Bitcoin Mining Pool Exposed Online via Telnet Ports, Could Be Generating $1 Million per Day
A security researcher has reported a mining pool of nearly 3,000 bitcoin miners exposed on the internet accessible via their Telnet port without password. According to some, this network of miners could be generating $1 million per day.
2,893 Bitcoin miners left exposed
Victor Gevers of the GDI Foundation, a non-profit organization that coordinates vulnerability disclosures, first reported yesterday that he has discovered 2,893 bitcoin "Thunder mining machines" left exposed online.
I see about 2,893 Chinese Bitcoin "Thunder mining machines" online which are accessible via telnet w/o any password. Is the GFW down? pic.twitter.com/pGuBJnld5i
— Victor Gevers (@0xDUDE) August 28, 2017
The security researcher says that the group appears to belong to the same organization. Based on information found on the exposed bitcoin miners, Gevers told Bleeping Computer that "the owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government."
Gevers first spotted this exposure when he was trying to secure internet connected devices running on default Telnet credentials following a massive online leak. One of the leaked IP addresses belonged to a bitcoin miner from where he discovered this 3,000 strong mining network. Gevers believes that most of the affected were ZeusMiner THUNDER X3 bitcoin miners and added that he has "proof of other visitors on the boxes where they tried to install a backdoor or malware."
According to a tweet where someone has tried to calculate how much this group could generate in a day based on what can only be called ideal conditions, we are looking at at least $1 million a day, mining Litecoin.
4) Then for all the machines accounted its ~$1,096,447 income per day
— Quan (@Quan66726078) August 29, 2017
While it may not be a million dollar job, the organization behind this pool did act fast to secure the exposed devices. Following his initial tweet, the group seems to have secured the exposed devices. "At the speed they were taken offline, it means there must be serious money involved," Gevers noted. "A few miners is not a big deal, but 2,893 working in a pool can generate a pretty sum."
While Gevers is still investigating what caused this exposure, he said that most of these are not available via Telnet anymore. "Just a few are left, and I am keeping an eye out for those."