How PayNym (BIP47) changes the game for miners

#PrivacyMondays
Issue 3

In bear markets you cannot afford being too generous with hackers. Let’s save you sats with some security and privacy tips.

Imagine you have spent $$$ on your mining ASICs and you are paying an arm and a leg for the electricity; all of a sudden somebody takes away your hard-earned hashing power to mine on their pool account instead of yours. This is called hashrate hijacking.

One of the main concerns raised by many is that the existing protocol being used for Bitcoin mining, aka Stratum V1, is un-encrypted and it can be a cause of hashrate hijacking. In order to fact check this statement we should first understand how mining pools function.

Mining is the process of guessing a number and a hash that will fulfill the difficulty requirement of the Bitcoin network. The miners should search a big space of possible numbers to find the right answer, in this process the miners get the chance to submit close-enough answers, although they are not the right answer, to the pool for proportional rewards. When ASICs connect to the pool, each mining hardware is assigned a unique search space. This search space on that specific pool is assigned to your username. So, if anyone steals a hashed response from your ASICs they cannot submit that to the same pool as yours and that would be invalid on any other pool. What should they do instead; they should push their account’s search space and the assigned work form their pool/account into your ASICs to be hashed. The question is can they actually do that?

The answer is, Yes. There are 2 different ways to do that.

1. If someone sits in between your miner and the pool, they can change the content of messages being exchanged so your machine hashes to their account instead of yours. This becomes possible because the channel is not encrypted and the miner cannot verify the source of the message being received.

2. In the second method the hacker can re-initialize the communication channel between the miner and the pool, and route the channel to be set up on their account instead of yours (by just routing or changing the signatures in a middleware) In this method, the content and channel encryption cannot do much of prevention and your hashrate is still prone to being hijacked

A new protocol was recently introduced named Stratum V2 that is offering some new and cool features such as miner/pool channel encryption, messages compression/reduction and custom blocks per miner. Stratum V2 is able to prevent the first method and some types of the second method, however it is still prone to risk, if the channels are reinitialized.

Bad news is that none of these two methods is easier than the other for the hijacker and they can simply hijack your hashrate no matter which stratum protocol you are using. In other words, if a hacker finds a way to sit in between the miner and the pool, they have already achieved the difficult part.

The only requirement for them would be to sit somewhere in the middle. That could be the firmware, the local network, the proxy the internet service provider or etc. Unfortunately, all the ASIC/Farm management solutions that exist in the market are unable of detecting such threats.

What is the solution for that?

Well, might sound unrelated but worth referring to. In the 60’s NASA spent millions of dollars and many years on inventing a pen that works in space while the Soviets were using pencils to write on paper in no gravity. Yeah, the taxes your grandpa paid in those years …
In this case hashrate hijacking, detection is as important as prevention. You never know how creative the hackers could get in the coming years.
If a miner can detect a hijack is happening, they can stop it from happening, minimize the cost, find the vulnerability and address the risk.
The good news is Lincoin Pool is the only Bitcoin mining pool with such a feature that miners could use to detect hahsrate hijacking quick and easy.

With the power of Boty McBotface (that is the name of our AI enabled Bot) real-time alerts are being sent out every 5 mins for every single device.

Lincoin has a very unique offering for miners who care for security and privacy. You can detect every connect/disconnect event or even a hashrate drop for EVERY single miner. That could be used to detect hashrate hijacking, infected firmware and hardware defects in most cases.