{"id":10310,"date":"2022-03-31T15:31:45","date_gmt":"2022-03-31T15:31:45","guid":{"rendered":"http:\/\/ci029d8720f00027cb"},"modified":"2022-03-31T15:31:45","modified_gmt":"2022-03-31T15:31:45","slug":"basic-threat-modeling-for-bitcoin-mining-at-home","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/business\/basic-threat-modeling-for-bitcoin-mining-at-home","title":{"rendered":"Basic Threat Modeling For Bitcoin Mining At Home"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p>Home mining is one of the best expressions of individual sovereignty available, but every retail mining operation carries a variety of risks that need to be accounted for and mitigated as much as possible.<\/p>\n<p>Broadening awareness of the benefits of converting electricity into KYC-free units of censorship-resistant internet money in a basement, garage or backyard shed has been<a href=\"https:\/\/bitcoinmagazine.com\/business\/retail-bitcoin-miners-are-resilient\"> a key catalyst<\/a> for the<a href=\"https:\/\/bitcoinmagazine.com\/business\/at-home-bitcoin-mining-is-surging\"> ongoing surge<\/a> in at-home mining. But just like storing private keys can involve tedious operations security (OPSEC) measures and careful planning, every serious miner must also consider the risks and vulnerabilities of their home mining operations. Unlike secure storage planning, however, mining faces a significantly wider array of heightened risks.<\/p>\n<p>Understanding these risks and modeling responses to prevent or react to attack scenarios is essential for long-term, at-home mining success.<\/p>\n<h2>Home Bitcoin Mining Vulnerabilities<\/h2>\n<p>Theft is the most basic and obvious vulnerability to at-home bitcoin miners. For starters, every mining operation regardless of scale involves at least one <a href=\"https:\/\/bitcoinmagazine.com\/business\/tracking-bitcoin-price-and-mining-market\">rather valuable piece of computing equipment<\/a> \u2014 a bitcoin ASIC miner \u2014 built with precious metals and specialized microchips that sells for anywhere from a few hundred dollars to over $10,000 at current prices,<a href=\"https:\/\/insights.braiins.com\/en\/#profitability_of_popular_asics\" target=\"_blank\" rel=\"noopener\"> depending on the model<\/a>.<\/p>\n<p>Visibility is also a concern. How conspicuous is a mining setup? Just like publicly advertising large amounts of bitcoin-denominated wealth is always ill advised, distinctly noticeable mining setups aren\u2019t always the safest. Noise levels, heat signatures, spiking electricity bills and other signals are easy giveaways (with relatively simple mitigations) to close neighbors or utility companies that someone is probably <a href=\"https:\/\/bitcoinmagazine.com\/guides\/bitcoin-mining\">mining bitcoin<\/a>. Consider a permanent bare spot on an otherwise snowy roof or an ongoing 80-decibel fan noise as examples, and the point is made.<\/p>\n<p>Custody is also a key consideration since miners are responsible for managing the security of each step in the flow of mining rewards from their pool accounts to cold storage.<\/p>\n<p>The list of potential vulnerabilities goes on, and not every mining operation faces the same types or degrees of risks. But every setup has risks. Beyond just acquiring hardware, transmitting power and building efficient airflows, modeling these risks is an essential part of every miner\u2019s planning.<\/p>\n<h2>Threat Model Basics For Home Bitcoin Mining<\/h2>\n<p>So, what is a threat model?<\/p>\n<p>The term \u201cthreat model\u201d is just a fancy way of expressing what someone is defending and who they\u2019re defending it from. And unlike a financial model, threat models are minimally mathematical and highly intuitive and deductive in assessing what risks exist and how to mitigate them.<\/p>\n<p>Consider the example of<a href=\"https:\/\/www.cnbc.com\/2021\/05\/28\/bitcoin-mine-discovered-by-uk-police-on-cannabis-farm-raid-.html\" target=\"_blank\" rel=\"noopener\"> cannabis farmers who doubled as bitcoin miners<\/a> outside of the U.K. city of Birmingham. Police inadvertently discovered their illegal bitcoin mine while raiding their illegal cannabis farm. It\u2019s safe to say that the threats facing this cannabis-bitcoin venture were poorly modeled and mitigated, if at all.<\/p>\n<p>For most technology companies, threat modeling usually involves code review and software changes. For most humans, day-to-day threat modeling is intuitive, which is why most people prefer well-lit walkways to dark alleys. For miners, the same sort of threat assessments affect a variety of software, firmware and hardware products.<\/p>\n<h2>Building A Home Bitcoin Mining Threat Model<\/h2>\n<p>Threat models can be as complex or simplistic as the creator wants. But a home miner can\u2019t adequately prepare against potential threats if they don\u2019t understand what risks they face.<\/p>\n<p>Setting the scope of a threat model is the first and possibly most important step. Think carefully about what needs protecting (e.g., mining hardware, site access, electrical and cooling infrastructure, internet access, payout deposits and wallet storage) and who it needs protection from (e.g., friends and family, neighbors or unexpected visitors, targeted attacks). Of course, not every miner faces the same potential risks. Someone with two S9s in a suburban neighborhood deals with different risks than a landowner in the Midwest with a dozen S19s on 80 acres. But listing any possible attack scenario is key to setting the scope of the model. <\/p>\n<p>The key to making this list is simply asking, \u201cWhat could go wrong?