Your Device And Your Power, My Bitcoin
This article was published on Forbes.com by HaloBlock’s founder and CEO, Song Li.
The dramatic fluctuation of cryptocurrency prices has reshaped the landscape of cybersecurity. Hardware and software engineers create programs and machines to compute cryptocurrencies, even as hackers try to harvest them as well. In this series, I will explain the cryptocurrency economy and how people are profiting in it.
A Brief Introduction To Cryptocurrency
The most famous cryptocurrency is Bitcoin. In its whitepaper, the creator(s) of Bitcoin, under the name Satoshi Nakamoto, described Bitcoin as a distributed database among computers participating that keeps track of ownership transitions among accounts. The transitions are recorded as blocks and the transition history is hashed and linked, forming a blockchain. All participating computers, or “nodes,” are supposed to use the longest blockchain as the history, which is the shared consensus. With the history data hashed and the majority of nodes agreeing to use the longest blockchain, it is mathematically hard to fake transactions or create a different transition history. This solid foundation enables Bitcoin and other cryptocurrencies to track the ownership and transitions of ownership. In other words, there is no physical coin — the entire database keeps track of ownership and the transitions of ownership of bitcoins.
To keep track of all transitions, Bitcoin’s network needs nodes to compute the hashes of transitions. Bitcoin’s network motivates nodes by awarding a given number of bitcoins to a node who calculates the hash that is “best” according to a standard. The more computing power a node contributes to Bitcoin’s network to calculate hashes, the better chance this node has to win the award. This is called proof of work (PoW). Other cryptocurrencies use different mechanisms such as proof of stake (PoS). Calculating hashes for a cryptocurrency network is also known as “mining.” Some believe the analogy comes from the fact that finding the best hash value in the vast mathematical space is similar to mining gold in the wild.
The Computing Power Arms Race
PoW turns bitcoin mining into a competition of computing power. With higher computing power, one can calculate more hash values and has a better chance to win the bitcoin reward. People build powerful machines to calculate at faster speeds. When bitcoin was first introduced, nodes running on laptops and PCs could mine bitcoin using their central processing units (CPUs). Later, computer clusters and cloud servers joined them, followed by field-programmable gate arrays (FPGAs) and graphics processing units (GPUs). Eventually, dedicated processing chips called application specific integrated circuits (ASICs) were created for the sole purpose of mining. The machines that use ASICs to calculate hashes are called miner machines, or miners.
Each miner consumes thousands of watts of power, which made power consumption the largest continuous cost for people trying to profit from mining cryptocurrencies. Companies build containers that contain hundreds of miners and ship them to places around the world where they can find low-cost electric supplies and good network connections. It is not surprising to find mining facilities colocated with data centers. To some extent, cryptocurrency mining facilities are data centers, except they are dedicated to one kind of computing: hashing.
When containers of miners are shipped to mining facilities and plugged into the grid, they need to become part of the entire cryptocurrency network. The miners are not talking to the cryptocurrency network directly. Instead, they talk to a website called a mining pool. The pool collects hashing jobs and distributes them to each miner and verifies whether the job was hashed correctly. The more miners connect to a pool, the more hashes this pool can calculate, and the better chance this pool will find the best hash value and be awarded the cryptocurrency. If a pool wins the award, all miners working for the pool will get a share.
A miner machine can connect to multiple pools. When a pool is not sending a hashing job to a miner, the miner can talk to other pools and get new hashing jobs. This gives miners a chance to distribute their computing power to different pools and not be blocked by a single pool.
Cryptocurrency Mining Costs
When mining for cryptocurrencies, there are three major costs that come into play:
1. Fixed costs such as hardware, land and building.
2. Maintenance costs like staff salary and network bandwidth.
3. Power cost.
Among the three, power cost is the most significant. Using Bitmain’s AntMiner S9 as an example, an S9 will draw 13,140kWh per year. If we use the national average power rate of 0.1262 USD/kWh, the annual power cost is $1,658.27. Other costs, such as land, building and maintenance costs, can be spread among each unit. Change in power cost is often the deterministic factor in whether a mining facility can make a profit.
To make profits, crypto miners are constantly seeking low power rates around the world. Attackers are also trying to offload the costs to other people. I will explain how attackers obtain cryptocurrencies without paying for the power, or the device.
Stealing Cryptocurrencies
Stealing cryptocurrencies is no different than stealing other currencies that can be circulated online. If the attacker has access to the account where the currency is transferring from or the attacker can convince the transfer process that his account is the destination, then the attack is successful. In my previous article, I explained that when a miner machine wins a Bitcoin, the award is contributed to the account. An attacker can reconfigure the miner machine to report its account as the attacker’s account, and all the awards for this miner machine will be deposited to the attacker’s account.
If the attacker has control over one device on the network connecting the mining pool and the mining facilities, the attacker can also perform a common trick called a man-in-the-middle (MITM) attack. The attacker can replace the reported miner account with his account when sending the data to the mining pool and become the beneficiary of the miner’s hard work.
Attacking a mining pool is just like attacking any website — when an attacker gains root access to a mining pool, moving the cryptocurrency between accounts becomes as easy as moving money across bank accounts. Mining pool accounts are not necessarily directly connected to the blockchain system. When a miner owner receives a bitcoin deposit in her pool account, she needs to check if the bitcoin is also deposited into her bitcoin wallet.
Stealing CPU Cycles And Power
Not every attacker in the cryptocurrency world has access to miner machines or routers along the way from mining facilities to mining pools, but attackers are never short of creativity. Some attackers focus on stealing central processing unit (CPU) cycles from internet of things (IoT) devices. In October 2016, the Mirai botnet launched its first well-known attack. Using hundreds of thousands of infected IoT devices, Mirai rendered the domain name system (DNS) servers from Dyn unaccessible by jamming the DNS servers’ traffic. While this kind of distributed denial of service (DDoS) attack made Mirai famous, most cybersecurity researchers believe the attacker(s) did not profit from this attack.
Attackers soon switched their focus from attacking servers and websites to using infected devices to mine cryptocurrencies. While the infected devices (mostly internet protocol (IP) cameras with weak default credentials) are not powerful enough to compete against application specific integrated circuits (ASIC) mining machines when it comes to mining bitcoins, attackers use those devices to mine other cryptocurrencies, and Monero is a popular choice, because it’s relatively easy to obtain and has a higher price than other cryptocurrencies.
Most owners of the infected devices are not aware of the fact that their devices are working for two owners. They are working as a camera, Wi-Fi router or printer for the people who bought them and plugged them into the grid and are simultaneously working for attackers who have root access to the devices, consuming the power and bandwidth of their owner and contributing cryptocurrencies to the attackers.
Another way of stealing CPU cycles is to infect popular websites with scripts that run on visitors’ browsers when they visit the website. When a visitor loads an infected webpage, the script starts to run inside the browser of the visitor’s computer, consuming CPU cycles and power to mine for cryptocurrencies.
Summary
In the first part of this miniseries, using Bitcoin as an example, I discussed how cryptocurrencies are created and how people built powerful computing machines in order to win the computing power arms race. I explained how miner machines are organized to mine bitcoin and share the profit. In this piece, I examined several ways cyber attackers can steal cryptocurrencies, either from different places in the mining ecosystem or by stealing power and device CPU cycles from infected IoT devices and converting them into cryptocurrencies.
By SongLi, Founder & CEO of HaloBlock.io
