Stratum, the de-facto mining communication protocol used by blockchain based cryptocurrency systems, enables miners to reliably and efficiently fetch jobs from mining pool servers. In this paper we exploit Stratum’s lack of encryption to develop passive and active attacks on Bitcoin’s mining protocol, with important implications on the privacy, security and even safety of mining equipment owners. We introduce StraTap and ISP Log attacks, that infer miner earnings if given access to miner communications, or even their logs. We develop BiteCoin, an active attack that hijacks shares submitted by miners, and their associated payouts. We build BiteCoin on WireGhost, a tool we developed to hijack and surreptitiously maintain Stratum connections. Our attacks reveal that securing Stratum through pervasive encryption is not only undesirable (due to large overheads), but also ineffective: an adversary can predict miner earnings even when given access to only packet timestamps. Instead, we devise Bedrock, a minimalistic Stratum extension that protects the privacy and security of mining participants. We introduce and leverage the mining cookie concept, a secret that each miner shares with the pool and includes in its puzzle computations, and that prevents attackers from reconstructing or hijacking the puzzles.
We have implemented our attacks and collected 138MB of Stratum protocol traffic from mining equipment in the US and Venezuela. We show that Bedrock is resilient to active attacks even when an adversary breaks the crypto constructs it uses. Bedrock imposes a daily overhead of 12.03s on a single pool server that handles mining traffic from 16,000 miners.
 Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov. Deanonymisation of clients in bitcoin p2p network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 15–29. ACM, 2014.
 Philip Koshy, Diana Koshy, and Patrick McDaniel. An analysis of anonymity in bitcoin using p2p network traffic. In International Conference on Financial Cryptography and Data Security, pages 469–485. Springer, 2014.
 Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. A fistful of bitcoins: Characterizing payments among men with no names. In Proceedings of the 2013 Conference on Internet Measurement Conference, pages 127–140, 2013.
 Elli Androulaki, Ghassan Karame, Marc Roeschlin, Tobias Scherer, and Srdjan Capkun. Evaluating user privacy in bitcoin. In Proceedings of the Financial Cryptography and Data Security, pages 34–51, 2013.
 Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. Zerocoin: Anonymous distributed e-cash from bitcoin. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, pages 397–411, 2013.
 Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. Zerocash: Decentralized anonymous payments from bitcoin. In Proceedings of the Symposium on Security and Privacy, pages 459–474, 2014.
 Joseph Bonneau, Arvind Narayanan, Andrew Miller, Jeremy Clark, Joshua A Kroll, and Edward W Felten. Mixcoin: Anonymity for bitcoin with accountable mixes. In Proceedings of the International Conference on Financial Cryptography and Data Security, pages 486–504, 2014.
 Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, and Edward W. Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In Proceedings of the IEEE Symposium on Security and Privacy, 2015.
 BBC. We Looked Inside a Secret Chinese Bitcoin Mine. http://www.bbc.com/future/story/20160504-we-looked-inside-a-secret-chinese-bitcoin-mine, May 2016.
 allinvain. I just got hacked - any help is welcome! (25,000 BTC stolen). https://bitcointalk.org/index.php?topic=16457.msg214423#msg214423, June 2011.
 dree12. List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old]. https://bitcointalk.org/index.php?topic=83794.0#post_mybitcoin_theft, May 2012.
 Ed Williams. Kidnappings in Venezuela. American Diplomacy, 2011.
 Wikipedia. Legality of Bitcoin by Country. https://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country.
 Cryptocoins News. Top 10 Countries in Which Bitcoin is Banned. https://www.cryptocoinsnews.com/top-10-countries-bitcoin-banned/, May 2015.
 Cryptocoins News. Report: Two Venezuelan Men Arrested for Mining Bitcoin. https://www.cryptocoinsnews.com/report-two-venezuelans-arrested-mining-bitcoin/, March 2016.
 Bitcoin Magazine. Venezuela Seems to Be Cracking Down on Bitcoin. https://bitcoinmagazine.com/articles/venezuelaseems-be-cracking-down-bitcoin/, February 2017.
 Jim Epstein. The Secret, Dangerous World of Venezuelan Bitcoin Mining. http://reason.com/archives/2016/11/28/the-secret-dangerous-world-of, 2017.
 Stratum mining protocol specification. https://slushpool.com/help/!/manual/stratum-protocol, Last accessed in July 2016.
