Backdoor Could Allow Company To Shut Down 70% of All Bitcoin Mining Operations

An anonymous reader writes: "An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a remote backdoor affecting Bitcoin mining equipment sold by Bitmain, the largest vendor of crypto-currency mining hardware on the market," reports Bleeping Computer. The backdoor code works by reporting mining equipment details to Bitmain servers, who can reply by instructing the customer's equipment to shut down. Supposedly introduced as a crude DRM to control illegal equipment, the company forgot to tell anyone about it, and even ignored a user who reported it last fall. One of the Bitcoin Core developers claims that if such command would ever be sent, it could potentially brick the customer's device for good. Bitmain is today's most popular seller of Bitcoin mining hardware, and its products account for 70% of the entire Bitcoin mining market. If someone hijack's the domain where this backdoor reports, he could be in the position to shut down Bitcoin mining operations all over the world, which are nothing more than the computations that verify Bitcoin transactions, effectively shutting down the entire Bitcoin ecosystem. Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.

Re:Oh noes!?!?!

[Baron_Yam]

Stupid as it may be, as long as enough other fools believe in it, you can exchange your imaginary money for actual government-backed, widely accepted money or even goods.

And there are still enough Bitcoin idiots out there that we keep getting these posts on Slashdot - a forum where everyone should ideally be technically savvy enough to recognize Bitcoin as technological bullshit.

Re: Host files?

There's a commenter, APK, who comes into anything related to computer security on slashdot and spams about his Hosts Engine. The host engine he distributes has mixed reviews, but appears to function acceptably for those who use it, and he clearly means well. Which doesn't stop the fact that he's in ALL the threads, or was, until he and whipslash had a confrontation or discussion or something.

The fact that the summary explicitly asks for a hosts file based solution is, of course, the joke: it's being posted directly to the lion's den.

Re:Single points of failure abound in bitcoin

[JcMorin]

While that seems bad, it would be fixed without a few hours for most miners. The source code is open (even the mining software with remote stop code). Miners can freely recompile it and update it. There is also a simple dns trick to remove that domain and point it to 127.0.0.1 Don't worry, Bitcoin can't be shut down that easy and there is no single point of failure.