Bitcoin Mining Pool Exposed Online via Telnet Ports, Could Be Generating $1 Million per Day

Rafia Shaikh
bitcoin mining Coinbase
Cybercriminals Start Leveraging Bitcoin Popularity - Over 73% of All Bitcoin Sites Targeted

A security researcher has reported a mining pool of nearly 3,000 bitcoin miners exposed on the internet accessible via their Telnet port without password. According to some, this network of miners could be generating $1 million per day.

2,893 Bitcoin miners left exposed

Victor Gevers of the GDI Foundation, a non-profit organization that coordinates vulnerability disclosures, first reported yesterday that he has discovered 2,893 bitcoin "Thunder mining machines" left exposed online.

Related StoryJason R. Wilson
Unusual XFX Radeon RX 6700 XL 10 GB Graphics Card With Navi 22 XL GPU Pictured In The Wild

The security researcher says that the group appears to belong to the same organization. Based on information found on the exposed bitcoin miners, Gevers told Bleeping Computer that "the owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government."

Gevers first spotted this exposure when he was trying to secure internet connected devices running on default Telnet credentials following a massive online leak. One of the leaked IP addresses belonged to a bitcoin miner from where he discovered this 3,000 strong mining network. Gevers believes that most of the affected were ZeusMiner THUNDER X3 bitcoin miners and added that he has "proof of other visitors on the boxes where they tried to install a backdoor or malware."

According to a tweet where someone has tried to calculate how much this group could generate in a day based on what can only be called ideal conditions, we are looking at at least $1 million a day, mining Litecoin.

While it may not be a million dollar job, the organization behind this pool did act fast to secure the exposed devices. Following his initial tweet, the group seems to have secured the exposed devices. "At the speed they were taken offline, it means there must be serious money involved," Gevers noted. "A few miners is not a big deal, but 2,893 working in a pool can generate a pretty sum."

While Gevers is still investigating what caused this exposure, he said that most of these are not available via Telnet anymore. "Just a few are left, and I am keeping an eye out for those."

Share this story

Deal of the Day