Bitcoin Miners are exposed because they didn’t set their TelNet Passwords

Gevers told News in a tweet that all miners process Bitcoin sales in the same mining pool and seem to refer to the same organization.

“The keeper of these machines is most likely a country sponsored/controlled organization part of the Chinese government, ” Gevers states, basing his allegations on information found in the exposed workers and IP addresses allocated to each device.

Miners took offline shortly after

Gevers is also the director of the GDI Foundation, a non-profit organization that organizes vulnerability exposures and works to ensure exposed devices. For the past two days, Gevers has been studying the incident and was preparing to reach out to the concerned organization.

This will not be needed anymore as it seems that someone from the concerned party saw Gevers’ tweets and tightened the exposed devices shortly after.

“Most of the miners are now not available anymore via Telnet,” Gevers told Bleeping Computer. “Just a few are left, and I am keeping an eye out for those.”

“At the speed, they were taken offline, it suggests there must be serious money involved,” Gevers figured. “A few miners is not a big deal, but 2,893 functioning in a pool can generate a pretty sum.”

According to a Twitter user, the whole network of 2,893 miners Gevers found could generate earnings of just over $1 million per day, if digging Litecoin.

The authority is still reviewing to see how long were these devices left exposed online without a Telnet password.

“I have proof of other guests on the boxes where they tried to place a backdoor or malware,” Gevers said.

According to a different researcher who also took a look over the miners, they also seemed to be participating in a bandwidth distribution scheme run via Chinese service Xunlei.

Take your time to comment on this article.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers