The past few years have seen so many cases of ransomware and online extortion that it’s pretty rare to see an attacker deviate from the standard template: demand a cryptocurrency payment in exchange for decrypting a victim’s systems or not leaking their stolen data.
But the recent breach of chipmaker Nvidia didn’t follow that pattern exactly: Instead of demanding that the gaming chipmaker make a cryptocurrency payment, the attackers, who claimed to have stolen 1 terabyte of data from Nvidia, instead demanded that the company make it easier to mine cryptocurrencies using its popular graphics cards. The incident highlights some of the underlying tensions around cryptocurrency mining that have worsened in the past two years as cryptocurrencies have come in for considerable scrutiny related to their environmental impacts and ties to criminal activity.
Nvidia has been at the center of that conflict as one of a very small number of tech manufacturers in a position to make cryptocurrency mining more difficult and thereby potentially reduce some of the energy costs and illegal uses. Nvidia traditionally manufacturers graphics processing units, or GPUs, that are designed for computer games but have been co-opted by cryptocurrency miners because they can do mining computations so much faster than traditional computer central processing units, or CPUs. Nvidia’s GeForce GPUs have been in such high demand by Ethereum cryptocurrency miners that it’s become difficult for anyone else to get them for playing computer games or processing graphics. So Nvidia, very sensibly, decided to redesign their GPUs to make them much less efficient at the specific operations required for mining Ethereum. The updated GPUs were released in February 2021.
There are lots of reasons to try to make it harder for people to mine cryptocurrencies with GPUs—for one thing, cryptocurrencies play a central role in many forms of cybercrime, most notably ransomware, by providing attackers with a difficult-to-trace payment method. Additionally, people who weren’t miners were having tremendous trouble getting access to Nvidia’s graphics cards, creating another problem for the company. And on top of that, the computational operations required to mine cryptocurrencies are massively power-intensive, with the mining of bitcoins alone consuming roughly 121.36 terawatt-hours per year, or slightly more than the annual power consumption of Argentina or the Netherlands, according to a 2021 analysis by researchers at the University of Cambridge Centre for Alternative Finance.
So Nvidia’s decision to engineer its graphics cards to be less useful for cryptocurrency mining was a good one, with many benefits not just for the company but for all of us. Unfortunately, Nvidia accidentally distributed code that allowed customers to get around the new restrictions built into its GPUs in March 2021. That same month, several miners and journalists noticed the mistake. The company later tried (largely unsuccessfully) to remove that code from circulation, but it further undermined its efforts to limit cryptocurrency mining last year by deliberately adding a new product specifically designed for Ethereum mining to its line-up. Meanwhile, AMD, Nvidia’s main competitor in the graphics card industry, has announced it is not planning to take any steps to redesign its processors to prevent cryptocurrency mining.
Bitcoin and other decentralized cryptocurrencies like it, such as Ethereum, require computers to perform computations in order to generate more of them. That’s because there’s no centralized authority controlling how many Bitcoins exist, but to prevent people from creating an unlimited number of them, there are technical restrictions built into their source code. For instance, there can only ever be 21 million Bitcoins total, of which nearly 19 million have already been mined. The “mining” terminology comes from the fact that computers have to do a series of computational tasks before they are rewarded with Bitcoins, just as actual miners have to do significant work to extract minerals from the earth.
As we get closer to reaching the 21 million limit, computers have to do more and more computational work to receive smaller and smaller quantities of bitcoins. That’s why miners started using Nvidia and AMD GPUs instead of the less powerful CPUs, so they could perform more computations more quickly. Operating all of the computers that perform those computational tasks and keeping them cool enough so that they don’t overheat therefore requires a tremendous amount of energy particularly at times when popular cryptocurrencies are worth a lot of money and have already been largely mined.
Between them, Nvidia and AMD own pretty much the entire market for GPUs, though Nvidia’s are significantly more popular. If the two companies were both willing to limit the computational operations that are used for mining popular cryptocurrencies so that their graphics cards were less efficient at those tasks, they could single-handedly deal cryptocurrency speculators a larger setback than any government or other entity is capable of doing. We know these types of technical constraints are possible to design because Nvidia has already done it. More than that, we know that those technical constraints are having a real impact on people’s ability to mine cryptocurrencies, because otherwise why would the perpetrators of the Nvidia breach be demanding that Nvidia undo the protections it built into its graphics cards in 2021?
The fact that the people making these demands are themselves cybercriminals—in this case the hacking group Lapsus$—and are currently leaking the stolen data online is a reminder of just who is most invested in being able to mine cryptocurrencies. To its credit, Nvidia has so far shown no signs of caving to the attackers’ demands and has even said it does not expect the breach to disrupt its business. But with the hackers leaking Nvidia’s proprietary data online, it’s hard to imagine why any company would want to open itself up to this kind of attack by trying to counter cryptocurrency mining through better-designed technology. Technological restrictions on mining of the sort Nvidia implemented last year could potentially counteract much of the harm cryptocurrency mining causes but companies may need greater incentives—or pressure—from regulators to be willing to accept the risks associated with angering cryptocurrency-fueled cybercriminals.
Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.
