What If Mining Pools Used Their Power For Evil

It’s a question you may not have thought about before, but it’s a valid concern to have. Mining pools have access to an immense amount of hash (computing) power in their race to create new blocks. Currently, this activity provides an invaluable service in maintaining the security of a blockchain. And, miners have a monetary incentive to keep par with the course.  

Those incentives may not be around forever, though. If bitcoin, or other cryptocurrencies, start losing value, those miners will need to switch to a more profitable activity or risk failure. 

Before getting into the doomsday scenario, though, let’s run through a quick mining pool refresher. 

How Do Mining Pools Work?

When you mine cryptocurrency, you effectively compete against other miners to solve a mathematical puzzle. The first miner to complete the problem gets to create a new blockchain block and receives a mining block reward of some cryptocurrency in return.  

The odds of earning a block reward correlate directly to the amount of hash power you dedicate to the network. The greater the amount of your hash power, the more frequently you create new blocks and receive cryptocurrency. 

Mining pools simply pool together the hash power of several miners. Pooling resources together is advantageous for miners as they’re able to earn a steady stream of income rather than sporadic, lump sum rewards. 

Mining Pools Control A Lot of Computing Power

Currently, Bitcoin’s average hash rate is 50,000,000 tera hashes per second (TH/s), or 50 million trillion hashes per second. Bitcoin’s largest mining pool, BTC.com, controls around 22 percent of that hash rate - 11,000,000 Th/s. Let’s do a little math now.

The Bitcoin network hash rate has bounced between 30 and 60 million TH/s over the last year. | Source: Blockchain

The Bitcoin network hash rate has bounced between 30 and 60 million TH/s over the last year. | Source: Blockchain

We can assume that a high-class ASIC miner consumes 0.1 watts per Gh/s, which equates to 100 watts per Th/s. Therefore, the BTC.com mining pool handles: 

(100 watts per Th/s) x (11,000,000 Th/s) = 1,100,000,000 watts or 1100 megawatts

Continuing the calculation, our mining pool then consumes 26.4 gigawatt-hours per day, which, finally, gives us 9636 gigawatt-hours per year.  

To put this into perspective, the Hoover Dam produces an average of 4500 gigawatt-hours each year. So, the BTC.com mining pool utilizes more electricity than two Hoover Dams. Or in other terms, the mining conglomerate consumes roughly the same energy as 925,000 American households

So, What Else Can Mining Pools Do With This Power?

Unfortunately (or fortunately depending on how you look at it), much of this computing power doesn’t translate well to activities outside of cryptocurrency mining.  

A large chunk of a bitcoin mining pools’ computing power comes from ASICs, highly functional processors explicitly built for cryptocurrency mining. Application-specific integrated circuit (ASIC) miners are specialized down to the type of cryptocurrency they can mine. For instance, you’re unable to mine bitcoin, which implements a SHA-256 algorithm, with a Litecoin (Scrypt algorithm) miner. 

However, some cryptocurrencies, such as Ethereum, utilize a GPU-exclusive mining algorithm. So, there are still plenty of general GPUs mining cryptocurrency that can transition to other functions. For that reason, it’s beneficial to examine what else mining pools can accomplish with all the computing power they have access to. 

A Force for Good 

There are quite a few positive activities towards which mining pools could use their energy. 

Instead of forcing miners to solve random mathematical puzzles, some projects have them contribute to an activity with inherent value, such as creating protein folding simulations. Protein folding is a computationally intensive process that assists with medical and other scientific research. Often, labs don’t have the resources to create these simulations, so outsourcing to cryptocurrency ‘miners’ brings a ton of value. 

As an alternative to mining, a few blockchain projects reward participants for loaning out their spare computing power to other machines. Artificial intelligence, machine learning, and CGI all require an immense amount of computing power that a single entity may have trouble producing on their own. A network of computers, though, can easily fill that gap. 

Or, an Evil Reckoning? 

But, not everyone naturally has good intentions. From a cybersecurity standpoint, mining pools also have the potential to cause serious harm. 

Recently. we conducted extensive analysis on one of the most disruptive acts a mining pool could contribute to - password cracking. The results are slightly frightening.   

Note: For these examples, we’re assuming that a hacker is using brute force methods to crack your password. Other, more sophisticated attacks exist (like dictionary attacks), so the estimates below are on the conservative side. 

Using a single GTX 1060 miner, it would take you around 40 days to crack an eight character SHA-256 password. If you plan on breaking a 12 character one, though, you better bring some popcorn because you’ll be waiting over 3 billion days. 

This example helps proves why, when it comes to creating your password, you need to consider complexity, but more importantly, you should create passwords with sufficient length

Ethermine is Ethereum’s largest mining pool, controlling over one-quarter of the hash rate. | Source: Etherchain

Ethermine is Ethereum’s largest mining pool, controlling over one-quarter of the hash rate. | Source: Etherchain

So, it’s clear that one miner can’t realistically crack your password. How about an entire mining pool?  

Ethermine, Ethereum’s largest mining pool, has 280 TH/s of hash power when attempting to crack Kerboros5 passwords. For those unfamiliar, Windows machines commonly implement Kerboros5 to hash passwords. 

With that amount of computing power, Ethermine could, if it so chooses, crack an eight character Kerboros5 password in 20 seconds. An eight character NTLMv2 password, another regular Windows option, would take less than a minute to break.  

Taking account the entire Ethereum network, common security tools like LastPass look like child’s play with a two minute cracking time. 

Amount of time it takes to crack eight-character password hashes using different levels of resources

Amount of time it takes to crack eight-character password hashes using different levels of resources

Examining twelve-character passwords, however, paints a much different picture. It would take Ethermine over 47 years to crack a Kerboros5 password with twelve characters and nearly double that time to break an NTLMv2 password of the same length. These timeframes, once again, demonstrate the importance of your password’s length.

Amount of time it takes to crack twelve-character password hashes using different levels of resources

Amount of time it takes to crack twelve-character password hashes using different levels of resources

Should You Be Worried? Yes and No. 

It’s highly unlikely that mining pools will switch away from cryptocurrency mining anytime soon. The current block rewards, crypto prices, and potential market growth make the opportunity too lucrative to pass up. 

However, as block rewards dwindle, transaction fees may not be incentive enough to keep many miners around. It’s possible we could have a host of GPUs lying around with which a mining pool, like Ethermine, could use nefariously. Even a single 6 GPU miner produces enough computing power to crack passwords. 
With more teraflops than the world’s fastest supercomputer, the options (both good and evil) for Ethereum’s top mining pools are truly endless.