It's never a good (or ethical) idea to buy stolen data from hackers. For one, the information itself could be fake or booby-trapped with malware.
Nevertheless, the cybercriminals behind the Nvidia breach are still hoping to sell off some of the data they stole from the company. On Wednesday, the group offered a software tool to unlock the Ethereum mining limitation on Nvidia’s RTX 3000 graphics cards for $1 million.
The hacking group, known as LAPSUS$, claims the tool can bypass Nvidia’s Lite Hash Rate limiter without “flashing” or updating the firmware on an RTX 3000 GPU. “Without flashing = big money for any miner developer,” the group said earlier this week, when it first dangled the Ethereum mining bypass in a public chat room.
The bypass means a cryptocurrency miner could raise the Ethereum mining rate on an RTX 3000 product from the default 50% to 100%. Last year, Nvidia began installing the limitation across most RTX 3000 GPUs in an effort to stop miners from buying them up.
However, it’s doubtful anyone will pay $1 million for this. The mining community has already come up with ways to raise the mining limit on affected Nvidia GPUs from 50% to 70%. At the same time, Ethereum is preparing to phase out GPU-based mining, probably later this year. Hence, it makes more economic sense for a user to mine under the current status quo, rather than hand over $1 million for additional profits that may never be realized.
LAPSUS$ has also not demoed the Ethereum mining bypass, so it’s unclear if the software tool even works. Still, the group is probably willing to negotiate the $1 million price down.
The larger issue is that LAPSUS$ is threatening to release more confidential information stolen from Nvidia after already leaking a 19GB archive to the public. On Tuesday, the hacking group demanded Nvidia open source its GPU drivers to all users or else it’ll release another 250GB folder containing data on the company’s hardware.
According to LAPSUS$, the 250GB folder also allegedly contains more information on how tech-savvy users can bypass the Ethereum mining limit on Nvidia GPUs if they know enough about computer coding. “You will be able to make your own firmware. But we won’t be responsible for any problems,” the group said.
Nvidia didn’t immediately respond to a request for comment. But on Monday night, the company said it's been working to analyze what information LAPSUS$ has been leaking on the internet. "We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident," the company added.
On Monday, LAPSUS$ also told PCMag it had yet to hear back from Nvidia. The hacking group is demanding the company pay a ransom in cryptocurrency to keep the stolen information secret, though it hasn't revealed how much it has requested.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
