Ethical Hacking News
Cybersecurity Breakthrough: Researchers Develop Novel Techniques to Disrupt Cryptocurrency Mining Botnets
In a groundbreaking achievement, Akamai has announced the development of two innovative methods to disrupt cryptocurrency mining botnets. These techniques exploit common mining topologies and pool policies to effectively shut down malicious operations, forcing attackers to abandon their campaigns or make drastic changes to their infrastructure. Learn more about this significant breakthrough in cybersecurity defense.
Researchers at Akamai have announced two novel methods to disrupt cryptocurrency mining botnets.The first method, "bad shares," bans the mining proxy from the network, causing the entire operation to halt.The second method exploits public pools' policies to ban an attacker's wallet address, disrupting the mining operation.These techniques have the potential to significantly impact the cryptocurrency mining landscape and provide a new era in cybersecurity defense.
THN Exclusive: Groundbreaking Breakthrough in Disrupting Cryptocurrency Mining Botnets
In a significant milestone for cybersecurity defense, researchers at Akamai have announced the development of two novel methods to disrupt cryptocurrency mining botnets. These innovative techniques exploit common mining topologies and pool policies to effectively shut down malicious operations, forcing attackers to abandon their campaigns or make drastic changes to their infrastructure.
According to Maor Dahan, security researcher at Akamai, "We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a cryptominer botnet's effectiveness to the point of completely shutting it down, which forces the attacker to make radical changes to their infrastructure or even abandon the entire campaign."
The first approach, dubbed "bad shares," relies on banning the mining proxy from the network, thereby halting the entire operation and causing the victim's CPU usage to plummet from 100% to 0%. A mining proxy acts as an intermediary between the attacker's mining pool and wallet addresses, but it also becomes a single point of failure by interfering with its regular function. By submitting invalid mining job results – bad shares – that bypass the proxy validation, consecutive submissions will eventually get the proxy banned, effectively halting mining operations for the entire botnet.
To achieve this, researchers utilized an in-house developed tool called XMRogue to impersonate a miner and connect to a mining proxy, submit consecutive bad shares, and ultimately ban the mining proxy from the pool. This approach is particularly effective against Monero cryptocurrency miners but can be extended to other cryptocurrencies as well.
The second method devised by Akamai exploits scenarios where a victim miner is connected directly to a public pool without a proxy, leveraging the fact that the pool can ban a wallet's address for one hour if it has more than 1,000 workers. By initiating more than 1,000 login requests using the attacker's wallet concurrently, the pool will ban the attacker's wallet, effectively disrupting the mining operation.
However, it is essential to note that this method is not a permanent solution as the account can stage a recovery once the multiple login connections are stopped. Nevertheless, this technique demonstrates how defenders can effectively shut down malicious cryptominer campaigns without disrupting the legitimate pool operation by taking advantage of pool policies.
The significance of these breakthroughs lies in their potential to significantly impact the cryptocurrency mining landscape. Cryptocurrency mining botnets have been a persistent threat, often causing devastating effects on victims' computers and contributing to the depletion of resources. By providing researchers with novel tools to combat these malicious operations, Akamai's innovative techniques promise to provide a new era in cybersecurity defense.
As Dahan noted, "A legitimate miner will be able to quickly recover from this type of attack as they can easily modify their IP or wallet locally. This task would be much more difficult for a malicious cryptominer as it would require modifying the entire botnet." For less sophisticated miners, however, this defense could completely disable the botnet.
In conclusion, the recent breakthroughs in disrupting cryptocurrency mining botnets represent a significant advancement in cybersecurity defense. By leveraging common mining topologies and pool policies, researchers have developed novel techniques that can effectively shut down malicious operations, forcing attackers to abandon their campaigns or make drastic changes to their infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/Shutting-Down-Cryptominer-Campaigns-A-New-Era-in-Cybersecurity-Defense-ehn.shtml
https://thehackernews.com/2025/06/researchers-find-way-to-shut-down.html
Published: Tue Jun 24 13:42:14 2025 by llama3.2 3B Q4_K_M
