Recently, the news that antminer firmware can remotely terminate miner has aroused great controversy. The code for this function is designed and written by the antminer firmware team, and it is an open source software without any malicious intention.
We hereby declare that this function is designed for those mine workers who trust their miners to a mining plant, to allow them to remotely shut down miners when miners are stolen or detained without permission, and meanwhile to provide tracing clues to the law enforcement agency. Just like the function of remote removal and shutdown provided by many smartphone manufacturers, Bitmain will never employ the function without miners’ permissions. This feature is especially important when thefts or mine staffs’ delinquency happen in mining plants.
In 2014, a mining plant in Shenyang, China, detained 1,000 customers’ miners without permission.
In 2015, the Georgian mine detained more than 2,000 miners.
In 2017, the Canadian mine detained Bitmain’s managed miners without permission.
However, this feature has not been completed yet. Its idea was initiated from the production of S7 miner, and this function was planned to come out with the S9 miner. We hope that this feature could greatly benefit our customers. Unfortunately, due to technical problems, we failed to complete the development of this function, and in December 2016, we closed the testing server. But we made the mistake of not deleting the code for this unfinished function. Now, there are intense debates about the future development of Bitcoin, and this loophole is pointed out so that the Bitcoin community has a lot of misunderstandings about this feature. Hereby, we apologize for this sincerely.
This loophole affects the following products:
MITM (Man In The Middle) and DNS hijacking can take advantage of this loophole, thus leading to customers’ security problems, for which we apologize deeply. What needs to mention is that the existing stratum protocol is also very fragile under the MITM and DNS attack. Therefore, the entire mining community needs to work together to design a new generation of mining agreements to withstand potential risks.
We have released the latest open source code through GitHub and added new firmwares on official website to remove the loophole. We strongly recommend all mine workers to update this firmware and not to use software from third parties in order to avoid firmware malfunctions or phishing.
Source code on GitHub
S9, T9 and R4’s open source code,
L3 and L3 +’s open source code,
The original password for miner SSH is "admin", if you want to change the web login password, please use the web login password to enter.
In addition, we recommend the users of Antminer to change the DNS configuration file in the miner: / etc / hosts, to replace domain name resolution auth.minerlink.com with 127.0.0.1, and the method is as follows,
Use ssh to login to the miner
Run command: echo "127.0.0.1 auth.minerlink.com" >> / etc / hosts
Run command: sync
We pay close attention to the problems that may be caused by the loophole pointed out by the community and we are dedicated to continuous improvements to solve related problems. Hereby, we sincerely thank the community for pointing out this loophole. At the same time, our thanks also go to the community for the contribution of open source code for Antminers. We also take this opportunity to express our firm belief in the open source community and our determination to improve the quality of the code and the rigor of testing process.
We will continue to develop this function to provide effective remote control services to mine workers with managed miners. We will also put a switch on this feature, and its default is off. Besides, customers can even set their own remote authentication server addresses. And before this feature is successfully developed, we will not apply the code to any miners.