Possible Concerns about running Phoenix Miner.

motqalden

[H]ard|DCOTM x5
Joined
Jun 22, 2009
Messages
3,166
Just wanted to give you guys a heads up regarding the Phoenix Miner plugin / miner.
Nicehash posted this info today:

https://www.nicehash.com/blog/post/stop-using-phoenix-miner-immediately

Dear NiceHash users!

It has come to our attention that Phoenix miner is no longer available for download from its original download location. Control shasum from new download locations does not match the value published by the developer on his channel! This brings the possibility that the Phoenix miner's author wants to cover its tracks and disappear or even do something malicious.

We have immediately disabled Phoenix miner from NiceHash Miner, and we advise everyone to stop using Phoenix miner immediately!

Phoenix miner is a mining software from an anonymous author. It is not digitally signed, and no one knows who the creator is. This brings serious risk to anyone who will continue to use this software! Do not try to download Phoenix miner from any 3rd party source since it could be fake and malicious!

If you have used PhoenixMiner on your PC, which contains any sensitive information or information of any value such as logins to various services (accesses to bank accounts, PayPal, Gmail, Facebook, Instagram, Dropbox, Google Drive, etc. ) and especially if your PC contains any private keys for any cryptocurrency wallet, directly or indirectly (through online wallet provider) consider them compromised.

If you have used Phoenix Miner on your PC, we recommend you to do the following:


  • Reinstall OS
  • Change all passwords and activate 2FA where possible!
  • If any cryptocurrency wallets were used on this PC, we recommend you to move funds to other wallets immediately!

There is also this reddit thread:
https://www.reddit.com/r/NiceHash/comments/lznyhx/stop_using_phoenix_miner_immediately/

And this extended statement by a nicehash dev:
https://www.reddit.com/r/NiceHash/comments/lzsheq/phoenixminer_howwhywhat_statement_from_it_expert/


the TLDR on this is basically that they are saying the developer of Phoenix is MIA for over a month now and the official download was removed from mega. That in combination with it being closed source they are saying this could be a good indication that something fishy or scams are about to go down (or may have already) Nothing has really been said to have yet been proven to be malicious so at this point they seem to either be trying to provide an early warning to a possibly dangerous situation or as some others have mentioned they may just be trying to scare everyone away from third party miners and into user their in house excavator / quickminer.


I have not gone so far as to reinstall my windows yet, but I did remove the plugin from my miners as well as any Firewall exclusions I had for phoenix.
Users should already be aware there is risks runner third party miners and I don't really know how much if anything has changed here but if you are running it on a rig that you use for non mining purposes you should consider taking precautions imho.
If you are running a miner on a rig that you have a wallet.... well that is already dumb but yeah then you should fix it.
 
well now I know how I got hacked

Possibly but they are not really saying they have proven anything is hacked at this point from what I read. There has been a few scams associated with it so If you tried to find the miner recently you could certainly have picked up a hack from a source that was pretending to be affiliated with Phoenix but was not really?

No claiming to know all the details here just passing along the info I found. Certainly possible your hack could be related and how knows.
 
Sounds like Nicehash got suckered into a tainted build and pushed it out as one of their updates (happened a few years ago too iirc).
 
More info & discussion:
https://www.reddit.com/r/NiceHash/comments/lznyhx/stop_using_phoenix_miner_immediately/

Reddit User:
Only today did I actually look into the company NiceHash that I had been using. They were founded by a crook. Found guilty, served time for creating the largest botnet ever revealed designed to steal banking info.

I will NEVER be using NiceHash again.

They caused a TON of people to panic today all to get traffic to their new open source miner. This is disgraceful.

another Reddit user:
they [Nicehash] are saying they want you to do so, then use their miner. Its FUD and unproven by anyone outside of nicehash. I use other programs and pools with this and not a single one has reported anything of the like. NICEhack is standing alone on this one and people are panicking.

I know many folks have been using NiceHash for a few years, but reading that Reddit thread and some of the links about the founder of NiceHash doesn't give me a warm fuzzy. I'm inclined to abandon NiceHash due to the shadiness going on here.
 
Last edited:
More info & discussion:
https://www.reddit.com/r/NiceHash/comments/lznyhx/stop_using_phoenix_miner_immediately/



another Reddit user:


I know many folks have been using NiceHash for a few years, but reading that Reddit thread and some of the links about the founder of NiceHash doesn't give me a warm fuzzy. I'm inclined to abandon NiceHash due to the shadiness going on here.

Yup I agree they have no proof of any wrongdoing so certainly take it for what you will and they are certainly trying to cover their asses. I mostly prefer this type of response over them waiting until its too late or many months later and saying "oops" but its certainly a lot of drastic measures that they are asking that people take and I will bet there will be a bunch of newbs that lose all their personal files because they don't know how to do a proper backup / reinstall. suppose you can call it a good learning experience :D
As for the founded by crooks thing well i don't really care about that and certainly have never trusted them far enough to leave more than a couple weeks of mining profits in the system wallet at a time. The service has been pretty solid in the last 3 years for me either way but they do have a history of some mistakes and I don't' trust any exchange or company.

They are claiming they did not download a bad update but who is to say if that can be believed. Certainly you can compare the hash on your miner to the official hashes posted if you didn't remove it already.
 
Was just reading this:
https://www.techpowerup.com/forums/threads/phoenix-miner-compromised.279405/

I mean, this reads like them jumping on the situation to promote their own miner (notice how trexminer isn't there, despite it outperforming them drastically?) and spreading fud. here's an announcement from one of their admins, they are hardly even trying to hide it, just saying 'we suggest excavator' out right, I mean come on.

Phoenix has not been compromised, it hasn't been updated in nearly two months. it was simply removed from MEGA following policy changes, along with multiple other miners, not just eth ones are going through the same thing right now. nicehash is blowing this out of proportion.”
 
Back
Top