A Warning: I Decided to Try Mining and I Panicked

[Lito290]

Let me start off by saying: this post *and hopefully subsequent replies from people that know what they're doing* is meant for the people that decided to try mining (or are about to) and don't know where to start research-wise.

If anyone has any suggestions on how I should purge my system after hearing my tale, please leave some feedback below. Thanks!

 

Before you even consider reading the rest of this post if you're halfway serious about beginning your journey into mining, create a system restore point now. This will be an invaluable step to giving you peace of mind later. You'll also avoid my mistake.

 

Story time, it's a long one.

 

I once saw a video from a certain Media Group that promoted being able to mine using a piece of software called NiceHash. I'd always wanted to get into mining crypto, I just built a sweet new personal gaming PC with modern parts, and since I had just opened up a coinbase account, I figured I had a place to put those coins and now was a good time (for the old dogs that just cringed reading that, this journey of a thread will hurt)

 

I wanted to get this thing up as quickly as possible, so the NiceHashQuickMiner was the best way to go. Followed the link in the video description, created an account, watched a setup video, and away I went. AntiVirus? Nah, we'll shut it up and download it anyway, people are saying we're good. Let the auto-overclock do it's thing and ran the miner in the background when I slept, turned it off during my work/stream hours and kept that up for a few days. This went on for about 4 days. I was curious what the payout was like and decided to do a little digging. Turns out, even with my 3070, I was scheduled to only make about $7/week. That sounded WAY lower than what my skyrocketed expectations and youtube hype-men's words had flowered, so I decided to dig deeper.

 

I found a few videos talking about some beef between NiceHash and some other mining software and scoffed at it at the time, thinking "lol, guess it's a crazy world out there. Some people must really just want profits." I know, I hate me too.

 

Turns out, yes, you can get paid more mining on your own (in my case, about 5x). You see, you aren't mining in the traditional sense. Instead of trying to mine for a block the old fashioned way, you're essentially renting your PCs hardware out to NiceHash. They behave as a brokerage service so that people with cryptocurrency will pay them with said currency to use YOUR computer (and everyone else's that is using that application) to mine crypto for the top buyer, and you're getting a service fee from that transaction. If I've learned one thing about brokerages from playing the stock market since the beginning of quarantine, it's that the only people that truly profit off of these transactions are everyone but the workers.

 

So I decided I wanted to leave NiceHash behind for now. I wouldn't get rid of it entirely, especially since I still had unpaid funds left sitting in the account that hadn't yet reached the payout balance. Instead, I'd start looking into how I could quickly and easily get some mining software to start up to mine Ethereum Classic, the little brother to the new darling of the crypto mining world. I did a quick google search and, wouldn't you know it, all of the suggestions started pouring in. Sites in Russian, domains that end in .xxx, maybe a blog post or two from some random news places I had NEVER heard of in my life, you name it. I decided I wanted to go the easy route, something that just had a GUI and a "Mine" button that would magically do all the tinkering for me, and found out that there is a mining application built right into the Microsoft Store on Windows! What luck, Microsoft approved a mining app, this has to be safe and secure, it even has a discord. No virus popup either! You might notice I'm not dropping the name, yea, that's because after I installed it, it didn't work. I put the settings in I needed to, pointed to a pool address (just googled what that was 5 minutes beforehand, but at least I made sure to choose the ssl protocol), gave it my address and hit go. Not a thing. I joined the discord for help and, as I later figured out, this application was made back in 2017, never updated, and the discord was a ghost town with no mods answering any questions and messages still coming in, but DAYS in between them. I decided this may be a bit too sketch for my taste and that I should do a little more research, maybe taking the year into account. Uninstalled, ran a virus scan.

 

After that bust, I decided to try downloading a couple flavours of miners just to test the waters. After looking into some other sketchy blog-like websites that touted "THE BEST ETH AND ETC MINERS OF 2021", I decided to try BFGminer and ETHminer. I learned my lesson (kinda) about making sure the source was the right one. BFGminer's website looked kinda sketch, but after seeing SEVERAL (as in 5) reddit/blog posts saying the site and miner was legit, I gave it a download, extracted it (while AV was disabled, re-enabled after extraction) and started looking at the files. ETHminer, I found the official github page (thank god) and got the version that worked with my hardware, but saved extracting it for it BFG didn't work out.