 Stratum mining protocol - Displacing GBT. https://en.bitcoin.it/wiki/Stratum_mining_protocol#Displacing_GBT, Last accessed in July 2016.
 Litecoin pool mining. https://www.litecoinpool.org/help, Last accessed in Oct 2016.
 Ethereum pool mining. https://forum.ethereum.org/discussion/7091/stratum-mining-protocol-for-ethereum, Last accessed in Oct 2016.
 Monero pool mining. https://dwarfpool.com/xmr, Last accessed in Oct 2016.
 Cryptocoins Market Capitalization. https://coinmarketcap.com/, Last accessed in Oct 2016.
 Stratum mining protocol description. https://en.bitcoin.it/wiki/Stratum_mining_protocol, Last accessed in July 2016.
 Number of Bitcoin Miners Far Higher Than Popular Estimates. http://bravenewcoin.com/news/number-of-bitcoin-miners-far-higher-than-popular-estimates/, May 2015.
 Neighbourhood Pool Watch. http://organofcorti.blogspot.com.au/.
 An estimation of hashrate distribution amongst the largest mining pools. https://blockchain.info/pools.
 Alex Biryukov and Ivan Pustogarov. Bitcoin over Tor isn’t a Good Idea. In Proceedings of the IEEE Symposium on Security and Privacy, pages 122–134, 2015.
 Collected Stratum Traffic Data. https://mega.nz/#!FRVn0ZQT!00yzShFT5Rg5T1yVOzYOoVFxbzuibnzRqGJ7spSmac.
 F2Pool Help Page. https://www.f2pool.com/help, Last accessed in July 2016.
 Antpool. https://www.antpool.com/.
 Ghash.io. http://ghash.io/.
 Slush pool. https://slushpool.com/home/.
 Btcc pool. https://pool.btcc.com/.
 Bitcoin pools hashrate distribution. https://blockchain.info/pools, Last accessed in July 2016.
 Wikipedia. Telecommunications data retention, 2011.
 Christian DeSimmone. Pitting karlsruhe against luxembourg-german data protection and the contested implementation of the eu data retention directive. German LJ, 11:291, 2010.
 Dialy News: NSA analysts spied on spouses, girlfriends: documents. http://www.nydailynews.com/news/politics/nsa-analysts-spied-spouses-girlfriends-documents-article-1.2058282, Last accessed in August 2016.
 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V Krishnamurthy, and Lisa M Marvel. Off-path tcp exploits: Global rate limit considered dangerous.
 Zhiyun Qian and Z Morley Mao. Off-path tcp sequence number inference attack-how firewall middleboxes reduce security. In 2012 IEEE Symposium on Security and Privacy, pages 347–361. IEEE, 2012.
 CoinDesk. Gallery: Fire Destroys Thai Bitcoin Mining Facility. http://www.coindesk.com/gallery-fire-destroys-thaibitcoin-mining-facility/, November 2014.
 Shijack - TCP session hijacking. https://www.exploit-db.com/papers/13587/, Last accessed in July 2016.
 Juggernaut - TCP session hijacking. http://phrack.org/issues/50/6.html, Last accessed in July 2016.
 Hunt - TCP session hijacking. http://linux.die.net/man/1/hunt, Last accessed in July 2016.
 Ilias Giechaskiel, Cas Cremers, and Kasper Rasmussen. On bitcoin security in the presence of broken crypto primitives. eprint.iacr.org, 2016.
 AntMiner S7. https://bitmaintech.com/productDetail.htm?pid=00020150827084021471OHYdwd9D06A0, Last accessed in July 2016.
 Van Jacobson, Craig Leres, and Steven McCanne. Tcpdump public repository. http://www.tcpdump.org, 2003.
 Philippe Biondi. Scapy. see http://www.secdev.org/projects/scapy, 2011.
 Christian Decker and Roger Wattenhofer. Information propagation in the bitcoin network. In IEEE P2P 2013 Proceedings, pages 1–10. IEEE, 2013.
 Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
 George Bissas, Brian Neil Levine, A Pinar Ozisik, Gavin Andresen, and Amir Houmansadr. An analysis of attacks on blockchain consensus. preprint arXiv:1610.07985, 2016.
 Nicolas T Courtois and Lear Bahack. On subversive miner strategies and block withholding attack in bitcoin digital currency. arXiv preprint arXiv:1402.1718, 2014.