Saved in:
Bibliographic Details
Main Authors: Pouliquen, Pierre, Barral, Hadrien, Naccache, David, Heckmann, Thibaut, Houssais, Antoine
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.03770
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915983391719424
author Pouliquen, Pierre
Barral, Hadrien
Naccache, David
Heckmann, Thibaut
Houssais, Antoine
author_facet Pouliquen, Pierre
Barral, Hadrien
Naccache, David
Heckmann, Thibaut
Houssais, Antoine
contents ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic importance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution ecosystem of mining devices fundamentally challenges existing trust assumptions. We introduce a scalable methodology based on the collection and static analysis of publicly distributed firmware artifacts, requiring neither device access nor runtime interaction. Applying this approach, we reconstruct and analyze 134 firmware images spanning manufacturers that account for over 99% of deployed miners (Bitmain, MicroBT, Canaan, Iceriver). Our results reveal that firmware artifacts alone are sufficient to recover internal architecture, identify security weaknesses, and reconstruct complete attack paths leading to high-impact adversarial objectives. In particular, our analysis reveals vulnerabilities that enable realistic large-scale attack scenarios, including firmware phishing and the exploitation of miners still operating over Stratum V1. Validation on two real devices confirms that publicly distributed artifacts closely reflect deployed software and that these weaknesses translate into attack capabilities. Overall, our study shows that firmware distribution mechanisms themselves constitute a primary attack surface, significantly lowering the barrier to compromise in the ASIC mining ecosystem.
format Preprint
id arxiv_https___arxiv_org_abs_2605_03770
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Firmware Distribution as Attack Surface: A Security Study of ASIC Cryptocurrency Miners
Pouliquen, Pierre
Barral, Hadrien
Naccache, David
Heckmann, Thibaut
Houssais, Antoine
Cryptography and Security
Software Engineering
D.4.6; K.6.5; C.2.0
ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic importance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution ecosystem of mining devices fundamentally challenges existing trust assumptions. We introduce a scalable methodology based on the collection and static analysis of publicly distributed firmware artifacts, requiring neither device access nor runtime interaction. Applying this approach, we reconstruct and analyze 134 firmware images spanning manufacturers that account for over 99% of deployed miners (Bitmain, MicroBT, Canaan, Iceriver). Our results reveal that firmware artifacts alone are sufficient to recover internal architecture, identify security weaknesses, and reconstruct complete attack paths leading to high-impact adversarial objectives. In particular, our analysis reveals vulnerabilities that enable realistic large-scale attack scenarios, including firmware phishing and the exploitation of miners still operating over Stratum V1. Validation on two real devices confirms that publicly distributed artifacts closely reflect deployed software and that these weaknesses translate into attack capabilities. Overall, our study shows that firmware distribution mechanisms themselves constitute a primary attack surface, significantly lowering the barrier to compromise in the ASIC mining ecosystem.
title Firmware Distribution as Attack Surface: A Security Study of ASIC Cryptocurrency Miners
topic Cryptography and Security
Software Engineering
D.4.6; K.6.5; C.2.0
url https://arxiv.org/abs/2605.03770