 

I didn't know what I need to click to make anything run, I tried going through the readme, didn't see anything immediately helpful, so I just clicked on the exe. Nothing happened. Didn't even see and command prompt window open. Took a few looks at it and said "okay, no GUI is opening, not liking this. Let's move to the other one." Tried running it in admin mode *note: DON'T DO THIS* Thought I might've accidentally opened an instance running in the background and then realized "oh crap, it might be running but I didn't run it right so I can't see it. Might as well full shutdown to clear it out, then try to configure it." All the while, Kaspersky was freaking out saying "hey, this isn't a virus since you said you wanted it, but criminals use this thing. You know that, right?"

 

I was getting frustrated not knowing what to do with these files I just downloaded and executed on my computer, so I said screw it. I decided I wanted to use nanopool, and it turns out they have a miner that they have ready to mine on the pool, just put your address, rig name and email in and you're good to start! Got it from their official github page, filled in the blanks, click run and... AV blocks the execution of it. No problem, just run it in admin mode. After that, no problems popping up. It's running over SSL so no MITM crap or redirects, I'm not running the card very hard, only hitting about 60C and making sure it stayed within power limit and figured out I could make upwards of $5 a day! Decided to switch over to ETH at this point just to see what the hubbub is about and, hey, if it's gonna grow, I was fine with the mining rate the card was giving me.

Then I met the dev fee. I had no idea what this was or why Nanopool was double dipping with a pool AND a dev fee, so I looked it up and found out "yea, Nanominer has a stupid high dev fee and it's fairly limiting. Just use Claymore or Phoenix miner instead, it has better performance and lower dev fees." Sold, this has become a for-profit in my spare time thing anyway, might as well optimize it.

 

I didn't do any other research other than google the name "claymore miner," went to their website, found out their website sketched me out, found their github repo, and clicked download. I didn't want to waste any more time with configuring crap, so after I extracted it, I didn't even run the exe, just looked at the setup files. It seemed much more complicated than it was worth to set up, so I threw it in the recycling bin. Next one. Went to look at Phoenix miner and saw people praising it, saw setup guides on nanopool and other pools for it (oh yea, finally looked at pool options and found out ethmine might be a better choice), and all the posts were much more recent. This definitely felt like the right choice. Copped the miner from the official github page without much thought, plugged the commands into the batch file, and as soon as I tuned down nanominer, I started up Phoenix.

 

I had been running Phoenix for a few days by that point and had gotten rid of all traces of other miners EXCEPT for Nicehash, the windows store one (honestly didn't remember it was there till later), nanominer and phoenix. Only ran phoenix for a couple days after. this all culminates to around 2-3 days ago when I finally did my own due diligence. I asked myself "so, phoenix seems to be popular, but I saw an article saying something about viruses and compromising versions of it? What's going on?

Then I found Nicehash's statement. Big bold letters. "STOP using Phoenix miner immediately!" Oh poopy.

 

I click on the article, read through it, and absolutely panic, as one does at a FUD article over a subject they know little about. But, while I'm reading through this article, I find responses to this with youtube videos, which I watch, that link to the bitcoin talk forum that has the official statements, releases, and whole thread from Phoenix Miner themselves. They denounce any wrongdoing whatsoever, I breathe a quick sigh of relief, riiiiiight before reading what their campaign against NiceHash entails. This is where I finally learn about the correspondence, the individuals previously associated with NiceHash , the practices occuring, all of it.

 

As I am sitting there, absorbing both sides of the argument alongside words of wisdom from the OG miners while scrubbing through the thread, a sense of dread and a sudden realization washes over me.

 

What the kibledy-bips did I do to my machine over the past 2 weeks.

 

I downloaded not 1, not 2, but seven mining applications, the majority of which were unsigned, required me to disable my antivirus, and had to be run with heightened privileges to execute properly. I even uploaded the executables to a virus scanning site to cross-reference with all known databases, had half of them come back with "this is bad" and still went "well, that's life." None of that set any alarms off and I kept going until I found out that the best miners that were recommended were at each other's throats about how the other is too shady to be trusted. Not only this, I put all of this crap on my personal machine. Not a dedicated mining rig, not a throwaway laptop, not a secondhand PC with no data on it. My baby.

 

I got sick. I continued doing research on mining applications and realized claymore, one of the apps I download, was caught in an exit scam and stole all their user's gains. I read stories about how people that used miners, even the legitimate copies, were getting hacked and had ransomware, remote desktop access, random user privilege assignments and credit card details stolen (although many of them also either downloaded some other shady program, or didn't get an official version of the mining software). All I knew at that point was that I was in over my head in an area I wanted to leave.

