Home Bitcoin Mining Security

Threat analysis and risk mitigation for small mining farms.

Understanding the threats and risks to mining at home will help you better prevent and/or react to various types of attack scenarios that can be disastrous for your mining operations.

First off, what needs protecting?

Mining hardware
Site access
Electrical infrastructure
Ventilation and cooling infrastructure
Internet/Network access
Mining pool payout deposits
Wallet storage

Second, Who do you need protection from?

friends and family
neighbors
unexpected visitors(utility workers ect)
your ISP & government depending on where you live
3rd party targeted attacks

Threat Modeling

Threat modeling is a form of risk assessment that models aspects of attacks and defenses and controls you can implement on your system and its components.

Understanding risks and modeling out possible ways you can mitigate them as well as respond to them will help you protect your assets and be prepared for various attack scenarios which is essential for long-term, at-home mining success.

Every mining farm faces similar potential risks but not all risk is the same.

A setup with an S9 in the basement in a residential neighborhood deals with different risks than a home owner with a 20+ S19s in their shop on the farm.

Security starts with you and your mindset.

Advertising that you own large amounts of wealth is always a bad idea and probably the most obvious risk to avoid as a miner.

Bragging about any wealth you have is an invitation for people to pay more attention to who you are and what you have for the taking.

Be humble and stack sats.

Thanks for reading ON BITCOIN! Subscribe for free to receive new posts and support my work.

What Are Home Mining Security Risks?

There are many risks to consider as part of your approach to security. Below I cover visibility, theft, flooding, fire, network and miner and system hacks and other potential security risks.

Location Visibility threats

Just like you don’t want to advertise that you have a lot of wealth, noticeable mining setups are also a risk. You don’t want to attract curiosity from neighbors or passerby’s to start asking questions or deciding to take a closer look.

r/gpumining - How to spot a miner during Winter conditions.

Some of the things that make your setup more noticeable to people walking by your location are noise levels and heat signatures.

Air cooled mining is noisy and mining in the winter can create situations like the image above where people wonder what is going on. Cannabis grow ops can also create heat signatures like above and if you’re suspected of that, you may get a visit from authorities on a tip from someone just walking by.

Properly venting your mining rigs, using immersion or enclosures may help mitigate this risk.

Theft threat

Theft is probably the biggest risk for home miners. With just one miner costing upwards of $10,000 dollars; if the wrong people know you have one or more of these in your garage, shed or home, your risk of theft goes up.

Aside from securing your location with locks and blocking windows, have a video surveillance and security system can be invaluable.

Video Surveillance is a great way to keep an eye on your miners. Most security camera systems today are feature packed with motion-activated detection and siren trigger, person and vehicle detection, remote viewing and night vision mode.

Amazon as a whole bunch of options depending on your budget.

Have a monitored alarm system provides you with 24/7 monitoring as well but comes with a monthly monitoring fee. This service is what many home owners use for security systems.

Flooding threat

I think it’s obvious that water and mining do not mix. If you are in a flood zone, near a river or have issues with your basement flooding, you’re going to want to make sure your mining equipment is not in a place that can get flooded.

Keep miners off the floor and on racks or in an enclosure.

This tends to be a lower risk but it depends on your specific location.

Fire threat

ASIC miners use a lot of power and run very hot. They are unlike any other electrical appliances as they run 24/7 365 pulling a consistent load of electricity. They can fail, catch fire and burn it all down.

Your home mining electrical setup needs to be done right otherwise you are asking for trouble. Using the wrong gauge wires or breaker can cause a fire very quickly so don’t fool around with short cuts.

Your miners need to be clean and clear of dust. Dust can accumulate and become an easily combustible start to a fire.

Miners need a lot of ventilation to stay cool and if your miner gets too hot then it will shut itself off as a safety measure. If you don’t move the heat, you risk fires and miner breakdown.

If your miner is in a home made box to reduce noise there is always a risk for overheating and fire and the following design precautions are recommended.

