Once ASIC devices for mining became more popular, the attackers have also raised their awareness. Although it is not easy to attack well-protected devices directly, it is quite possible to do so through the loopholes of unauthorized firmware that users tend to install in order to improve the performance of devices. Re-flashed ASICs often become targets for attacks aimed on stealing hashpower. Devices infected with malware send hackers the rewards earned by mining labor. This method is much more profitable for criminals than stealing from wallets (since they are better protected and it is more difficult and much more expensive to steal assets from them). Therefore, there is every reason to believe that the number of attacks on miners will grow in the near future.
The popularity of ASIC devices for mining is growing. For users, their advantages are obvious, and therefore, after experimenting with video cards, more experienced enthusiasts usually choose to work on ASICs. Miners love their compactness: sharpened for a specific coin, they are much less bulky than GPU rigs. They are much easier to maintain and install: just take it out, plug it in, and start using it.
And even in those days when the sky was bluer, the grass was greener, the networks for mining coins were simpler, and mining rewards were much higher, with the help of ASICs it was easier to earn and cover the expenses. However, both now and then, one of the main problems of ASICs is the rapid obsolescence of models. Manufacturers are trying to make devices better and faster, and as a result, new models often outperform earlier ones by 50 percent in power, sometimes even more. It is difficult to buy a new device, since they fly out on the market quickly, and it is almost impossible to sell the old ones. So what’s the solution? Enthusiasts start looking for a way out and try to upgrade their devices, improve factory settings by flashing them for better results. Sometimes it works. Improved ASICs perform just as good as new ones — the owner is happy.
When the Improved Is the Enemy of the Good
What are the advantages of customized ASIC firmware? First of all, it allows you to increase the performance of the device (the hashrate and mining profitability increases) and the number of available pools. Also, it offers more settings to the owner in comparison with the official firmware of the device. Besides, you can reduce the noise level (optional, not recommended when installing a boost firmware on an ASIC). Additionally, improved firmware allows you to reduce the power consumption of the ASIC, which affects the cost of the coins you mined.
But, of course, these bonuses have a negative side. The warranty for the miner is lost and you are facing more risks that can disable the device. In addition, you can download “crooked” software that does not work correctly. And this is especially important from the point of view of device security.
But how do attackers gain access to devices? Thanks to the same unauthorized firmware that is installed by the owners of rapidly aging ASIC models. This software can be purchased on various forums, in virtual groups, even on Craigslist. And by purchasing this software you’re opening the “Pandora’s box” on your device or even on your farm. The thing is that often those are not single miners with a couple of devices that “indulge” in flashing, but advanced enthusiasts who have more than a dozen devices at their disposal. And this works in the favor of hackers since they usually act through extortion. As it was, for example, at the beginning of 2019, when malicious firmware was widespread, offering to overclock the Antminer S9 from 13.5 to 18 TH/s. When a user installed such software, the hAnt Trojan was immediately activated, and they received a message demanding a ransom in the amount of 10 BTC otherwise risk infecting other 1000 devices with malware. In case of disobedience, the owner was threatened with overheating of the device (the network of devices) and incapacitation.
According to the Chinese publication Yibenchain, among the companies most seriously affected by the ransomware attack was the mining company BTC.Top, where hAnt infected 4,000 rigs in a matter of minutes. Reports of similar incidents have come and continue to come in large numbers from China, from the owners of Antminer S9 and T9 devices for mining bitcoins, as well as Antminer L3 for mining Litecoin. In some cases, Avalon Miner equipment can also be infected. And yes, their main source of infection is unauthorized firmware.
This type of malware is getting more sophisticated and reaches more devices. After installing the modified firmware “by hackers”, the Trojans quickly spread to other devices, and then you have to restore each one individually by hand. ASIC S9 firmware in this case takes much longer than automatic virus scanning and treatment.
Economy of Firmware
Is it really more profitable to reflash devices and increase the life and power of the device than to leave the firmware from the manufacturer? According to Dmitry Shuvaev, Development Director at BitCluster, the profitability of a device for mining BTC s17–73Th /s in Russia is now about $100 per month (at an electricity price of $0.046 per kWh). More details about the profitability of different ASIC models can be found here. The bitcoin rate is constantly changing, but today, even in good times, profit from one device rarely rises above $260-$400 per month.
By how much can you increase income using custom firmware? For example, Braiins, a maker of autotuning software called Braiins OS +, which already supports Antminer S9, S9 and S9j devices, and in the long term — Antminer S17, promises that this firmware can potentially increase device performance by 20–30%. If you take the average amount of income of $260 from one device, such an upgrade will allow the owner to receive $40-$50 of additional income.
If we compare this with the amount that ransomware hackers usually demand, or even with the average cost of one ASIC (about $2,000), the benefits look exaggerated.
For the owner of a mining farm, flashing may seem like a profitable business. If there are 1000 devices on the farm, then the additional income can reach 1000 * 52 (20% of $260 rubles) = $52,000 per month. However, keep in mind that your farm gets infected and at least 5% of the equipments gets disabled, the cost of purchasing new ASICs will be much higher.
After all, it is often impossible to recover devices, you have to change the control board. Replacing the control board for the Antminer S17 device can cost at least $130 -$160. It is not difficult to calculate that a serious infection of 40% of the farm will lead to the loss of $52,000 only for repairs, add the costs of downtime of infected and healthy miners (to localize the problem and exclude the possibility of the epidemic to continue, as well as start working — with a positive outcome, approximately a week (7 days * $11,000 of daily income from the entire farm), and we will get a number that clearly exceeds the monthly excess income from using the firmware.
Mining device manufacturers are actively working to improve the security situation. In particular, they improve the arsenal of protection for their products and make life as difficult as possible for the fans of flashing (for some devices this option is not available). This strategy looks very viable, since after a while, ASICs will replace other devices for mining, and this will have a positive impact on the development of the industry. According to a study by the University of California at Santa Barbara presented at the Unitize 10 conference, a full transition to ASIC miners for Bitcoin mining in the future will help increase the cost of a 51% attack to 2,000 times, thereby increasing network security. Analysts have found that in order to carry out a profitable 51% attack on the Bitcoin network after the next halving, attackers would need from 157,000 to 530,000 BTC if all Bitcoin mining is carried out by ASIC miners.
However, between the two main approaches — “exclude other manipulations, except for installing devices with factory firmware” and “try innovative approaches of third-party firmware manufacturers”, there is another one that we see as optimal. CoinFly advocates centralized device management. This approach allows, instead of overclocking ASICs with third-party firmware, to optimize the work in terms of administration, namely, to manage ASIC, i.e. remotely enable/disable, etc while saving the factory firmware. It’s not only about seeing statistics, which, by the way, is available in the personal account of almost any pool.
The basic steps required to effectively manage your farm are difficult to accomplish by accessing each device individually. You can get completely different results if you combine the entire farm into a local network and connect all devices to the control panel via VPN through a single web interface. This makes it possible to create a network “tunnel” — an encrypted communication channel where the commands can be issued from the COS infrastructure to devices on the farm. The administrator will have access to all the functions of the official ASIC firmware, the owners of the farm will retain the manufacturer’s warranty and protect themselves from intruders. In addition, having access to temperature data, in the future we can create virtual racks with virtual ASICs installed and display which ASIC has failed on a map.
On a final note, while your devices are under warranty and bring good income, we recommend not to “improve” them at your own risk and not try working on them with a screwdriver. But if you’re dying to start doing something with your devices, wait until they become obsolete. Frankly speaking, nobody can guarantee that installing third-party firmware is ever a good idea.