Slashdot Mirror

← Back to Stories (view on slashdot.org)

E-Sports League Stuffed Bitcoin Mining Code Inside Client Software

Posted by Soulskill on from the not-how-you-do-it dept.

hypnosec writes "The E-Sports Entertainment Association (ESEA) gaming league has admitted to embedding Bitcoin mining code inside the league's client software. It began as an April Fools' Day joke idea, but the code ended up mining as many as 29 Bitcoins, worth over $3,700, for ESEA in a span of two weeks. According to Eric Thunberg, one of the league's administrators, the mining code was included as early as April. Tests were run for a few days, after which they 'decided it wasn't worth the potential drama, and pulled the plug, or so we thought.' The code was discovered by users after they noticed that their GPUs were working away with unusually high loads over the past two weeks. After users started posting on the ESEA forums about discovery of the Bitcoin mining code, Thunberg acknowledged the existence of a problem – a mistake caused a server restart to enable it for all idle users." ESEA posted an apology and offered a free month of their Premium service to all players affected by the mining. They've also provided data dumps of the Bitcoin addresses involved and donated double the USD monetary value of the mined coins to the American Cancer Society.

20 of 223 comments (clear)

  1. Sounds handled fairly well by magarity · · Score: 4, Insightful

    Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.

    1. Re:Sounds handled fairly well by Anonymous Coward · · Score: 4, Insightful

      Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.

    2. Re:Sounds handled fairly well by girlintraining · · Score: 5, Insightful

      Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.

      ... After they were caught with their hand in the cookie jar, yes. Meanwhile, were I, a non-corporation, to do something like this, the FBI would be coming through my door with a bunch of dudes with shotguns for an enhanced "interview" over my connections to terrorism, money laundering, etc.

      So, my question is... whether intentional or accidental, it happened. That means it's a crime. So... where is the charge sheet, mmm?

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:Sounds handled fairly well by Anonymous Coward · · Score: 4, Insightful

      Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.

      So admitting wrongdoing, giving credit, and donating the money to a nonprofit is an "Extreme breach of trust"?
      How do you figure that?

    4. Re:Sounds handled fairly well by Anonymous Coward · · Score: 5, Insightful

      I figure that because it happened in the first place, which is completely inexcusable. What were they thinking? What's to say it won't happen again? You know that old saying from Tennessee, well, from Texas, but probably from Tennessee too: fool me once, shame on, hmm, shame on you, fool me... well, you can't get fooled again.

    5. Re:Sounds handled fairly well by Anonymous Coward · · Score: 1, Insightful

      Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?

    6. Re:Sounds handled fairly well by Goaway · · Score: 5, Insightful

      They hardly "admitted wrongdoing". They made up absurd stories about how it was all an April Fool's joke, and lied about how long it had been active and how much money they had made.

      (Consider this: Which part of this "April Fool's joke" was supposed to actually be FUNNY? It was installed in secret. If it was hidden from you, how were you supposed to laugh at it?)

    7. Re:Sounds handled fairly well by IndustrialComplex · · Score: 4, Insightful

      Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?

      There is a problem with your post. They didn't rob a bank. So it's not like that at all.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    8. Re:Sounds handled fairly well by Dunbal · · Score: 5, Insightful

      We're also supposed to take them at their word that only 29 bitcoins were mined. Sure they provided the dumps. How much are they holding back?

      --
      Seven puppies were harmed during the making of this post.
    9. Re:Sounds handled fairly well by Anonymous Coward · · Score: 4, Insightful

      They're making amends for getting caught. Consider: "Tests were run for a few days, after which they 'decided it wasn't worth the potential drama."

      They intentionally included the code. They were planning on continuing. The only reason they stopped is that the cons (user backlash, possible lawsuits) outweighed the pros (making money off of suckers). If their mining operation had been successful enough, they'd still be doing it now.

      Hell, even EA didn't hide the contents of their games. People buying the new SimCity knew it would be online only (and to a lesser degree people buying Dead Space 3 knew it would have microtransactions) and still bought it knowing they would be unhappy. The real shitstorm happened because EA didn't do enough QA or server stability tests, and it continues with in-game advertising. So, yes, there is a difference. EA committed gross ineptitude. ESEA committed borderline fraud. But, trust who you will with your credit.

