Long story short - by using this API calls they can possibly disable some miners they dont want to be running (ie voting for different blocksize outcome than they want) or fully identify users and their IPs and MAC adresses.
To disable this all you have to do is edit host file for: 127.0.0.1 auth.minerlink.com so there is no callback to home on the checker.
The pastebin of backdoor code is here https://pastebin.com/jREuwQ8b so you can have a deeper look on how it works.
Follow, Resteem and VOTE UP @kingscrown creator of http://fuk.io blog for 0day cryptocurrency news and tips! |
---|
its confirmed from bitmain itself now. they are releasing patch for it.
Satoshi Nakamoto is rolling over in his hypothetical grave.
beautiful ;)) wanted to answer with some funny image but nothing was good enough for this one-liner
If this is legitimate, it puts into question some very dangerous statements, I will be watching this story very closely, as I hope others do as well, good work on due diligence here Crown.
Certainly dangerous, but after looking at the code and what Bitmain has to say for themselves, I don't think this is anything other than sloppy coding. It was fixed fast and props to Bitmain for keeping their code open source.
https://steemit.com/cryptocurrency/@kyle.anderson/bitmain-antminer-backdoor-the-truth-behind-antbleed-bitcoin-attack
Im sure over next days we will be hearing different things, hence if somebody can read code best if he checks himself. So far all sources claim this to be legit but i have put ? in the topic just in case.
Understood, also anyone who cares to share their findings on this topic pleases tag me in any way you see fit :) would be greatly appreciated.
After looking at the situation (code myself) and the response from Bitmain this is certainly legit. Take a look here: https://steemit.com/cryptocurrency/@kyle.anderson/bitmain-antminer-backdoor-the-truth-behind-antbleed-bitcoin-attack
Wow, thanks for sharing! They have the full power to shut down anyone they don't want to mine. That's crazy and the definite opposite of "decentralized, free market"!
Good point.
yeah its almost like the rich and powerful like centralized markets better........
meep
Amazing. All the more reason to like governance models like proof of stake over "how much electricity can we destroy today?" Thanks for sharing.
I've just looked a bit into this.
I tend to believe that if it really was maliciously placed there, it would have been much more obfuscated - both code-wise and communication-wise. Any clever sysadmin will notice that the miner is having some kind of "call home"-functionality (as a sysadmin I do tend both to block outbound firewall by default and monitor attempts on getting through the outbound firewall). Hide the shutdown-message in the blockchain, and it would have been a lot harder to find.
Not saying that it isn't bad - it is bad, but it's quite clearly done out of stupidity, not maliciousity.
Comparing a DoS-vector with information-leaking bugs are also not much honest. Yes, it is bad, but it is not that bad.
The real WTF is that one single hardware vendor now has more than 50% of the bitcoin mining power. It is really time to realize that Proof-of-Work is probably not such a good idea after all.
I agree completely.
#openhardwaremining the only solution
@bitworkers
That is so true, but because of capitalism lets hope for more companies getting skin in the game.
Yes. And also people seem to have knowledge of what is open source software but the majority never heard of open hardware.
@bitworkers
crown is killin it. im curious to know bitmains excuse for this travesty. have we gotten an official response yet? unofficial?
Official response discussed here:
https://steemit.com/cryptocurrency/@kyle.anderson/bitmain-antminer-backdoor-the-truth-behind-antbleed-bitcoin-attack
Genial
I don't know what the truth it, nor am I knowledgeable enough to figure it out, but resteeming nevertheless (just a record of my position).
https://github.com/bitmaintech/bmminer/issues/7
This is really stupid; the way it is implemented it's really not useful for the stated purpose - but Hanlon's Razor is strong on this one.
Why I'm not surprised.