ASIC cryptocurrency miners are a core component of blockchain infrastructures, directly converting computation and energy into monetary value. Despite their economic im- portance, their security is rarely evaluated in a structured manner. In this paper, we show that the firmware distribution ecosystem of mining devices fundamentally challenges existing trust assumptions. We introduce a scalable methodology based on the collection and static analysis of publicly distributed firmware artifacts, requiring neither device access nor runtime interaction. Applying this approach, we reconstruct and analyze 134 firmware images spanning manufacturers that account for over 99% of deployed miners (Bitmain, MicroBT, Canaan, Iceriver). Our re- sults reveal that firmware artifacts alone are sufficient to recover internal architecture, identify security weaknesses, and recon- struct complete attack paths leading to high-impact adversarial objectives. In particular, our analysis reveals vulnerabilities that enable realistic large-scale attack scenarios, including firmware phishing and the exploitation of miners still operating over Stratum V1. Validation on two real devices confirms that publicly distributed artifacts closely reflect deployed software and that these weaknesses translate into attack capabilities. Overall, our study shows that firmware distribution mechanisms themselves constitute a primary attack surface, significantly lowering the barrier to compromise in the ASIC mining ecosystem.

翻译：ASIC加密货币矿机是区块链基础设施的核心组件，直接将计算与能源转化为货币价值。尽管其具有经济重要性，但其安全性鲜少得到系统性评估。本文证明，矿机设备的固件分发生态系统从根本上挑战了既有的信任假设。我们提出一种基于公开固件制品收集与静态分析的可扩展方法论，既无需访问设备也无需运行时交互。应用该方法，我们重构并分析了涵盖占已部署矿机99%以上制造商（比特大陆、MicroBT、嘉楠耘智、冰河矿机）的134个固件镜像。结果表明，仅凭固件制品就足以恢复内部架构、识别安全弱点，并重构导致高影响力攻击目标的完整攻击路径。尤其值得关注的是，我们的分析揭示了允许实现大规模攻击场景的漏洞，包括固件钓鱼攻击以及针对仍运行于Stratum V1协议的矿机漏洞利用。在两种真实设备上的验证表明，公开分发的制品紧密反映已部署软件，且这些弱点可转化为实际攻击能力。总体而言，本研究表明固件分发机制本身构成了主要攻击面，显著降低了ASIC矿机生态系统中实施入侵的门槛。