In 2019, amid the mining boom and active growth of cryptocurrency prices, hackers created new types of programs specifically for ASICs. They allow you to change the configuration and block the farm. Before buying new equipment, it is worth checking the asic for viruses. You should also regularly scan the farm, review settings to protect income from cybercriminals.
How a virus gets into an asic
Most often, miners themselves infect the equipment, downloading custom firmware to overclock the equipment. “The “discoverer” was H-Ant from an unknown programmer. Forums and thematic sites advertised a new firmware capable of overclocking Antminer S9 from 13.5 to 18 Th/s without increasing power consumption. It was downloaded more than 10,000 times.
At the same time, some users noted that the antivirus detected dangerous files, but still installed the software. Already after 5 minutes, the hacker program was accessing all the asics on the farm. In 2019, users received the message.
“Click on the “Download Firmware Patch” button to download an update with your specific ID, and simply restore it to regular Antminer firmware to get infected. You can move the computer on which the patch was updated to another computer room to complete the infection, or encourage others to use my software in a network group – or pay 10 BTC and I will stop attacking.”
Hackers also exploit vulnerabilities in official ASIC software and when connecting to pools. The virus penetrates through the network protocol and infects the farm.
In 2022, miners began to actively sell outdated and unprofitable equipment. At the same time, the first reports appeared that “Trojan” asics could be found on marketplaces. They already contain dangerous software, which, when connected to the network, spreads throughout the farm.
5020 $
bonus for new users!
ByBit предоставляет удобные и безопасные условия для торговли криптовалютами, предлагает низкие комиссии, высокий уровень ликвидности и современные инструменты для анализа рынка. Поддерживает спотовую торговлю и торговлю с плечом, а также помогает новичкам и профессиональным трейдерам с помощью интуитивного интерфейса и обучающих материалов.
Earn a 100 $ bonus
for new users!
Крупнейшая криптобиржа, где можно быстро и безопасно начать путь в мире криптовалют. Платформа предлагает сотни популярных активов, низкие комиссии и продвинутые инструменты для торговли и инвестиций. Простая регистрация, высокая скорость операций и надежная защита средств делают Binance отличным выбором для трейдеров любого уровня!
Types of viruses
Miners are faced with several types of viruses that differ in function. The most common is software that:
- Alters the ASIC configuration.
- Redirects profits to another wallet.
- Disables the download of new firmware and changes scripts, system binaries.
- Blocks access to the OS and stops mining.
Also in 2022, software similar to H-Ant in its mechanism of action appeared. However, it immediately and without warning turned off fans and overheating protection, causing farms to burn down.
How to check asics for viruses
To check an asic for viruses, you do not need special software, because in most cases, miners immediately notice oddities in the work of the farm. Signs of asics infection:
- Stratum addresses have changed to extraneous ones. Resetting the settings does not help: the alien address appears again. For example, stratum+tcp://scrypt.hk.nicehash.com:3333#xnsub.
- The hash rate of the device has decreased dramatically.
- The yield of the farm decreased.
- Hardware is not flashed with microSD, flash, and web packages.
- The firmware version does not change after an upgrade.
- LEDs on the control board are almost constantly lit or blinking every 7-9 seconds.
WinSCP program
This is a free SFTP client for Windows that is used to copy files between computers using secure protocols. It supports SFTP, SCP, SSH-1, SSH-2, and WebDAV connections. Miners use WinSCP to regain access to hardware and reflash infected devices.
| Pros | Cons |
|---|---|
How to cure ASIC
To get rid of hacker software, you will need 2 programs and no more than 20 minutes. Instructions on how to remove viruses from an ASIC using WinSCP:
- In the settings, select the SCP connection, specify the IP address of the ASIC and access data.
- Go to the /config folder and view it. If it contains bNminer.conf, it should be deleted.
- Open dropbear and replace the parameter in the NO_START= line with 0.
- Create a new directory in the /tmp folder and copy the unzipped firmware into it.
At further stages you will need PuTTy. In it you need to:
- Enter the IP ASIC.
- Connect to the devices.
- Write the commands:
- cd /tmp/123
- chmod +x runme.sh
- ./runme.sh
- reboot.
Measures to prevent infection
Because farms are rarely directly connected to the Internet, they are easy to protect from hackers. It is enough to follow the recommendations:
- Configure a firewall (firewall) – you need to prescribe strict rules so that asics can not interact with each other, and the “white” list of connections can include only the address of the pool. If a virus infects the board, the others will continue to work normally.
- Use an antivirus – it will warn about the detection of dangerous programs, automatically start quarantine and remove them.
- Do not install “left” firmware – the creators promise an increase in profitability by 50% or more. Before installing custom software, it is worth checking information about it on thematic forums, and if possible – ask experts about it.
- Check before installing a used ASIC – it is worthwhile to connect it separately, scan it with an antivirus and for a few days to see how it works. If there are no problems, you can connect the equipment to the main network.
Frequently Asked Questions
🔥 How do I properly connect my farm to the pool?
It is recommended to set up a connection through NAT only. The ASIC should not have direct access to the internet, and all unnecessary ports should be closed.
📌 Is antivirus required?
No. Miners often do not use such programs because they affect the power of the hardware. If you don’t install antivirus, you need to close all the ways of infecting devices and regularly check the settings, farm parameters.
📢 Why do I need quarantine?
After detecting dangerous software on one device, you should immediately enable quarantine. It will limit data transfer and prevent the spread of hacking software.
⚡ What are the additional degrees of protection?
In addition to antivirus, quarantine and firewall, it is advisable to create complex passwords. At the same time, there should be different combinations (at least 12-15 characters) for access to the router and asics.
✨ Which hash rate boosting firmware is safe?
It is recommended to use only trusted software such as VNish, Braiins OS or HiveON.
Is there an error in the text? Highlight it with your mouse and press Ctrl + Enter
Author: Saifedean Ammous, an expert in cryptocurrency economics.
