I need to know more about security of a mining pool

[Outhue]

Must a crypto mining pool be an open source to at least trust the pool before connecting your asic miner? Or it doesn't matter? I have heard stories of hackers redirecting your hashrate to another pool and take over your asic or this is fake?

I am trying to be on a safer side.

[1714710900]

1714710900

[1714710900]

1714710900

[1714710900]

1714710900

[1714710900]

1714710900

[DaveF]

Most of the larger pools are not open source, some of the smaller ones are running open source but in the end, any of the pools can in theory cut and run with your BTC.
It's not something you should wooory about so long as you stay with the known ones: https://explorer.btc.com/btc/insights-pools

As for taking over your ASIC, that happens when YOU make a mistake and do not properly secure your miner. Or run sketchy aftermarket firmware. Stock, on a secure network with good passwords and you should be fine.

-Dave

[NotFuzzyWarm]

a. Virtually no pools are opensource as most run their own software and not something based on ckpool
b. It would not be a pool that is redirecting your hash rate it would be malware you picked up that has infected your miner.

Just be sure to use well known pools that have been around a long time such as; kano.is, ViaBTC.com, F2Pool.com, AntPool.com, etc.

[philipma1957]

yeah you can point a lot of your hash at f2pool and a tiny piece at ckpool

this thread gives a mining method of high risk high reward and low risk steady reward.



https://bitcointalk.org/index.php?topic=5377145.msg60966982#msg60966982

[Outhue]

Most of the larger pools are not open source, some of the smaller ones are running open source but in the end, any of the pools can in theory cut and run with your BTC.
It's not something you should wooory about so long as you stay with the known ones: https://explorer.btc.com/btc/insights-pools

As for taking over your ASIC, that happens when YOU make a mistake and do not properly secure your miner. Or run sketchy aftermarket firmware. Stock, on a secure network with good passwords and you should be fine.

-Dave

Thanks for your reply, so what's the normal procedure to make sure that my Asic miner is running in a secure mode?

Anything particularly to look out for? Or I shouldn't do?

[NotFuzzyWarm]

Just follow what should be normal safe & sane computer security procedures:
Always use a firewall and anti-virus software on any computer that can access the miner(s)
NEVER blindly download software from unknown or untrusted sources be careful of untrusted emails, etc.

If you get a used miner: 1st download a new copy of its firmware from the manufacturers website, connect the miner to a PC that preferably is not connected to anything else (a cheap Chromebook is great) and flash the firmware to the miner. Only then is it safe to put the miner online along with other miners you may have. Most malware will search for all miners on your network to try to infect them so used miners need to be isolated and reflashed before putting them on your man network.

[fennic]

Must a crypto mining pool be an open source to at least trust the pool before connecting your asic miner? Or it doesn't matter? I have heard stories of hackers redirecting your hashrate to another pool and take over your asic or this is fake?

I am trying to be on a safer side.

As for as I am concerned I have seen that no mining pool has scam and also exited with miners till date. And they can easily run away with your money if you go with smaller pools. Cause they might offer lower fees for the mining capabilities.
I think you should look at this website where if almost 60 to 70% miners are working than work here cause if these big pool will exit than whole Bitcoin market will crash and that's not gonna happen.  Here is a website link 🔗
https://m.btc.com/stats/pool

[BitMaxz]

Thanks for your reply, so what's the normal procedure to make sure that my Asic miner is running in a secure mode?

Anything particularly to look out for? Or I shouldn't do?

Don't enable SSH and close all possible open ports so that no one can able to hack your miner.

Also, protect any device connected to the same network to avoid viruses and malware, and don't use nicehash to mine and only mine in the real pool.

[mikeywith]

Just follow what should be normal safe & sane computer security procedures:
Always use a firewall and anti-virus software on any computer that can access the miner(s)
NEVER blindly download software from unknown or untrusted sources be careful of untrusted emails, etc.

If you get a used miner: 1st download a new copy of its firmware from the manufacturers website, connect the miner to a PC that preferably is not connected to anything else (a cheap Chromebook is great) and flash the firmware to the miner. Only then is it safe to put the miner online along with other miners you may have. Most malware will search for all miners on your network to try to infect them so used miners need to be isolated and reflashed before putting them on your man network.

I just want to point out two things here, most antivirus software are not very mining friendly, they will block/delete Whatsminer tools, they would block even web access to some miner's webpages, and some monitoring programs will also have a very hard time running with antivirus installed, so a few exceptions will need to be put into whichever security measures you run on your PC, some folks prefer not to run any at all which is a double edge sword.

I found Kaspersky to be the most paranoid, it won't even allow you to submit a webpage that contains a stratum URL, of course, if you know all the things to allow beforehand it would be great, otherwise, every time you try to download a new monitoring software or new firmware you would be forced to make adjustments accordingly.

As for the used miner, flashing firmware from the webpage isn't going to get rid of common viruses like NightSwitcher, some versions of those viruses are pretty sophisticated, when you flash a new firmware they will show you that everything went fine, it will start hashing to your own pool, and then later on "probably where the name NightSwiticher came from" it will start mining to the hacker's pool.

The only way around this would be using Sdcard to flash the miner, it works like 99% of the time, but to be super safe, after the sdcard flash you would still do this

connect the miner to a PC that preferably is not connected to anything else (a cheap Chromebook is great)

Just in case the virus was able to disable the bootloader on your control board, and thus making that Sdcard flash useless.

** You don't need to connect the miner to a PC when flashing Sdcard, just read the manual and you will figure out if it was successful based on the led blinking patterns, could be 10 flashes, could be 5 reds, could be 10 greens, you just need to know what the process looks like and then you don't have to risk infecting the secondary PC you use.