    10. Re:Sounds handled fairly well by IndustrialComplex · · Score: 4, Insightful

      No, because this was not a bank robbery.

      You might as well say, "Because it's bad to damage streetlights, but fine to set fires?" The robbing a bank analogy just doesn't need to be applied because the situation doesn't require an analogy. Everyone on this site is capable of understanding the technical details of what they did, we don't need to obfuscate the problem by unnecessarily applying analogies.

      Besides, it didn't even TRY to include a car.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    11. Re:Sounds handled fairly well by Anonymous Coward · · Score: 2, Insightful

      I ask myself that every time I visit /. on April 1st.

      Exactly! April 1st is "Don't Read Slashdot Day".

  2. Computer Trespass by Peter+Mork · · Score: 5, Insightful

    This sounds an awful lot like computer trespass: coercing somebody else's computer into doing something on your behalf. If an individual pulled this stunt, he or she would be in prison.

    1. Re:Computer Trespass by ThorGod · · Score: 5, Insightful

      Yep, but instead the company involve just pays a fine. That's the only way companies pay for crimes...with dollars.

      Even if you're BP and you severely damage one of the world's oceans and kill an uncountable amount of wildlife and destroy whole ecosystems.

      --
      PS: I don't reply to ACs.
    2. Re: Computer Trespass by Anonymous Coward · · Score: 1, Insightful

      "Why does anyone go to prison over something so innocuous?"

      Because when a group of people plan and execute it this type of thing it's called conspiracy. What if it was a big company using your CPU cycles for processing data for a third party? How about a government (foreign or domestic) processing data about people for the purposes of spying?

      Is the difference the party stealing your CPU cycles, or what they are doing with it? If it was in the EULA would that make it OK?

      It's NEVER right to use YOUR computer without YOUR knowledge and YOUR approval.

    3. Re:Computer Trespass by whoever57 · · Score: 3, Insightful

      Modifying your analogy a little:

      You took your car to a repair shop. The repair shop used your car as a taxi for a day (using your gas and adding miles to your car).

       

      --
      The real "Libtards" are the Libertarians!
  3. 90C+ temperatures by Anonymous Coward · · Score: 0, Insightful

    Users vented their anger on the ESEA forums claiming that their video cards were maintaining over 90 celcius+ temperatures for extended period

    Aside from not opening the source code for their client, the ESEA handled this situation well.

    Your problems with your video card do not come from them. If you care about longevity and reliability, you need to stop overclocking your GPU and follow the manufacturer's instructions. By default, the hardware WILL shutdown if the virtual Tj reaches an unsafe level. If you disable that feature, don't cry when your card blows up. It could have easily happened while gaming.

    (I am an electrical engineer. All our products are tested up to 85C ambient temperature, at maximum load. We only use driver ICs with built-in protection from overtemperature, overcurrent, and short-circuit.)

  4. Re:Computer hacking... by Anonymous Coward · · Score: 3, Insightful

    The laws on the books aren't as clear as you think. "Hey, I didn't ask to mine BitCoins for someone else - what gives?!" is a logical user position, but I'm sure the license agreement that user agreed to upon installing basically gave them carte blanche to do whatever they wanted with his/her computer.

    Which would hold up in court - and are you sure enough to foot the bill for representation until (and possibly even if) you prevail?

    I'm not. I agree with you in spirit, but in this case their response was pretty classy.

  5. April Fools? Sure thing... by h8mx · · Score: 5, Insightful

    It began as an April Fools' Day joke idea

    How exactly does that work?

    "We were using your electricity and potentially damaging your computer for a whole month without your permission! APRIL FOOLS! Ha we got you good!"

  6. Don't forget the human victims by dutchwhizzman · · Score: 4, Insightful

    Several people died in the explosions on the drilling rig. However (un)important the damage to the economy and the wildlife is, no human being gets away with killing someone and getting convicted to "only a fine", but a company like BP does.

    --
    I was promised a flying car. Where is my flying car?