The Latest Bitcoin Scandal, "Antbleed," Bitmain Exposed

‍

It was discovered that bitcoin mining devices might be remotely disabled due to faulty mining chips. This involves Bitmain, a contentious mining chip manufacturer, and a purported "backdoor" in the code that regulates its hardware. This would allow Bitmain to turn off the miners remotely. The critical question is whether or not the code, which was shared anonymously, may be misused in the worst-case scenario.

Chinese Bitcoin mining hardware manufacturer Bitmain had a "backdoor" discovered in it. The Antbleed backdoor was named after Bitmain's Antminer hardware, which was vulnerable to security flaws.

May Be Easily Validated

This flaw, known as Antbleed, may be easily validated because its source code is freely available. Before the reveal, a few were briefed on the code feature, and independent verification from engineers like Satoshi Labs CEO Marek Palatinus confirmed the existence of the back door and its ability to halt Bitmain miners on the trigger.

It is anticipated that hostile actors may exploit the vulnerability to turn off bitcoin mining equipment in bulk, which might have catastrophic effects on the ecosystem surrounding Bitcoin, given Bitmain's massive release of units onto the market.

Could Exploit This Flaw

A malicious actor, either inside or outside ofBitmain, could exploit this flaw and render the Bitcoin mining hardware manufactured by Bitmain useless. This finding has significant repercussions for Bitcoin. Bitmain has over 70% of the market share for application-specific integrated circuits (ASIC) chips, making it the dominant provider of Bitcoin mining computers worldwide. These chips control the Bitcoin network's security.

‍

In answer to a question, he explained that his group could be able to use the Antbleed problem to shut down 70 percent of Bitcoin's hash rate. As a possibility, this was mentioned.

Antbleed's "backdoor" can be reached with little effort. Bitmain's mining rigs are set up to connect to a centralized server once every minute and broadcast a wide variety of technical data. The IP address, MAC address, and serial number are all listed here. Bitmain may "cross-check" this check-in data against customer sales and delivery records, making the data personally identifiable, according to the Antbleed website.

Miner Will Stop Mining

Bitmain may keep a log of the serial numbers of the devices sold, including those that have been purchased by customers. Bitmain may suspect that a mining computer is stolen or fraudulent if the serial number and other information provided by the computer during its routine check-in do not match what the company has on file. According to the Antbleed documentation, the miner will stop mining if the remote service responds with the word "false" to a check-in request that was denied.

Bitmain owns Miner link, the coordinating service. Some of the services were implemented, even if they were never fully released.

‍

Even still, according to most sources, Bitmainor an external attacker could have identified and targeted individual devices for shutdown using the components of the service that were implemented. This backdoor threatens the profitability of Bitcoin mining and undermines Bitcoin's consensus-based design. Bitcoin miners vote on proposed protocol changes. 

Bitmain's Antminer series of Bitcoin miners have been the subject of new controversy over a claim made in the firmware that Bitmain can remotely shut them down. The same group that developed Antminer firmware also conceived and coded this feature. Since the firmware was designed to be publicly shared, the addition was never meant to do harm.

Result Of Multiple Occurrences

This occurred as a result of multiple occurrences in which miners employed by mining farms were kidnapped or stolen from by the mining farms' owners:

‍

• Somewhere about a thousand Antminers were hidden by a single hosting service provider in Shenyang, China, throughout the entirety of 2014.
•  A Georgia-based web hosting service company hid over 2,000 Antminers from their rightful owner in 2015.
•  It wasn't brought to Bitmain's attention in 2017 that its own miners were being held back and sold in Canada without its knowledge.

‍

Bitmain's recent change to its publicly available code base caused some backlash. Bitmain received strong criticism from the Bitcoin community after creating malware that might cripple 70 percent of Bitcoin miners.

Bitmain can monitor Antminer users' purchase and shipment data thanks to the Antbleed backdoor, a kind of firmware. Antbleed.com claims that the firmware's remote service may occasionally return"false," which prevents its miners from operating.

Has The Ability To Disable 70% Of Bitcoin Miners

Seventy percent or so of the global mining community uses Bitmain's Antminer to validate Bitcoin transactions. Therefore,Bitmain has the ability to disable 70% of Bitcoin miners instantly.

Bitmain issued an official statement on April 27 in response to community outrage over the discovery of the Antbleed malware.This is an excerpt from the report:

The same developers who created Antminer's firmware also worked on this feature. This function never had any malice in mind, as the firmware has always been freely available.

There is less weight on the motivations of the Bitmain team of developers. While the Bitmain development team likely had good intentions when they released the Antbleed firmware update, the fact remains that this update has made it possible for the vast majority of the Bitcoin mining community to cease operations in an instant would have a devastating impact on Bitcoin security.

‍

Bitmain swiftly reacted with a patch that completely removed the offending section of its mining firmware. More than that, its staff said the function was never completed despite the fact that it was designed to aid customers in reclaiming stolen miners, an issue that has historically plagued businesses in the sector.

Without the permission of the Antminer's owner,we had no intention of using this feature. It's very similar to the remote power down or erase function offered by the majority of major smart phone brands.

Recent discussions in the community have centered on whether or not the so-called "backdoor" may have been exploited for nefarious purposes, such as the disabling of a miner for not adhering to Bitmain's guidelines.

However, if Antbleed was created with the express purpose of spying on Bitmain's clients, it is unclear whether Bitmain can provide a plausible explanation for why it was activated. Bitmain designed proprietary firmware to monitor and manage its clientele and mining operations to consolidate power in the mining sector. Accordingly, it's absurd and nonsensical to claim that the Bitmain team's original goal was to improve Bitcoin somehow.

