Small scale bitcoin and cryptocurrency mining is pretty easy. Once you get the power, cooling, miners, and mining pool configurations figured out you can have your rigs running for weeks or months at a time with little to no human intervention. How secure is this mining farm contraption? What additional considerations exist when you decide to scale up to a large mining farm with more equipment? The vulnerabilities aren’t especially clear and since it’s such a niche business there really aren’t any off the shelf mining security systems, platforms, or documentation out there.
Let’s be honest, stealing mining rigs probably isn’t going to be the theme of any movies. Yes it’s possible but basically all you need is the same level of security you would expect while running any other legitimate business. Keep inventory, lock the doors, and have some well positioned cameras. As a side note be sure to invest in camera systems with high enough resolution and frame rates to identify people and vehicles, otherwise they aren’t helpful.
While there are a plethora of different scenarios for a network based attack on a mining farm, there a select few that come to mind but don’t consider this a complete list.
DDoS – Distribute Denial of Service attacks. Competitors, angry customers, or other malicious parties may potentially attack your mining facility with a botnet. This will halt any mining activities because your internet would simply not work. You will have to work with your ISP to resolve this. DDoS protection is also available, but it is expensive in most cases.
DNS Hijacking – Anything from your ISP, their upstream provider, or even one of your employees that has access to one of your routers can potentially hijack your DNS. Mining pools want you to use a hostname to connect, like “stratum.antpool.com” since they use high availability cloud services to run the pool and don’t rely on static IPs attached to a physical server in this day and age. Typically you have a DNS server entry in your router that is provided by your ISP. If this is changed to a malicious one, they can spoof that pool hostname and point the miners to their own mining pool account with another pool and reap the benefits. Secure your router appropriately and always use a trusted DNS provider like OpenDNS, Cloudflare, or Google. With Stratumsphere you can also setup our notification system so you are alerted if your miners start disconnecting.
Compromised Network Equipment – Mining farms are ran as cheaply as possible and miners use next to no bandwidth. Most mining farms buy the cheapest second-hand network switches and routers they can find in most cases. Although many of these do the job just fine, there is a chance they may acquire an old managed switch (as an example) that desperately needs a security update that was published by the manufacturer. The best way to prevent this is to make sure that any gear you have is up-to-date prior to bringing it online within your facility. If you need to bring it online within your facility to update it, keep it isolated from the production network. Most manufacturers also let you sign-up to an emailing list for that piece of equipment, so if an important update is required you’ll be in the know.
WiFi – It’s no secret that WiFi gets compromised often. However, you probably need a WiFi network to conduct day-to-day operations within the farm. Make sure to hide the WiFi network and keep it completely isolated from your production mining network.
Compromised Mining Rigs
The fact that most ASIC miners ship from the manufacturer with “root” as the default user and password should already raise a red flag if you have any experience in conventional IT. You have to understand that these miners are mini servers with a Linux operating system on them. If someone compromises root, they may possibly have access to a certain portion or all of your network and affect other miners. I recommend that you give the Linux Man Page for OpenSSH a read and understand the options available for limiting SSH access. However, for summary it’s best to enforce standard SSH security protocols you’d enforce in a conventional data center. Limit SSH access to your private network, Generate SSH keys, enforce key only access, and setup Fail2ban.
Employee Theft, Misuse, or Collusion
This is another common act that occurs within mining farms, especially because mining farms typically contract unskilled and/or temporary labor with a high turn-over rate to accomplish most of the day-to-day tasks within a mining farm. Some of these workers may realize that if they point a small handful of mining rigs to their own pool account, the chances of being caught in a farm with 1000’s of machines is slim. This can boost their monthly income by several hundred dollars so there is a lot of incentive for this to happen. Our system, Stratumsphere does keep a record of all workers that are connected to the system and you can easily witness what miners and overall percentage of your miners are offline. Internal cameras within your facility are also a great idea.
Never use an exchange wallet, despite how easy it may seem! One of my first jobs in crypto I worked the help desk for a mining pool and I saw more miners lose money to faulty exchange wallets than anything else. If you don’t hold the private key, you do not own the wallet. That being said, even with your own wallets always have a separate hot wallet in which you collect immediate mining rewards and a cold wallet that you transfer currency to if you intend to hold it long-term. There are plenty of hardware options out there for cold wallets and even a simple paper wallet can work for this purpose.
This article is by no means meant to be all inclusive, there are 1000’s of different threats out there. Do your own research and even consider consulting with a cybersecurity expert when your business has serious money on the line. Securing a mining farm is difficult, but not impossible. Practice agility, the industry is ever changing and new security threats come from all different angles.