Pool Detective: Mining Pool Monitoring
Ever since the introduction of the first mining pool for Bitcoin in November 2010, mining pools have been used by miners to reduce the variance in rewards of Proof-of-Work cryptocurrencies. Miners connect their computational resources to a pool - and the pool is responsible for dividing the work between the miners to prevent doing duplicate work. On top of that, the pool is responsible for dividing the mining rewards amongst its participating miners.
The downside to the usage of mining pools, however, is that they introduce a centralized point of control over its participating miners. Mining pools give miners (or more specifically: their hardware) direct instructions over what they need to work on.
This control gives mining pools the ability to have its miners work on a different cryptocurrency, or to unwillingly assist in performing attacks such as block withholding or even 51% attacks. Mining hardware is generally optimized for computing proof-of-work functions as efficiently as possible (measured in calculations per joule), and therefore the hardware is generally not equipped with additional logic to verify the work it’s given.
We built a system, called PoolDetective, that actively monitors the workstream between our mining hardware and 25 mining pools across 10 different proof-of-work cryptocurrencies from 5 geographical locations (the number of pools and currencies is still increasing). This includes the major Bitcoin mining pools, collectively responsible for over 75% of the network hashrate. On top of this, we run (official) full nodes for each of the mined currencies, as well as monitor the peer-to-peer network using unofficial nodes for the propagation of new blocks.
We store all monitored data from mining, full nodes and block propagation and analyze this data for unexpected behavior by mining pools. Since launching the PoolDetective in November 2019 we have archived nearly 28 million mining jobs from the various pools, and have started analysis on this data. We have already seen evidence of mining pools sending work for different blockchains than expected, and are currently looking for other anomalies.