OS
Pool
ASIC Firmware
ASIC Hub
More
blog
Blog
News and Articles
forum
Forum
Top discussions, announcements, help
Show all articles
Referral Program
referral
Increase your income with Hive. Invite your friends and earn real cryptocurrency!
Get your referral link

Phoenix-Miner STOP USING NOW March 2021

Miners
#1

Anyone know about this hack affecting Linux systems?
Nicehash Announced March 7 2021 -
STOP USING PHOENIX-MINER NOW
https://www.nicehash.com/blog/post/stop-using-phoenix-miner-immediately

@DaveTech Canada - YouTube

WHAT?

Looks like my next few days will be busy as I wipe every single password and machine I ever created.

Nice.

Also might explain why I had 2 friends in last few weeks lose almost 70 thousand dollars in Crypto!

Yeah literally disappeared overnight both were on phone wallets.

No Windows machines in my house and multiple subnets but I will be wiping EVERYTHING in my digital footprint.

OMG - THIS GONNA TAKE FOREVER.

HARDWARE WALLETS ONLY FOLKS.

#2

Hi,

It’s only if you have use phoenix miner on a PC with Windows 10 ? Or even on HiveOs ?

Sorry if this question seems stupid but it’s a bit scary what you said.

1 Like
#3

There are no stupid questions.
If you read the NiceHack article you know as much as I do.
I only use Linux machines in my house.
Since I had 2 friends lose over 70 thousand dollars in crypto in last month, I removed the blight of Windows from my network entirely. I have machines with CentOS, Kali and Ubuntu in my network only.
I used a managed switch and have isolated subnets for different PCs.
I use SMOS and HiveOS for mining.
All use Phoenix which has me pretty concerned.
I never did trust closed source software starting with OhGodEthLrgmnt Pill.
I use them, just never trusted them.
Anyway, in meantime, I used NORDVPN on all my Linux machines including the HiveOS. Easy to install on Command line.
This will cut off ANY communication to the LAN from or to these boxes.
I generally add a whitelist rule for my main Tech PC to be able to SSH to them.
SMOS on the other hand, I don’t have much control over.
At this point, I am thinking I may wipe all accounts, all machines and just start fresh.
HUGE JOB
Also going to have to wipe and reload every 2FA used out there along with any and all passwords for any and all websites in my digital footprint.
I don’t need to tell anyone reading this ENORMOUS TASK!

I have been in networks since 1984 - yes for real, even spent 6 years teaching all over North America.

After all these decades in Network, I still say When I win the lottery, I am going to crush every electronic device I have in to pieces and dump them in the river before heading North.

THERE IS ABSOLUTELY NO SAFETY when it comes to NETWORK.
There are “safer” practices.

Well off I go to literally update and re-do every single bit of my digital footprint.
Sigh.
Windows users, I wouldn’t even bother, you share everything anyway.
FREE APPS everywhere ya FREE LoL

151755575_10158086297337336_4159779999052201216_n
151755575_10158086297337336_4159779999052201216_n503Ă—540 55.9 KB

1 Like
#4

Thank you for your info.

Newbie here I have an issue

I have 5700xt red devils
I was running on phoenix
I am trying to update my flight sheet and run with team redminer
but it keeps saying closed by pool?
mining ethereum on ethermine everything is the same except i changed to redminer.
Any insight?

#5

I tried etherminer samethin… lol miner is working but my hashrate went down from 55.4 to 53.

I did notice that the job accepted went down as well [ really do not understand exactly what this means ]
went from 45ms to 29ms. Is the lower the number the better?

#6

DaveTechCA,

You are paranoid.

Literally.

Your friends were using PHONE wallets! Them losing their money had nothing to do with Phoenixminer…

Using a phone wallet is risky and are a stupid idea.

Using a phone as a crypto wallet is as secure as putting all your fiat money in a shed in your back yard and hiding the key to the shed under the welcome mat of the shed.

It’s just plain reckless.

You talk about not trusting “closed source” software? Yet I can guarantee you use it constantly. Are you using a smartphone? Are you using Nvidia or AMD driver blobs in Linux? Do you have any smart home devices? Is your TV “smart”? Do you own a newer car?

Open source doesn’t necessarily make something more trustworthy, as well.

Malware, spyware, etc can hide in anything. Even open source… even if you compile your own Linux, unless you know how to read through the entire source code and confirm its safe, you could potentially be at risk.

As with all things in life, there is a certain amount of implicit trust we place in things around us. Risk is everywhere.

Why would the current builds of Phoenixminer suddenly be dangerous because the author has been unavailable for a month? Obviously, don’t download the binary unless the CRC hash matches the hash of the original. Don’t use fake versions (of Phoenixminer or any other software)… and don’t use PHONE WALLETS!

1 Like
#7

And if you’re worried about Windows versions of Phoenixminer, DON’T USE PHOENIXMINER ON YOUR WINDOWS PC.

And certainly don’t access your wallet using the Windows PC you run Phoenixminer on…

If that’s not feasible, you can also run Phoenixminer in Sandboxie in it’s own sandbox if you want to segregate it from all other processes running on your PC.

#8

phoenixminer dev team also has an explanation on this matter.

https://bitcointalk.org/index.php?topic=2647654.msg56526051#msg56526051

So decide for yourself, which one do you think is right and which one do you think is wrong.

2 Likes
#9

Outstanding. Freakin NiceHack
Should have known not to trust the A$$ha+s
December 6, 2017 Gone but not forgotten.

Thanks for the update.

#10

phone wallets have two way verification how can this be hacked? Even if your password is hacked if you wanna send money tru you have to email verification also text message verification so this is pretty much impossible. Unless you can tell me how? Using phonixminer is a risk on windows however if you don’t login to your wallet from the same pc you should be ok.

#11

Are you aware that there are Android and iOS trojans, malware and viruses that can take control of your phone?

It seems like every week I see another new story in my feed about apps in Google Play that were removed because they were actually trojans/malware/viruses in disguise.

Even legitimate applications can be hiding malicious code. Hackers have also been breaking into the update servers of legitimate companies, inserting their malicious code into updates that get pushed to applications.

It’s pretty easy to get into your email, text messages and wallet if the phone itself is compromised.

Nothing is 100% secure.

I think a hardware wallet is probably as close to “unhackable” as is possible. But of course, a hardware wallet costs money, and can be lost or destroyed.

#12

PhoenixMiner calls it a smear campaign against them. https://bitcointalk.org/index.php?topic=2647654.0

https://phoenixminer.info/downloads/

I have been using it for a long time and I have been tracking system calls and I haven’t found anything nefarious.

#13

This topic was automatically closed 416 days after the last reply. New replies are no longer allowed.