- Researchers have revealed two new ways to shut down cryptocurrency mining botnets.
- The methods exploit weaknesses in common mining protocols and pool policies.
- The first technique sends repeated invalid mining results, leading to bans on malicious proxies.
- The second approach overloads wallet addresses with multiple logins to trigger temporary bans.
- Experts say these tactics could disrupt malicious miners without affecting legitimate users.
Cybersecurity experts have announced two new techniques that can disrupt the networks used by cryptocurrency mining Malware. The findings, released on June 24, 2025, highlight vulnerabilities in the mining protocols and infrastructure that allow defenders to cripple these illegal operations.
The research, conducted by Akamai, explains that their methods take advantage of how many mining botnets operate. According to security researcher Maor Dahan, these techniques can significantly weaken a criminal cryptomining network or stop it entirely. Both tactics use rules in the Stratum mining protocol and public pool policies to force changes in an attacker’s setup.
One approach involves sending invalid mining job results, known as “bad shares,” to a mining proxy. Dr. Dahan describes this process: “By connecting to a malicious proxy as a miner, we can submit invalid mining job results — bad shares — that will bypass the proxy validation and will be submitted to the pool. Consecutive bad shares will eventually get the proxy banned, effectively halting mining operations for the entire cryptomining botnet.” The team used an internal tool, XMRogue, to carry out this process.
The second technique targets cases where the miner is directly connected to a public pool. According to the report, submitting more than 1,000 login requests using the attacker’s wallet can trigger an automatic ban of that wallet for an hour. This can pause malicious activities, but the attackers may recover after the ban period by stopping the login attempts.
Akamai confirmed that while these methods were tested against Monero miners, they could also apply to other cryptocurrencies. Dr. Dahan explained, “A legitimate miner will be able to quickly recover from this type of attack, as they can easily modify their IP or wallet locally. This task would be much more difficult for a malicious cryptominer as it would require modifying the entire botnet. For less sophisticated miners, however, this defense could completely disable the botnet.”
These developments show that defenders can use mining protocol rules and pool policies to reduce or end illegal crypto mining without affecting honest miners.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Digital Asset raises $135M to expand Canton Network blockchain
- Blockchain for Energy Joins Hedera Council to Advance Emissions Data
- Bitcoin, Crypto Rebound After Israel-Iran Crisis Spurs Market Jitters
- Bitcoin Mining Profitability Jumps 18% in May Amid BTC Price Surge
- Attackers Abuse Docker APIs and Tor to Launch Cloud Cryptojacking