Have reliable fans that move cold air in and hot air out.
Don’t use flammable materials
Make sure you use clean cabling, neatly tied and out of the way
Your location should be clean with low dust
Have a working fire extinguisher close by or mount some automatic fire extinguishers

Miner threats

Keeping your devices secure is important and that starts with strong passwords on your miners Web Interface access. This is the all seeing all knowing access to your miner so your miner passwords should be secure and not left as the default.

ASIC Viruses

Many mining farms have fallen prey to these malicious attacks aimed at stealing Bitcoin and hashrate.

Most ASIC virus get access through SSH and the ASIC web interface, using a tar vulnerability or lack of signature verification.

When HTTP is detected, the virus uses the tar vulnerability to flash ASICs. If there is no signature protection, it just goes through the ASIC firmware script. New viruses are regularly created and constantly modified by hackers. Source

Phishing is the main way hackers use to distribute this type of malware so it’s really important to take proper security and safety measures with the laptop or computer you use to manage your mining farm.

Computer security is a whole topic on to itself and is covered extensively with a quick google search.

Network threats

You need to consider Eavesdropping and Hashrate hijacking as two threats that require strong network privacy.

Anyone who is connected to the same network as your miners can potentially get access to your miners.

Network routers and wifi routers all should have secure passwords and not left as default. Use standard wifi security practices and firewall or vpn technology depending on the size of your network.

A VPN is a recommended piece of software that gives you a secure connection to the Internet, so that third parties cannot intercept or read your data.

If you care about privacy, it’s advisable to always access your pool account using a VPN so that at least your IP address is hidden for that account activity.

The team at Braiins had a great way for hiding your mining activity IP address.

One option is to rent some cloud server and run a simple TCP proxy there to privately route your mining jobs and share submissions. Stratum V2 along with a TCP proxy is a solid solution. If you can’t use Stratum V2, you could instead setup a SOCKS proxy, which would make it such that both your ISP and your mining pool(s) would know you are using a SOCKS proxy, but not what is on the other end of it. Source

Using multiple VPN channels gives you privacy from the ISP and mining pool.

Using Stratum v2 and DNS proxies makes it so that ISPs won’t see details about the communication between a miner and a mining pool, only that there is a connection.

Mining Pool threats

Mining pool balances and payout transactions are some of the most closely watched types of on-chain data.

When using a mining pool, you are required to create an account so you must ensure you follow good security practices with this account. Your payout address and other private information is be stored in this account.

If privacy is important to you, you should always access your pool account using a VPN so that at least your IP address is hidden for that account activity.

Use a privacy focused web browsers when using Bitcoin mining related sites and searches. Here are a few options:

Use two-factor or multi-factor authentication (2FA or MFA) authentication to access your pool account and Use secure passwords and a password manager

Access your account using a VPN. Be careful about exposing IP address. Know that your IP address can still be connected to your transactions through pool association.

Use a new payout receiving address after every payout to eliminate address reuse and reduce the frequency of pool payouts.

When managing pool payouts, you are not paid directly out of the coinbase rather the mining rewards go to the pool operator’s wallet before being paid out.

Use Whirlpool by Samourai Wallet to help prevent parties that miners send rewards to from knowing that they mine. Whirlpool breaks the links of the past history of your coins from their future activity.

Bitcoin Custody threats

As a miner you are responsible for keeping your mining rewards secure through each step from your miners to the mining pool accounts to cold storage wallets.

Creating a repeatable documented process might be a smart move to ensure you are doing it right each time and stay safe and secure.

Where you store and how you move your Bitcoin around to other wallets should be focused on maintaining privacy and best practices in wallet security.

Cold Storage Wallets

A cold storage wallet is an offline wallet used for storing bitcoins.

It’s called cold storage because it’s store off of the internet.

The reason for this is to protect the wallet from unauthorized access, cyber hacks and other vulnerabilities that your lap top or phone that is connected to the internet is susceptible too.

The most basic form of cold storage is a paper wallet.

File:Bitcoin paper wallet generated at bitaddress.jpg - Wikimedia Commons

The more popular form of cold storage wallet is a hardware wallet that uses an offline device or smartcard to generate private keys offline like this Ledger hardware wallet.