BitMain — the leading Bitcoin mining hardware manufacturer was all over the news yesterday following the discovery of a security flaw, named Antbleed. The increased negative publicity and concerns among the cryptocurrency mining community have forced BitMain to apologize publicly and offer a background about the Antbleed issue.
According to the company, the “so-called” security flaw was supposed to be a feature in development which didn’t see the light of the day. The feature that allows owners (and possibly others) to shut down the miners remotely was introduced to offer users with greater control over the platform. But it was never completed after the development team ran into some issues. If completed the remote access and shutdown feature would have been similar to the feature provided by mobile phone manufacturers said the company in its latest blog post. The post also offers information about few instances where such a feature would have come in handy.
“This feature was intended to allow the owners of Antminer to remotely shut down their miners that may have been stolen or hijacked by their hosting service provider, and to also provide law enforcement agencies with more tracking information in such cases. We never intended to use this feature on any Antminer without authorization from its owner. This is similar to the remote erase or shutdown feature provided by most famous smartphone manufacturers.”
The Antbleed bug affects over 70 percent of all the hardware miners that are part of the Bitcoin network, which makes up to about 50 percent of the total hashing power. The hardware miners affected by Antbleed includes Antminer S9, Antminer R4, Antminer T9, Antminer L3 and Antminer L3+.
In order to prevent hackers and cybercriminals from misusing the vulnerability, BitMain has announced the release of a new updated source code and firmware upgrade to remove the bug. The firmware upgrade is available in the blog post (update link) as well as the company’s website.
BitMain may have had the best intentions when it introduced a partially built feature into the codebase. But it failed to complete the feature or remove the codes after deciding to drop the feature. By not doing so, it had left the whole Bitcoin network vulnerable to attacks. The details of security flaw are now out there in public, and it is in the best interests of the miners as well as Bitcoin network to ensure every BitMain device operator upgrades the firmware to secure their equipment.
Ref: BitMain Blog | Image: NewsBTC