 

I downloaded malwarebytes, started monitoring processes and services, uninstalled any application I hadn't used in the past month, went through the event logs to see if I was already compromised, and continuously scanned, quarantined, and deleted/shredded everything I could possibly think of that was tied to the miner on the machine. I checked the hash of every miner that I questioned whether it was official and whether or not it could be trusted (everything came back as the official SHA256 that I could find). While looking even deeper into the FUD stories of people that got hacked, I decided it was in my best interest to check my other devices such as my router to see if ports had been forwarded, slam my computer AND phone into VPN only mode for all apps, reset all of my access passwords for my machines and enable 2FA on all of the things, until I finally decided to take about 5 seconds and think about all the crap I was reading. The people that got hacked with mining software also had other shady downloads that they executed. A swathe of other people had suggested these miners, and all of them had a respectable amount of download or at least some semblance of safety tied to them that the damage could be undone. Even PhoenixMiner on their thread had stated "Why would we want to destroy a source of income for us. We can't get you to fully trust us, but maybe you'll believe we aren't idiots." Maybe I wasn't completely SoL.

 

I looked more into it and, as expected, the scams that had happened in the past had already happened. I didn't find any logs that didn't already occur previously on the system or processes/services that weren't normal. New weird new apps installed, no strange behaviour. The only issues that could crop up were based on what I already had on there with binaries I had no idea about. Problem was, I already ran this code, and I couldn't just go back in tiiiiiiiiiiii-RESTORE POINT.

 

Okay, not a fool-proof solution if you feel you've been hacked or have a virus, but at least a start. Go back to a restore point before you clicked the executable and ran the binaries and messed with the registry in ways YOU can't fix. I looked and, sadly, the furthest back my restore point was had been made after I had downloaded nanominer, meaning the BFGminer and ETHminer incidents would still have occurred. But, at least claymore and the current pressing issue, phoenixminer, would be wiped. I pulled the trigger on that and, as the computer restarted, flashed the bios for good measure. Sure, it overwrote my OC settings, but I can always set those again. It would be absolute mania trying to get another graphics card.

 

As I write this, dear reader, I am running another few scans of MBAM and Kaspersky, uninstalling all the programs over again to ensure nothing foul remains, and plan on soft-resetting windows to leave my files but put a fresh coat over this install, where I will once again flash the bios after it's completion for good measure. Is it helping me sleep better tonight? NO.

 

And this is the part where I leave the people looking to mine with guidelines and ask questions for the people that might be able to help me:

 

1. System restore. Do it if you haven't, do it again if you have.

2. bitcoin talk forum is THE place to go for mining any altcoin. They have a credit system that tells you how new someone is so you know who to avoid if they make a post about a miner, and the discussions there will point you in the right direction.

3. DON'T RUN IN ADMIN MODE.

4. Know that it will never be 100% safe. If that bugs you, this isn't for you.

5. Don't mine on your personal computer, if you can help it. It is possible if you trust the miner and have done the research (or know who to ask the right questions to) but unless you have some experience, it isn't worth risking your files to whatever attack might happen. Multiple ingress points here, even if you do things the right way.

 

So, my questions and concerns to the experts:

1. Based on the miners I said I had used at the times I used them (or only downloaded), do you still think there is risk that something has injected itself into my system? I had only ever used SSL connections to the pools, but I did not always have my VPN on while mining, and obviously, admin mode was stupid.
2. Am I going far enough with a windows soft reset, or should I go ahead and pull the trigger on formatting my hard drives and re-installing fresh with a bios flash? I'd prefer not to lose lose some apps, passwords and a decent chunk of files, but they were mainly archival in nature and anything super important I have backups of elsewhere.

3. Do we know of any network-spreading

4. What do you recommend to people wanting to dip their toes into mining? Seems like the entire place is a minefield people are tiptoeing around while snipers attempt to pop them in the head, miss, and blow someone else up.

[mariushm]

What I recommend is to research mining pools and pick a few of the largest mining pools with good terms for you... for example low minimum thresholds (ex as soon as i hit 0.01 send it to my eth account), low or no fees etc etc..

Those mining pools will usually have a FAQ page or some tutorial and will tell you what mining programs are recommended along with download links. They're usually safe. 

 

When I did some mining, I tended to check every  miner executable by uploading it to virustotal.com  - Yes, my antivirus detected it as a virus, by virustotal scans the executable with LOTS of antiviruses and each of them gives a description of what it finds.  if one antivirus says "malware,  crypto miner" ... well, that's not a virus, it just warns me that the software will use the video card to mine crypto and therefore can be bad because it heats up your video card and makes your PC consume electricity.

