Bitcoin Mining Pool Exposed Online via Telnet Ports, Could Be Generating $1 Million per Day


A security researcher has reported a mining pool of nearly 3,000 bitcoin miners exposed on the internet accessible via their Telnet port without password. According to some, this network of miners could be generating $1 million per day.

2,893 Bitcoin miners left exposed

Victor Gevers of the GDI Foundation, a non-profit organization that coordinates vulnerability disclosures, first reported yesterday that he has discovered 2,893 bitcoin "Thunder mining machines" left exposed online.

Cryptocurrency Mining Hardware Retailer Receives A Large Shipment Of PowerColor, Sapphire, & XFX AMD Radeon GPUs

The security researcher says that the group appears to belong to the same organization. Based on information found on the exposed bitcoin miners, Gevers told Bleeping Computer that "the owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government."

Gevers first spotted this exposure when he was trying to secure internet connected devices running on default Telnet credentials following a massive online leak. One of the leaked IP addresses belonged to a bitcoin miner from where he discovered this 3,000 strong mining network. Gevers believes that most of the affected were ZeusMiner THUNDER X3 bitcoin miners and added that he has "proof of other visitors on the boxes where they tried to install a backdoor or malware."

According to a tweet where someone has tried to calculate how much this group could generate in a day based on what can only be called ideal conditions, we are looking at at least $1 million a day, mining Litecoin.

NVIDIA Stockpiling RTX 3060s To Pit Against RX 6600 XT, AIBs Preferring Non-LHR RTX 3070 Dies To LHR Ones

While it may not be a million dollar job, the organization behind this pool did act fast to secure the exposed devices. Following his initial tweet, the group seems to have secured the exposed devices. "At the speed they were taken offline, it means there must be serious money involved," Gevers noted. "A few miners is not a big deal, but 2,893 working in a pool can generate a pretty sum."

While Gevers is still investigating what caused this exposure, he said that most of these are not available via Telnet anymore. "Just a few are left, and I am keeping an eye out for those."