Security Analyst And Bitcoin Specialist Andreas Antonopoulos Elaborated:

I seriously doubt Antbleed intended any harm.It's a sign of wanting to have total control over your clients, and it's bothcareless and poorly executed.

Antonopoulos added that Bitmain's choice to update software that aims to centralize its customers and the mining business was dangerous and incompetent. He warned that "reckless implementation paired with the goal to control customers centrally is a hazardous thing in a decentralized system."

Unfortunately, this functionality was never finished. We've been working on this function since the Antminer S7 and planned to complete it for the Antminer S9. We aimed to improve it so that it would besome thing people would want to buy because of. Unfortunately, we ran into some technical issues and were unable to complete the development of this feature before we had to turn off the testing server in December 2016. Leaving the code in place before the functionality is finished and recognized by users is a defect. Some significant confusion has arisen in the Bitcoin community due to the recent mention of this bug in the scaling road map debate. The apologies come from us.

The affected models are as follows:

‍

• An Antminer S9
• The Antminer R4
• Antminer T9 — Short for "Antminer T9"
• Antminer L3
• Mining Device: Antminer L3+

Antminers produced by Bitmain come in a few different variants, but they all communicate with the same server on a regular basis. A solution for this fault is available in the form of altering the host list of vulnerable Antminer hardware so that it points at the device's local address instead of the flaw's original location. 127.0.0.1.

The politicization of bitcoin developments in recent times further complicates the situation. Bitmain has been at the center of bitcoin's continuing scaling conflict, opposing proposals released by members of the Bitcoin Core group. This argument has been going on for quite some time. For instance, the manufacturer was accused of using a secret mining advantage to raise their profits, which exposed the vulnerability.

Bitcoin Unlimited's principal scientist, Peter Rizun, put up the situation well in an interview with CoinDesk: Today's social media drama is on whether or not a security flaw exists that may be used by bad actors to take advantage of this remote-control functionality.

However, it appears that there are more backdoor concerns.

‍

As a result of the fact that mining chips can be utilized by harmful parties who are not affiliated with the company, the security of the network is now considered to be at risk. Since an open-source patch was made available on July 12, 2016, the machines have been programmed to communicate with a Bitmain server at a frequency of once every 11 minutes.

The concept is that the mining chip's serialnumber and Internet protocol address can be scanned by the manufacturer.

The fact that the code isn't restricted to a particular user base, making it vulnerable to attacks from any man-in-the-middle or even an attacker using the same DNS server, is a significant cause for concern.

Concerns concerning technological or political exploitation are further outlined on the Antbleed website, which states, "Even if Bitmain were not a malicious company, the API is not verified, which means that any MITM, DNS or domain hijacking might cause Antminers all around the world to stop working.

Backdoor Or Potential For "Malicious" Use?

Whether or not it was maliciously meant appears to be at the center of the discussion, and first reactions appear to be split along the lines of the scalability argument.However, there were many who went against the grain of the consensus.

However, based on the statement, it is incorrect to characterize Antbleed as malicious. As a matter of fact, it's a significant security risk.

Wang Chun, the operator of F2pool, added that he doesn't worry too much that miners in his pool may fall prey to Bitmain's manipulation.

Ex-CEO of Israeli mining chip manufacturer Spondoolies-Tech Guy Corem blamed "incompetence"and "negligence," rather than malice, for the scandal.

Continuing, he said, "It makes sense that they wanted to design such a feature, but it also makes sense that they didn't finish it and abandoned it." After that, he continued by discussing the history of Spondoolies Tech's issues with the theft of mining equipment. Freeknowledge?

Others have voiced fear that disclosing this vulnerability may allow malicious actors to exploit it.

While there are no hard statistics on how many miners use this software, Bitmain is a major player in the chip manufacturing industry. Some estimates claim the company is responsible for as much as 70% of all mining chips.

Not unexpectedly, this worries proponents of making the network "decentralized" and open to competition so that many actors can participate in it since the backdoor could be used to affect any of those chips.

It appears that the immediate effect will be to prompt Bitmain to examine the rest of its code base for security flaws.

Bitcoin is in danger because of the existence of ASIC Boost and Antbleed. Slush said, "I don't know if they're just incompetent or evil, but they're hazardous.

Bitmain's official reaction to the charges was that the business has never finished the Antbleed feature; Slush countered that the feature is, in fact, highly comprehensive.

A study of roughly 400 Bitcoin venture investment deals closed throughout the world since 2013 shows that investor interest has waned since its peak in 2015. It is uncertain how 2017 will play out for the sector. Because of the continuous discussion surrounding this code,we have decided to focus on rewriting specific sections in order to solve security gaps discovered by the community.

One thing, however, can be said with absolute certainty: the general adoption of Bitcoin is extremely unlikely to advance so long as severe technical debates and high-profile security flaws such as Antbleed continue to exist. Suppose the Bitcoin community does not learn to pick its battles more strategically as other blockchains continue to gain favor with developers and industry alike. In that case, it is possible that the Bitcoin community may fail in its drive to win universal adoption of Bitcoin.

We appreciate everyone who has helped us by reporting issues and making changes to our publicly available code.Furthermore, we'd want to use this occasion to reaffirm our faith in the open-source community and pledge our continued dedication to enhancing the robustness of our code and the thoroughness of our testing procedures.

‍