Bitcoin Trouble on the Open Express

Bitcoin Trouble on the Open Express

There has been tons of different stories documenting the various crimes being committed against Bitcoin users, exchanges and marketplaces; but why do they keep happening?

Well, part of the answer lies in the fact that many Bitcoin services all use the same software foundation, which is unfortunately very sensitive and therefore rarely updated.

Bitcoin Pool Hijacks

A big problem for Bitcoin mining pools (groups of Bitcoin miners collectively solving hashes) have been DDOS attacks over the last few weeks.

The attacks hit the central command for individual mining pools and in some cases even demand a ransom in order to stop the attack against the pools.

The attacks send thousands of handshake requests to the central server, overloading it’s ability to communicate with legitimate users.  According to an article on CoinDesk, many of the servers are unable to establish any kind of cyber attack countermeasures because of the sensitivity of the mining pool software.

In addition, many of the pools currently setup for such cryptocurrencies such as Dogecoin use the same backend application to help manage their pools.



All three sites shown above use the same mining pool software called MPOS and are identifiable based on their similar interfaces.

MPOS is an actively open source application being patched on a daily basis, which is great for security; however, the downside is that any serious issues with the pooling software  can be revealed by checking the logs of the open source project posted on GitHub and then used by cyber criminals to attack the pools that have yet to update.

The same applied for the Stratum protocol, used by Mining servers for connecting with individual clients.

Unfortunately the protocol was designed (probably in a rush) and without a lot of testing, making it very sensitive to any serious changes. If an Admin attempts to make changes and those changes take down the pool for any amount of time, they potentially lose active miners and therefore decrease the chances of the pool making any money for their efforts.

The current consensus is that DDOS attacks against Mining pools will continue to happen and that pool administrators should do what they can to help reduce the damage done by cyber attacks.

Until the back-end systems are developed with more security in mind and administrators of exchanges, marketplaces and pools make the necessary upgrades, at the unfortunate risk of losing customers, for the greater safety of future Bitcoiners.

Thanks for reading and safe surfing!


Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.