Help hacked goldshell boxs

Help all my goldshell boxes been hacked. Can’t log into them on find my goldshell. Tried doing a factory reset and changing passwords , all no help. It looks like cloud control is on and there is a key and a different mining pool is set up.




Any thoughts?

My first concern would be how they got in. It is unlikely the boxes themselves were compromised unless you left them directly on the internet without a firewalled router inbetween. What does your network configuration look like, and do you have any other computers on your network being weird?

Unless you put these things on the internet without a router, its much more likely your computer got compromised and that was utilized to get your Goldshell credentials, access them, and change the passwords, etc. If this is true, this potentially means all credentials on that machine could be stolen, so keep that in mind. This could include wallets.

If you have the $$ hiring an incident response company to evaluate what happened would be the best, but you’re talking $10k+. If you don’t have the money, the easiest thing to do is to totally wipe your machines on the network; and reach out to Goldshell to get instructions on totally wiping the firmware and rebuilding those machines.

In the future, I’d be sure I segmented my network. You want your miners on their own VLAN. I’d suggest you pickup one of those super cheap laptops for $100-$200 and putting on the mining network for administration, and not even have a pathway from your normal network to the miners. Don’t surf the internet / download stuff on that system. Ubiquiti has pretty nice networking equipment that makes VLAN’s and the like relatively simple to do if you’re not technical in that way. This will make it as hard as possible for someone to impact your miners.

I think the advice above is solid. Update your router firmware change the password. Run a free scan from malwarebytes to see how bad your system is compromised.

As far as the miners I would reset the boxes and hook them up to a wired network. Turn off the Wi-Fi on the boxes and run a firmware update.

Holding in the button for 10 seconds should reset the password to default, and then find the IP address and change it immediately. After resetting the password on the box you should be able to change the pool, do the firmware update etc.

2 Likes

Thx guys for all your help and suggestions. They were on a router " telus canada" and they had static ips. Don’t know if that means anything. I checked my wallets and all is good. Did tey tricking it on turning off wifi and the internet to the router and then powering them on and try logging into them but no luck. It doesn’t show up on the router at all. They are invisible. I played around with it so much I must have made him mad lol. All were disconnected except 1 and now it powered off right away after it starts " 20 seconds " I thing he turn the temperature down low so it turns off and thinks it’s over heating

If you’re behind a router, one of the following is true:

  • They compromised a computer on your network via a download or some other direct internet connection.
  • They compromised your router.
  • They are local and attacked the WiFi (And probably took advantage of default credentials)
  • There is a static route from the internet in your router’s configuration that goes directly to your Goldshell boxes.
  • Goldshell somehow has some remote administration feature that they took advantage of.

By default there is no direct route from the internet to your Goldshell box, aka, no way to get to it from the internet. BTW, I NEVER trust an ISP’s router. I highly recommend you get your own router in place AFTER whatever box the ISP gives you.

In any case, you should reach out to Goldshell. They should have some way to flash the firmware on those devices which should absolutely reset everything. At a bare minimum, they should be able to tell you what you’re doing wrong when you’re trying to reset it if there is a way to do it now without a firmware reset. In the meantime, I’d unplug the internet cable on the box until you get it reset/fixed.

2 Likes