Learn to differentiate between actual viruses (trojans, keyloggers, ransomware) and messages from antiviruses that warn you it's crypto miner, that can be malware because abuses computer resources.

 

Antiviruses started to flag such miner programs as  malware because people started to take popular freeware programs or pirated games and made custom installers for such applications / games that automatically copied the miner program somewhere and made it run in background and mine for that person.  

 

It's always worth checking because I've also seen shareware sites offering miner programs for download, but the actual miner application was wrapped inside another application that silently dropped a keylogger and then launched the actual miner application everytime the miner software started  - the idea is they hope you open some application and type your password and then they transfer the crypto to their accounts.

 

I also suggest having separate wallets, and use a wallet you don't care about to mine and receive funds in ... then transfer funds from that wallet to your proper wallet, for which you have 2factor authentification or whatever, so even if you type the password on a vulnerable computer, it's useless for a hacker because the password/pin changes as soon as you entered it .

2 factor authentification things are cheap.

 

[RTX 3090]

I tried nicehash for a few hours and my income was like $0.10 a day. It was an absolute joke. I just gave up trying to mine after that

[RTX 3090]

This video explains the full thing between nicehash and phoenix in more detail

 

Goes to show the true colours of nicehash

[airborne spoon]

dam bro that took forever to read and i def lol'd reading it. honestly you sound like a boomer trying to operate a computer.

 

the whole stop using phoenix miner nonsense is for nicehash because they went full retard. as long as you got 5.5c or older from the link on bitcoin talk youre fine. something went screwy with 5.5d.

Also setting up a miner is not hard and they are all 99% exactly the same. hell sometimes when I'm trying out a new miner like team red miner i just copy the config file from phoenix to TRM and add a few arguments and its good to go.

 

I always run phoenix in admin mode because it runs smoother and easier and crashes less. i have no concern about malware because i got it from a reputable site via the link on the bitcointalk forum.

 

for real just calm down and get a millennial or even a zoomer to help you out because all your problems are EBCAK related.

[Lito290]

11 hours ago, airborne spoon said:

dam bro that took forever to read and i def lol'd reading it. honestly you sound like a boomer trying to operate a computer.

While I'm deffinitely not a zoomer, I am on the younger side of millennial. I've stated it in the story, I'll state it again, it's a realm I have little to no experience in, and I haven't had to go to the unwashed parts of the internet in a hot minute. Last time I did, I was a child with a laptop well past it's expiration date, thought I was hot shit for downloading TOR and going on the dark web, and got GPCoded. Glad I could offer some laughs though, was a heck of an over reaction.

 

It's not hard for me to set it up now that I understand it better. Quick edit to a batch file or config file, RTFM for extra parameters, press go. Fear of the unknown is what really got to me, especially since I had no idea what software to get, how it works or how to perform the due diligence to figure it out until after I found bitcointalk. Every mine with every file carried a decent amount of importance to me until I understood them.

 

11 hours ago, airborne spoon said:

the whole stop using phoenix miner nonsense is for nicehash because they went full retard. as long as you got 5.5c or older from the link on bitcoin talk youre fine. something went screwy with 5.5d.

Something didn't go screwy, 5.5d is not and will never be an official version according to phoenix miner. The official account was AWOL after their mega page got taken down, and ne'er-do-wellers started posting that they were the legit source since the account was "compromised" and posted version 5.5d loaded with malware. NiceHash believed the fake source and possibly included it with their full software, got called on it, and are now covering their tracks. The PhoenixMiner account came back and said "5.5d will never exist, next version is something different. We don't go past c for production."

 

I'm on Phoenix Miner's side in the argument at this point, but if that's the honor among these groups and you have to be that involved with the community to know what's right/wrong and stay updated, it just doesn't sit right with me to run this code on my machine. I'm a Software Engineer by trade, it's not so much "this will happen, it's the end of the world," more like "I know what can happen, so I better be sure about this" and with the vibes I'm getting, nahhhhhh. If I had a dedicated rig I could set up on a guest network or vlan on my router and keep the traffic and risks away from my (and my gf's) other devices, I'd run that thing into the ground.

 

I was the EBCAK in this situation, I can admit it. I'm hoping, through the TV drama script I posted, if someone is coming through with limited experience and is looking for a traumedy and a resource for where to go, this could be it.