Coin Miners Dogged By Mining Pool Security Flaws

Distributed denial-of-service attacks have posed an increasingly severe and frustrating problem for mining pools in recent weeks.

AccessTimeIconMar 2, 2014 at 2:20 p.m. UTC
Updated Sep 11, 2021 at 10:24 a.m. UTC

Distributed denial-of-service attacks have posed an increasingly severe problem for cryptocurrency exchanges and mining pools in recent weeks.

Last month, several major pools in the mining community suffered debilitating DDoS attacks that resulted in significant delays, lost mining time and frustration for miners.

In extreme cases, as explained by TeamDoge administrator Forrest Fuqua, some pools received ransom messages from hackers demanding payoffs in exchange for pulling back their attacks.

Fuqua said that security flaws in the Mining Portal Open Source (MPOS) pool software commonly used throughout the community have made it all too easy for cyber attackers to disrupt mining activities and extract ransoms from pools.

He cited the example of, which suffered a serious attack on its database. He added:

“ actually got their database hacked at one point, due to the fact of insecurities in the main pool software that everyobody owns. Even the biggest mining pool for Litecoin uses it as their backend. It’s everywhere in their templates - they’re using the exact same framework. So some of these security exploits affect us all.”

More troubling is the fact that the security flaws are not fully understood by the mining community. When asked if these flaws meant that any pool using MPOS could suffer an attack, Fuqua said that these events are already taking place.

“They have been happening to other pools and we don’t know how.”

He suggested that it could be an internal backdoor built into the widely-available MPOS software, but Fuqua could not say affirmatively if this was the case.

Stolen coins

In the case of, at least 15 million dogecoins were taken from the pool’s master wallet, although Fuqua suggested that as much as 35 million dogecoins had been stolen.

In the case of TeamDoge, the hackers have struck numerous times, including an assault on the pool’s stratum software that is used to pull together the collective computing power of all the miners.

The miners sync with the protocol to receive notifications on their work, including the accrual of shares.

TeamDoge’s stratum protocol was hit by a DDoS attack comprised of more than 200,000 IP addresses. Given stratum’s limited capability for handling queries from users, it resulted in an outage of two and a half hours. Once stratum reaches its limit, the protocol begins dropping connections.

One of the issues is that structural problems in the MPOS software make it difficult for pool admins to make necessary changes. “Nobody touches [stratum], and there’s two reasons why,” Fuqua explained.

“Stratum is very sensitive to changes because of the way its written. Also, because it's the money maker. If your front end goes down, nobody cares. But if the stratum goes down, people stop making money, so there go your workers. And they scurry off to a different pool. No current DDoS protections can protect the stratum.”

“We were actually contacted by a guy ransoming the pool,” he continued. “He verifies this by turning off the DDoS and turning it back on.”

The cost of a DDoS attack

A DDoS attack on a pool can create major headaches for pool administrators like Fuqua.

The immediate impact is that the pool malfunctions and miners - who may not be actively monitoring their software - stop receiving shares for their work.

Depending on the severity of the attack, including whether or not the hackers actually infiltrate the database, the damage done to the system can result in even longer disruptions. Attacks can be damaging for reputations as well. Miners may fear that a pool is no longer safe and will look for alternative.

While most mining software allows configuration for backup pools, concerns over future attacks, and the corresponding loss of revenue, may be enough to dissuade a pool miner from returning.

Who is behind the attacks?

During the interview, Fuqua couldn’t say for sure who might be behind the attack. The most probable answer would be hackers hoping to accrue large amounts of coins to then move to exchanges. Fuqua went on to speculate that bad actors from competing pools may also be behind the attacks.

At the time of this writing, mining pools throughout the community continue to experience DDoS attacks on both their front-end servers as well as their stratum protocols.

Fuqua said he was currently engaged in upgrading TeamDoge’s infrastructure to help withstand - but not prevent - cyber attacks.

For the immediate future the risk of DDoS attacks on mining pools remains real. It remains to be seen whether or not developers will tackle the flaws in the commonly-used MPOS software.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.