F2Pool: Love Letter for a Hacker

Has this ever happened before? On April 2, a hacker succeeded in kidnapping the hashes of some pool and forwarding them to F2Pool. Since the victims have been miners on AntPool, ViaBTC, and BTC.top, the hack is somehow connected to the block size debate.

It must be fun being Wang Chun at this time. The young Chinese administrator of the popular mining pool F2Pool sits in the middle of the hard fork debate, neutral like the Swiss, and confuses the world with puzzling hints on Twitter. After all the dogged spark of the block size debate, in which everyone seems to be too involved and too serious, Wang Chun is a refreshing, humorous and relaxed distraction.

On April 2, Wang Chun unintentionally became profiteer of a hack around the block size crisis. One day after F2Pool signaled readiness for every scalability solution available – SW, BU, 8MB, 2MB – Wang Chun tweeted, that somebody had hacked miners from AntPool, ViaBTC, and BTC.top. The hashes have been redirected to F2Pool.

Someone hacked major mining operations and their stratum had been changed from antpool, viabtc, btctop to us. Our hashrate doubled instantly — wangchun @ bitfish+f2pool (@satofishi) April 2, 2017

Until now, we have heard about a lot of hacks of exchanges and wallets, and even DoS attacks on some clients like Bitcoin Unlimited. But that the miners itself fall victim for hackers seems to be something new. Shortly after the tweet from Wang Chun, someone suggested hardening the Stratum protocol with which the hashes are forwarded to the pools. But Wang Chun rejected the idea, since the hack did not happen on the level of Stratum, but on the local mining machines themselves, where the settings of Stratum have been changed.

Useless. This is not hi-jacking. Stratum settings were changed on mining machines themselves. https://t.co/aWO0b3K2i8 — wangchun @ bitfish+f2pool (@satofishi) April 2, 2017

So, the local systems of some miners which mined for AntPool, BTC.top, and ViaBTC, have been hacked. Since the hacker could double the hash rate of F2Pool – the largest or second-largest mining pool of the world – it was quite a massive stream of hashes the hacker redirected. Since he could create 12 bitcoin in just an hour, eight to 12 percent of the hash rate would be a good guess.

The whole event raises some questions. Why have only miners from these three pools been affected? Did the miner intentionally attack miners which signal for Bitcoin Unlimited?

And were the victims of the hack using a mining software, which had a bug? If no – is every miner vulnerable to such a hack? If yes – why do the users of these three pools use the same software? Is it possible that the accounts at the three pools belong to the same person, which would be the owner of a massive amount of hash rate?

Finally, what does this mean for hard and soft forks, which are triggered by block signaling through the miners? If it is possible for miners to kidnap such huge parts of the system’s hash rate – could it be possible that a hacker activates an unwanted fork by redirecting the hash rate?

Depending on the answers on those questions you might say; the evil supporters of Bitcoin Core hack Bitcoin Unlimited miners. Or; the evil Bitcoin Unlimited miners are in fact just a cartel which hides by distributing its hashes across several pools. Or; you should never again trigger a fork by block signaling.

It is also possible to take the short episode with some humor like Wang Chun does. The administrator of F2Pool tweeted that he loves the hacker and wants to reward him with 5,201,314 Satoshi, which equals around 0.05 bitcoin.

I *love* this hacker. He must be a lucky guy. In just above one hour, he has generated three blocks in a row. I'll pay him 5201314 satoshis. — wangchun @ bitfish+f2pool (@satofishi) April 2, 2017

Since nobody seemed to understand the joke, Wang Chun gave another hint as to what he meant:

Plan cancelled. As the guy has a mail.ru email so he might be from Russia. I bet he could not understand what 5201314 means. https://t.co/4cbnHNeiLP — wangchun @ bitfish+f2pool (@satofishi) April 2, 2017

Before you Google 5201314, we explain the solution of the riddle; China is in love with numbers games. For example, mobile phone numbers with 8 are hugely popular, as “eight” translated has a similar sound like “fortune” or “wealth, ” while many huge buildings have no fourth floor, because “four” sounds similar to “death.” The string 520-13-14, however, is good to remember when you woo a Chinese lady; “Five hundred and twenty” sounds in Chinese like “I love you,” “thirteen” like “always” and “fourteen” like “forever.”