How $800 hardware can sniff Bitcoin miner traffic via satellite

UC San Diego and the University of Maryland researchers have reported findings displaying that roughly half of GEO satellite downlinks carry information with out encryption.

Further, information interception can be reproduced with simply $800 of shopper hardware.

Per WIRED, the group captured telco backhaul, industrial management traffic, and law-enforcement communications, and reported fixes to affected suppliers the place attainable.

UCSD’s Systems and Networking group lists the paper “Don’t Look Up” for CCS 2025 in Taipei, reinforcing that this isn’t a lab curiosity however a documented, peer-reviewed disclosure pipeline. The technique targets legacy satellite backhaul moderately than any single software layer.

Moreover, the study lined solely a slice of seen satellites from San Diego, which means a wider international floor.

Bitcoin in house – new dangers from low cost hardware

For Bitcoin miners and swimming pools working from distant websites, the publicity maps cleanly to at least one operational selection: transport safety on the trail that carries Stratum.

Stratum is the protocol that connects miners to swimming pools, distributes work templates, collects shares and block candidates, directs hashpower, and determines how rewards are accounted for.

Historical deployments of Stratum V1 usually run over plaintext TCP until operators explicitly allow TLS, which suggests pool endpoints, miner identifiers, and job templates can traverse radio hyperlinks within the clear when satcom backhaul is in play.

The Stratum V2 specification ships with authenticated encryption by default, utilizing a Noise handshake and AEAD ciphers, which closes the passive interception angle and hardens integrity towards share hijack makes an attempt that rely upon manipulation of upstream traffic.

According to the Stratum V2 security spec, operators can bridge older rigs via a translation proxy, so firmware swaps on ASICs aren’t required to begin encrypting classes.

This satellite discovering doesn’t implicate each “Bitcoin over house” system.

Blockstream Satellite broadcasts public Bitcoin block information as a one-way downlink, and its Satellite API helps encrypted messages from senders, which locations it in a special class than GEO backhaul, which transports personal management traffic.

Per Blockstream, the service exists to enhance community resilience for receiving blocks in areas with poor web entry and to not carry pool credentials or miner management classes. Blockstream’s May network update confirms ongoing operations and frequency adjustments, and doesn’t change the menace mannequin for Stratum hyperlinks that miners management.

Budget stress issues for safety rollouts. Hashrate is hovering close to 1.22 ZH/s, and up to date miner economics put hashprice round $51 per PH per day in late September, with the forward curve within the high-forties to low-fifties into the primary half of 2026.

According to Hashrate Index, the up to date This fall 2025 heatmap particulars nation shares, which helps infer the place satellite backhaul is extra widespread resulting from terrestrial constraints. Present income situations imply operators watch working prices intently, but the first expense for transport encryption is engineering time, not new hardware, which lowers friction for near-term hardening.

A easy sensitivity mannequin frames the draw back if community parts nonetheless ship Stratum V1 over unencrypted satellite hyperlinks.

Security modeling

Let H denote complete hashrate close to 1,223 EH/s, and outline p_sat because the share utilizing satellite backhaul, p_geo because the share of these on GEO moderately than encrypted LEO or terrestrial, and p_v1 because the share nonetheless working Stratum V1 with out TLS.

At-risk hashrate equals H × p_sat × p_geo × p_v1. The ranges under illustrate order-of-magnitude publicity and the worth of migration to TLS or Stratum V2.

Scenario	Assumptions (p_sat / p_geo / p_v1)	EH/s at confidentiality threat
Low	0.5% / 30% / 20%	0.37
Base	1% / 50% / 40%	2.45
High	3% / 60% / 50%	11.01
Worst-case	5% / 60% / 60%	22.01

The operational steering follows straight from the protocol stack.

First, implement TLS throughout all Stratum V1 endpoints and on the routers in entrance of them. Then, want Stratum V2 for brand spanking new hyperlinks and add an SV1→SV2 translation proxy the place hardware constraints exist.

