Bitcoin Mining Pool Exposed Online via Telnet Ports, Could Be Generating $1 Million per Day

Author Photo
Aug 30, 2017
14Shares
Submit

A security researcher has reported a mining pool of nearly 3,000 bitcoin miners exposed on the internet accessible via their Telnet port without password. According to some, this network of miners could be generating $1 million per day.

2,893 Bitcoin miners left exposed

Victor Gevers of the GDI Foundation, a non-profit organization that coordinates vulnerability disclosures, first reported yesterday that he has discovered 2,893 bitcoin “Thunder mining machines” left exposed online.

cryptocurrency-minerRelatedAll About Cash: Low Profits Don’t Deter Criminals from Using Your Mobile Devices for Cryptocurrency Mining

The security researcher says that the group appears to belong to the same organization. Based on information found on the exposed bitcoin miners, Gevers told Bleeping Computer that “the owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government.”

Gevers first spotted this exposure when he was trying to secure internet connected devices running on default Telnet credentials following a massive online leak. One of the leaked IP addresses belonged to a bitcoin miner from where he discovered this 3,000 strong mining network. Gevers believes that most of the affected were ZeusMiner THUNDER X3 bitcoin miners and added that he has “proof of other visitors on the boxes where they tried to install a backdoor or malware.”

cryptocurrency-minerRelatedGoogle Considers Adding a Permission to Block Cryptocurrency Miners Hijacking Browsers

According to a tweet where someone has tried to calculate how much this group could generate in a day based on what can only be called ideal conditions, we are looking at at least $1 million a day, mining Litecoin.

While it may not be a million dollar job, the organization behind this pool did act fast to secure the exposed devices. Following his initial tweet, the group seems to have secured the exposed devices. “At the speed they were taken offline, it means there must be serious money involved,” Gevers noted. “A few miners is not a big deal, but 2,893 working in a pool can generate a pretty sum.”

While Gevers is still investigating what caused this exposure, he said that most of these are not available via Telnet anymore. “Just a few are left, and I am keeping an eye out for those.”

Submit