Loading prices…
Zipp Zipp Advertise
Sign up Sign in
🩸BEARISH CryptoSlate

$800 SDR rig sniffs Bitcoin miner traffic via satellite

Stratum V1 job templates are readable in cleartext on many GEO downlinks, turning every mining pool that pipes work over satellite into a passive target.

Stratum V1, the protocol most Bitcoin mining pools still use to dispatch work to rigs, ships job templates and miner IDs in cleartext. New research from Akiba shows that on many geostationary satellite downlinks those packets are unencrypted, meaning an $800 software-defined radio pointed at the sky can passively capture which miner is hashing which template for which pool.

Why it matters

The attack is passive, which makes it nearly impossible to detect. No traffic leaves the attacker's rig, no handshake is required, and the captured job IDs link a miner's IP, pool account, and hashrate to a specific physical location. For industrial mining operators running fleets over satcom in regions with poor terrestrial connectivity, the metadata alone is enough to map out competitive intelligence, target theft, or feed targeted phishing against the pool's high-hashrate miners.

Market impact

The exposure lands on the pool operator, not the protocol itself. Pools still running Stratum V1 over satellite links are the immediate remediation surface: either tunnel through WireGuard, migrate to Stratum V2 (which encrypts job templates end-to-end), or front the satcom hop with a VPN. Expect pressure on the few remaining satcom-connected pools, particularly those serving African and Latin American mining hubs where satellite backhaul is the only viable option.

Related tokens
$BTC
#Bitcoin#Mining#StratumV2#Satellite

Frequently asked questions

  1. What is Stratum V1 and why does it leak data over satellite?

    Stratum V1 is the work-dispatch protocol most Bitcoin mining pools use to send job templates to connected rigs. It transmits miner IDs and job data in cleartext, so on any unencrypted link, including many GEO satellite downlinks, anyone who can receive the signal can read the traffic.

  2. How much does the attack setup cost?

    Akiba's research used roughly $800 in off-the-shelf software-defined radio hardware to passively capture the satellite-downlinked mining traffic. No specialized tooling is required.

  3. Can the miner or pool operator detect the eavesdropping?

    No. The attack is entirely passive, meaning the attacker's receiver does not transmit or interact with the target. There is no handshake, no probe, and no log entry, so neither the miner nor the pool sees any sign of the capture.

  4. What information does the leaked traffic expose?

    Captured packets reveal which miner is hashing which job template for which pool, linking IP address, pool account, hashrate, and physical downlink coverage area. That metadata is enough to map mining operations, target high-hashrate miners, or stage targeted phishing.

  5. How do pools fix the exposure?

    The fix sits on the pool side. Operators can tunnel Stratum V1 over WireGuard or a VPN, or migrate to Stratum V2, which encrypts job templates and miner communications end-to-end. The trade-off is added latency and operational complexity, which is why V2 adoption has been slow.

Source attribution
Aggregated from CryptoSlate · Verified · Last refreshed 1h ago
Open original →

More from Technology

Stories our editors think pair well with this one.

Older in Technology

Catch up on earlier coverage from this beat.