Antbleed Can't Stop Bitcoin


avatar Quebex Fintech Inc.
May 04, 2017

Bitcoin has never been more valuable than it is today, May 4, 2017. Bitcoin has risen to a record-shattering high of 2264.97 CAD. Shockingly, this all-time high comes when AntBleed, a firmware exploit which threatened more than half of the bitcoin network with potential for remote shutdown from a BitMain server, is fresh in the community’s mind.

In their response to the release of AntBleed, BitMain told the community that AntBleed was an unfinished firmware patch that should not have been released. They intended the code to be used as a form of user assistance to help recover equipment in the event of theft. One of AntBleed’s most concerning features is that the authentication server was hosted on Cloudflare servers.

By hosting a server for such a service on third party servers, BitMain left the majority of the bitcoin network open to control by state actors. The estimated share of bitcoin miners exposed to this exploit came in around 70% of the total network hashrate.



Of course, state actors have reach far greater than one internet company’s servers. Using a technique called DNS poisoning, a state actor could have potentially shut down affected BitMain devices regardless of where the BitMain server was hosted. Even though bitcoin is about cryptography and public/private keys, a cursory review of the source code shows none was being used.

Basically, your computer asks the DNS server it is configured to use “hey DNS server, where is auth.minerlink.com" and it says “ohh, its at IP so and so”. Of course, that assumes you are actually connected to that DNS server and that it is acting honestly. A state actor with authority over telecommunications companies could pretend to be your DNS server and say that auth.minerlink.com is on one of its servers, and then when you connect to it, its server could respond appropriately with a string containing false. Then you would be deactivated.


Bitcoin has shown solidarity in trying times, however. Bitmain released a firmware patch removing the exploit only hours after it was made public. Bitcoin has soared to its highest price yet and only one week after AntBleed was made public. The open source and bitcoin community have just shown that at least some of its members are more interested in a stable state-independent currency than exploitation and quick, illicit profit. We like to believe this commitment to a truly humanitarian cause may have helped drive the recent outstanding growth.