TLS 1.3 handshakes are full in a single spherical journey, and manufacturing measurements present low CPU and community overhead on trendy techniques.

The efficiency price is limited in most deployments, which clears a standard objection for distant websites that watch latency and utilization. According to the Stratum V2 spec, authenticated encryption protects each confidentiality and integrity of channel messages, which removes the simple win for passive eavesdroppers documented by the satellite examine.

Backhaul decisions matter past header encryption.

Where operators can keep away from legacy GEO, an encrypted LEO service or terrestrial path reduces interception threat, though no transport selection replaces endpoint hygiene.

When GEO stays needed, implement encryption at each hop, disable insecure administration interfaces on satellite modems, and monitor for anomalies in share patterns and endpoint drift that might reveal interference.

The UCSD and UMD work reveals that downlink interception is reasonable and scalable with commodity hardware, which weakens any assumption that radio hyperlinks escape consideration resulting from bodily distance from the adversary.

Providers, together with T-Mobile, addressed particular findings after disclosure, which reveals that remediation is sensible as soon as visibility exists.

Can this be patched?

The subsequent yr will decide how shortly swimming pools and miners normalize encrypted transport. One path is safe by default, the place swimming pools settle for V1 solely over TLS and promote V2 broadly. Translation proxies easy the transition for older fleets, compressing the window for interception.

A slower path leaves an extended tail of unencrypted or partially encrypted websites, creating opportunistic publicity for actors with uplink interference capabilities.

A 3rd path resists change and banks on obscurity, which turns into tougher to justify as instruments from the examine percolate and proof-of-concepts transfer from academia to hobbyist communities.

None of those trajectories requires protocol invention, solely deployment decisions that align with well-understood primitives.

Confusion round Blockstream Satellite can distract from the actionable repair. Pool credentials don’t reside within the broadcast of public block information, and its API helps encrypted payloads for person messages, which separates resilience from control-plane privateness.

The service strengthens receive-side redundancy for the Bitcoin community in areas with weak connectivity, and doesn’t change transport safety on miner-to-pool hyperlinks.

The examine makes one level clear for operators who run from the sting on radio backhaul: plaintext management traffic is now trivial to look at, and encrypting Stratum is an easy, low-overhead repair.

The operational path is TLS for V1 right this moment, then Stratum V2.

Noderunner threat

Node operators, or “noderunners,” face a special threat profile than miners as a result of Bitcoin nodes usually obtain and relay public blockchain information moderately than personal credentials or cost directions.

Running a full node doesn’t require transmitting delicate authentication materials over a satellite hyperlink; the information exchanged, blocks, and transactions are already public by design.

However, if a node depends on GEO satellite backhaul for bidirectional web entry, the identical publicity that impacts any unencrypted TCP traffic applies: friends, IPs, and message metadata might be noticed or spoofed if transport encryption is absent.

Using Tor, VPNs, or encrypted overlay networks like I2P minimizes this footprint.

In distinction to miners utilizing Stratum V1, node operators aren’t leaking value-bearing management traffic however ought to nonetheless encrypt administration interfaces and community tunnels to stop deanonymization or routing interference.

The put up How $800 hardware can sniff Bitcoin miner traffic via satellite appeared first on CryptoSlate.

How $800 hardware can sniff Bitcoin miner traffic via satellite

Bitcoin in house – new dangers from low cost hardware

Security modeling

Backhaul decisions matter past header encryption.

Can this be patched?

Noderunner threat

AP and ALR have partnered to release three American-made coins worth watching during the second week of September

Anchor Mining Expands Cloud Mining Services for XRP Users

These 3 Asian markets have switched on tokenized finance faster than the US

What California ban on forced crypto liquidation really means

A toxic trend that suggests the IPO window is slamming shut for most crypto companies ignored Circle

How Saylor and Strategy plan to kickstart Bitcoin buying internationally

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!

Bitcoin in house – new dangers from low cost hardware

Security modeling

Backhaul decisions matter past header encryption.

Can this be patched?

Noderunner threat

Similar Posts

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!