The company emailed customers recently in an effort to be transparent and prepare them for any potential outages. The email read,
Dear Bitmain Customer,
This morning we received a concerning email from a group of hackers threatening Bitmain and our services with a DDoS attack and demanding a ransom payment to prevent the attack. Bitmain is committed to providing the best service possible to our users, and will not invite future attacks of this sort by giving in to the demands of hackers.
The hackers have demonstrated that they do possess the capability to execute a DDoS and that this is not an entirely empty threat, although we do not know the full extent of their capabilities. During the next few days, Bitmaintech.com, AntPool, AntPool.com, and&nbs p;Hashnest.com may experience intermittent outages. Our team is working hard to ensure that the effects of any possible attack will be as minimal as possible.
For those customers mining on AntPool, please make sure that you have configured your backup pools properly in the event that you are unable to access AntPool.
For HashNest users, mining payouts will continue as usual and there is no need to worry about lost revenue.
For sales, if you are unable to access our main website, you may contact us directly at [email protected].
Thank you for bearing with us during this time.
All the best,
The email was quickly posted to reddit by several users and was later confirmed by several Coin Fire readers via email. Coin Fire reached out to Bitmain for further information and comment.
Bitmain representatives confirmed that the threats against the Bitmain family of services were real to the Coin Fire editorial team. They also provided emails from the extortionists that revealed a well-known group of DDOS attackers are behind the threats.
An email from the attackers was sent to most employees within Bitmain, and demanded a bitcoin payment be made or the attacks would continue to increase. The email from the DD4BC group read,
To introduce ourselves first:
Or just google “DD4BC” and you will find more info.
So, it’s your turn.
Unless you pay 10 BTC to [redacted] within 12 hours from now, your pool servers are going under heavy DDoS attack.
Pay, and you will never hear from us again.
Usually, we attack first, then ask BTC to stop, but since your pool is too big, one of the largest Bitcoin pools, we are giving you time to act first, because we are well aware that even 1 hour offline would cause much larger damage then 10 BTC.
12 hours, because we are not in the same time zone and it’s morning in china, so we want to make sure that you had time to act.
AS PROOF that this is not an empty threat, we will run a small attack on on your servers now – [IP REDACTED]. Don’t worry it’s not going to be hard and will run for just 1 hour, so your server will not get null routed.
But if not paid, all your servers are going down for good.
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps.
IMPORTANT: You don’t even have to reply. Just pay 10 BTC to [REDACTED] – we will know it’s you and you will never hear from us again.
But if you ignore us, attack will start and price to stop will go to 20 BTC and will keep going up for every day of delay.
ONE MORE TIME: It’s a one-time payment. Pay and you will not hear from us ever again!
The DD4BC group is well-known to many in the cryptocurrency community for this tactic. Last year, the group attacked GreatBigBit, Nitrogren Sports, Bitalo, and several other services making the same demands.
The group initially targeted bitcoin gambling sites, knowing that many of them would be unable to reach out to law enforcement officials for help. Since then, they have expanded and begun attacking news sites, online radio services, bitcoin mining pools, exchanges, and other cryptocurrency services.
Instead of bowing down to the demands of the DD4BC group, the team at Bitmain spent the 10 BTC by offering it up in the bounty on Bitcoin Bounty Hunter. This is a bold move for the Bitmain team who could inevitably invite the attackers to strike harder as a result; however, companies and sites that bow down to the pressure of DD4BC and similar groups simply embolden the attackers to continue extorting other sites in the industry. Coin Fire has received similar demands from anonymous groups in the past that were not paid.