We’re 12 months into the brutal, frigid crypto winter, and the powers that be have shown no signs of abatement. And while crypto upstarts are watching their lives flash before their eyes, Bitcoin bugs seem to have survived the frostbite-inducing weather. And by bugs, I mean digital bugs.

Ransomware Strikes Bitcoin ASICs

Like many other industries, the crypto sector has its fair of bad actors. These tones were validated on Wednesday, as reports arose that a unique strain of ransomware had struck the heart of the Bitcoin blockchain — miners.

Per a report from ZDNet, the virus, named hAnt — a likely jab at the devices of its victims — has begun to sweep across the ASICs of China’s crypto miners. hAnt, which is actually a form of ransomware (extortion), was first spotted in August of 2018, but a mass of infections was reported in recent weeks.

According to the exposé, devices infected include the Antminer S9 and T9 — two leading products in Bitmain’s ASIC roster. Yet, there purportedly have been rumors of Antminer L3 machines, used primarily to mine Litecoin, also getting affected. Hearsay also claims that the Avalon lineup of ASICs, created by Bitmain competitor Canaan Creative, have also fallen victim to a similar backdoor, but to less of a degree than Bitmain’s devices.

But, considering Bitmain’s hegemony over the broader crypto mining ecosystem, it makes sense why reported cases pertain to devices of the Chinese powerhouse’s patronage. Chinese security experts have purportedly claimed that these security breaches are a byproduct of questionable ASIC download files, likely circulated by malicious individuals, which secretly contain hAnt.

What’s The Big Deal?

So what’s the big deal with hAnt? Well, Yibenchain, a Chinese news outlet, released a number of images that showed devices affected by hAnt, along with a description of the attack.

hAnt splash screen

Looking at the image above, it’s likely easy to tell that hAnt is no joke. But what does it do to mining rigs?

Per Yibenchain, once hAnt latches onto an exposed ASIC, it disallows miners from accessing their device, displaying an image of a silhouetted ant-esque creature, alongside two pickaxes (maybe scythes) that were likely integrated to impose fear on victims. Purportedly, if users click on the ominous image, they’re greeted with a not so nice message.

And as you’ve likely guessed, yes, the message reveals that hAnt has put the device under ransom. Yibenchain claims that the attackers ask for 10 Bitcoin, currently valued at $36,000, for the ransomware to evict itself. The other choice is a bit more devious: victims can participate in the propagation of hAnt to remove the strain of ransomware from their ASICs.

If the ransom isn’t paid or working for the ‘bad guys’ isn’t successful, hAnt will remove temperature limiters and shut off computer fans, effectively ending devices’ lives via heat death.

Bitcoin’s hashrate hasn’t seemingly been affected by this attack, even in spite of reports that claim that BTC.Top, a leading mining group, saw thousands of its ASICs falling victim to hAnt.

Title Image Courtesy of Markus Spiske on Unsplash


Please enter your comment!
Please enter your name here