\u201d Any answer gets added to the list.<\/p>\n<p>Focusing on pool accounts and payout withdrawals, for example, this aspect of a mining threat model would include pool account security and planning strategies and tools to account for vulnerabilities in password protection, two-factor authentication, payout address reuse, etc.<\/p>\n<p>Likelihood and effort are two additional considerations. Take the \u201cbad scenario\u201d list and use basic probabilistic attack analysis to evaluate how likely each risk in the list is to happen. After ranking these scenarios, decide how much effort and preparation each item deserves. This involves two steps phrased as questions. First, what mitigatory steps are required for a particular risk? Second, based on the perceived likelihood of a given threat, how much effort is a miner willing to give to prevent it? There is no rulebook or answer key for this process. Each of these steps are up to the discretion of the miner.<\/p>\n<p>\u201cLet\u2019s build a threat model\u201d isn\u2019t usually the first thought a home miner has when planning their operation, but this extra OPSEC work can avoid serious problems in the future. And threat modeling really isn\u2019t that complex. But, like any other aspect of OPSEC, threat analysis is best thought of as an ongoing process that can always be adapted and refined, not a finished task.<\/p>\n<h2>Additional Resources<\/h2>\n<p>Nothing in this article is meant to be an exhaustive explanation of how to safeguard a home mining setup. Instead, the goal of this article is to provide a simple breakdown of what threat models are, how miners can use them and encourage home miners to begin building one of their own.<\/p>\n<p>Continue reading about threat modeling and how to develop one for a mining operation with these resources:<\/p>\n<ul>\n<li>The Electronic Frontier Foundation published a<a href=\"https:\/\/ssd.eff.org\/en\/module\/your-security-plan\" target=\"_blank\" rel=\"noopener\"> surveillance self-defense guide<\/a> with an important chapter on developing a security plan. <\/li>\n<li>Over a dozen security professionals published a<a href=\"https:\/\/www.threatmodelingmanifesto.org\/\" target=\"_blank\" rel=\"noopener\"> <\/a>\u201c<a href=\"https:\/\/www.threatmodelingmanifesto.org\/\" target=\"_blank\" rel=\"noopener\">Threat Modeling Manifesto.<\/a>\u201d<\/li>\n<li>Carnegie Mellon\u2019s Software Engineering Institute published a<a href=\"https:\/\/insights.sei.cmu.edu\/blog\/threat-modeling-12-available-methods\/\" target=\"_blank\" rel=\"noopener\"> lengthy article<\/a> on available methods for successful threat modeling.<\/li>\n<li>One of the principal security solutions architects at Amazon Web Services also published a<a href=\"https:\/\/aws.amazon.com\/blogs\/security\/how-to-approach-threat-modeling\/\" target=\"_blank\" rel=\"noopener\"> long article<\/a> about how to approach threat modeling.<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Small miners, especially at-home operators, are mostly left to fend for themselves regarding the security and threats facing their setups. Large institutional miners always have best operational security practices and threat models in place to safeguard their mining facilities. But there is no playbook or standardized manual for at-home mining security.<\/p>\n<p>Even for miners who have been hashing for years, it\u2019s never too early or too late to create a threat model for an at-home operation of any scale. Thinking carefully about all aspects of home mining and planning to safeguard them with a custom-made threat model is key to ensuring a miner\u2019s long-term survival. <\/p>\n<p><em>This is a guest post by Zack Voell. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or <\/em>Bitcoin Magazine<em>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In addition to the KYC-free units of censorship-resistant internet money, mining bitcoin at home brings unique security threats.<\/p>\n","protected":false},"author":2801,"featured_media":4377,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[189,422,1138,2327,73,330,2460],"class_list":["post-10310","post","type-post","status-publish","format-standard","has-post-thumbnail","category-business","tag-bitcoin-mining","tag-feature","tag-home-mining","tag-opsec","tag-privacy","tag-security","tag-threat-modeling"],"author_data":{"id":2801,"name":"Zack Voell","nicename":"zack-voell","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/752422daad6c455e7c730e136464e6c80ff641be43afa9e92230dfd835257e41?s=96&d=robohash&r=g"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/bitcoin-mining-asic-security.png","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/10310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2801"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=10310"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/10310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/4377"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=10310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=10310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=10310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}