Author

Topic: Would it be easy for Pool operators to steal from miners? (Read 1237 times)

legendary
Activity: 1456
Merit: 1000
They could steal your money, but you would realize that quickly because you could see where are your reward from a block. And you could realize that your reward decrease with same difficulty and hash rate. They can control block reward for miners easily if they want

There is a lot they could way's they could do it.  But eventually someone would most likely put it together doing math on what they should earn.  Most don't just trust and not run any ROI math.

If a pool did this once caught they would loose all workers.  So were talking about a move that would stop future business.  I don't see this happening on major pools at least.
sr. member
Activity: 364
Merit: 250
They could steal your money, but you would realize that quickly because you could see where are your reward from a block. And you could realize that your reward decrease with same difficulty and hash rate. They can control block reward for miners easily if they want
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
I mean if a pool isn't paying you you're going to find out pretty quick. It's easy to see where the money went and if you're getting money or not.
sr. member
Activity: 267
Merit: 250
6th BTC reached. Thank you for your support
Lets say for F2Pool, if one of the miners found the hash for the current block, and report it to F2Pool, instead of broadcasting to the blockchain and get reward for the Pool, a few simple line of code can redirect the Hash to an outside miner and they then broadcast it to the blockchain and get the reward.
Nope - can't do that.  The hash is specific for the block header in question.  That block header depends on the content of that block.  So if some 'outside miner' wanted the bitcoin reward, the coinbase transaction would first have to be changed to pay out only to that 'outside miner'.  When that happens, the hash calculated earlier will no longer be valid.

Miners at pools generally cannot scam the pool operators - regardless of traditional pool or P2Pool - for this very reason.

There were some suggestions of actually turning that upside down - e.g. making it so that the individual miner could steal from a pool.  I don't know if any pool has dared implement that.  Further reading (one of several such articles): http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/

thank you for the clarification.
hero member
Activity: 686
Merit: 500
FUN > ROI
Lets say for F2Pool, if one of the miners found the hash for the current block, and report it to F2Pool, instead of broadcasting to the blockchain and get reward for the Pool, a few simple line of code can redirect the Hash to an outside miner and they then broadcast it to the blockchain and get the reward.
Nope - can't do that.  The hash is specific for the block header in question.  That block header depends on the content of that block.  So if some 'outside miner' wanted the bitcoin reward, the coinbase transaction would first have to be changed to pay out only to that 'outside miner'.  When that happens, the hash calculated earlier will no longer be valid.

Miners at pools generally cannot scam the pool operators - regardless of traditional pool or P2Pool - for this very reason.

There were some suggestions of actually turning that upside down - e.g. making it so that the individual miner could steal from a pool.  I don't know if any pool has dared implement that.  Further reading (one of several such articles): http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/
legendary
Activity: 1722
Merit: 1000
The risk reward here is to high.  Found out once and your pool is dead instantly.
newbie
Activity: 1
Merit: 0
It is easy for them to do but very noticeable. They would get caught fast.

Better for them to take like .5%.
This, they win the long-term battle
legendary
Activity: 1848
Merit: 1000
I don't mean they steal your coins, but the whole Block reward (25 BTC)

From my understand (I may be wrong) but, once a miner on the pool found the Block, it's fowarded to the pool and out to the blockchain.  Would it be easy for the site operation to put in line of code to redirect the Hash found and use it for himself therefore claiming the 25 BTC reward.

He wouldn't do it for every block, but maybe 1 in every 4 blocks found.

I see, apologies I misunderstood what you were getting at.
sr. member
Activity: 267
Merit: 250
6th BTC reached. Thank you for your support
I am not suggesting the pool operators to steal from the pool balance, but steal the Block itself.

Lets say for F2Pool, if one of the miners found the hash for the current block, and report it to F2Pool, instead of broadcasting to the blockchain and get reward for the Pool, a few simple line of code can redirect the Hash to an outside miner and they then broadcast it to the blockchain and get the reward.
legendary
Activity: 1344
Merit: 1024
Mine at Jonny's Pool
Could they take the entire block reward for themselves?  Sure... at least in a traditional pool.  In a pool like p2pool, no.  In p2pool the block's coinbase transaction contains the payouts of the block reward to all the miners.  In a traditional pool, the entire reward is paid to the pool's address.  That's why when you get rewarded from p2pool, it shows up as an immature transaction and you must wait for the 101 block confirmations before you can use that coin.  When you get a payout from a traditional pool, it's just like getting sent BTC from anyone else - it becomes spendable coin after a single confirmation.

Now, just because it's easy doesn't mean it's done.  Who's going to mine on a pool where the operator keeps everything for himself?  Skimming of the top would be considerably easier to conceal.  Not too many people are going to notice that small percentage missing.
hero member
Activity: 882
Merit: 500
Where am I?
It is easy for them to do but very noticeable. They would get caught fast.

Better for them to take like .5%.

hero member
Activity: 686
Merit: 500
FUN > ROI
Yes-and-no.  Most pools already mine only against their own address - that is to say, the coinbase transaction only has their address and nothing else.  They then pay out the people using that pool from that address in secondary transactions.  So yes, for them, it would be easy.
On the other hand, if they did that, they can kiss their pool (with all the nice and stable fees, etc.) goodbye.  Nobody would want to mine there anymore.  Their name would be forever tainted (which doesn't mean much in Bitcoin, but alright). So if a pool were to do something like that, doing it for 1-in-4 blocks wouldn't fly.  They could do it only on outstanding balances, once; they'd better make sure it's a good one if they want to take the bitcoin and run Smiley

There are other pool types where the coinbase transaction is set up to pay out to the users directly, though - there's no cheating with that, as the pool operator setting it to pay out only to themselves would be immediately obvious (presuming the software is set up to detect it).  P2Pool is a good example of this.
sr. member
Activity: 267
Merit: 250
6th BTC reached. Thank you for your support
I don't mean they steal your coins, but the whole Block reward (25 BTC)

From my understand (I may be wrong) but, once a miner on the pool found the Block, it's fowarded to the pool and out to the blockchain.  Would it be easy for the site operation to put in line of code to redirect the Hash found and use it for himself therefore claiming the 25 BTC reward.

He wouldn't do it for every block, but maybe 1 in every 4 blocks found.
legendary
Activity: 1848
Merit: 1000
I guess it would be very easy for them to steal your coins as they hold the coins until you withdraw them.  I only have experience with altcoin pools perhaps it is a different setup when mining bitcoin.
sr. member
Activity: 267
Merit: 250
6th BTC reached. Thank you for your support
Wouldn't be easy for the Pool operators to put in a few line of codes to forward the Block Hash to his account and claim the Reward for himself?

Jump to: