Secret Bitcoin mining code added to e-sports software sparks outrage


— 12:18 PM on May 2, 2013

This story was first published by our friends at Ars Technica. You can read the original version of it here.

Competitive video gaming community E-Sports Entertainment Association secretly updated its client software with Bitcoin-mining code that tapped players' computers to mint more than $3,600 worth of the digital currency, one of its top officials said Wednesday.

The admission by co-founder and league administrator Eric ‘lpkane’ Thunberg came amid complaints from users that their ESEA-supplied software was generating antivirus warnings, computer crashes, and other problems. On Tuesday, one user reported usage of his power-hungry graphics processor was hovering in the 90-percent range even when his PC was idle. In addition to consuming electricity, the unauthorized Bitcoin code could have placed undue strain on the user's hardware since the mining process causes GPUs to run at high temperatures.

"Turns out for the past 2 days, my computer has been farming bitcoins for someone in the esea community," the person with the screen name ENJOY ESEA SHEEP wrote. "Luckily I have family in the software forensics industry."

About five hours later, a separate user posted evidence of the ESEA software client included the Bitcoin code. The user also provided instructions showing how other ESEA players can check to see if their computers are running the secret program.

A few hours later, Thunberg published his own post disclosing that ESEA software had included the Bitcoin miner for a little over two weeks and deposited a little more than 29 BTC into three wallets under the control of ESEA officials. The digital currency was regularly converted into US dollars and netted a total of $3,602.21 as of Wednesday. The figures were in stark contrast to an earlier post that said the Bitcoin code ran only for a few days and generated only about $280 worth of bitcoins.

"So first the bad news, this is way more shady than I originally thought, and as the person who is ultimately responsible for everything it's 100% my fault," Thunberg wrote in the later post. He went on to say the ESEA client software had been updated to remove the mining code and that all of the money generated by user machines would be put into a prize pot. He also agreed to give users of ESEA's premium service one free month. 

Image credit: cibomahto

As many Ars readers already know, Bitcoin mining is a legitimate activity when carried out by informed people using their own hardware and electricity. The "proof-of-work" tasks required to generate the digital coin improves Bitcoin security by adding transaction records to the public ledger of the currency. But because the mining process is extremely system intensive, a cottage industry has sprung up that uses malware to harness the computing resources of unwitting victims.

Thunberg's admission that ESEA ran Bitcoin-mining software without explicit user consent is startling. Aside from potentially opening the company up to huge legal liability, the move is likely to engender distrust among some of the company's most loyal fans. The nonchalance of some of Thunberg's comments may only add insult to the betrayal many users are likely to feel.

"But for the record, I told jag he shouldn't be lazy and run the miner in a separate process," he wrote in a post, referring to one of his software engineers with the screen name Jaguar, who didn't take steps to conceal the Bitcoin miner. "Rookie move." In the later post he wrote: "100% of the funds are going into the s14 prize pot, so at the very least your melted gpus contributed to a good cause."

While the comments may be intended to be playful, they also suggest a lack of contrition on the part of ESEA. Sneaking GPU-intensive code into client software represents a serious breach of trust, and so far company officials—who didn't respond to Ars' request for an interview—have yet to publicly acknowledge the uphill battle they face in repairing the damage.

Update:
ESEA has published a post titled "Bitcoin Fiasco" that apologizes to users and attempts to explain how the secret code was added. The code was initially folded into a version of the client used by two consenting admins and after brief testing officials decided to scrub the beta trial. The post continued:

On April 13, 2013, after the initial tests, ESEA informed those involved in the test that we were killing the project and they should stop using the beta test. It came to our attention last night, however, that an employee who was involved in the test has been using the test code for his own personal gain since April 13, 2013. What transpired the past two weeks is a case of an employee acting on his own and without authorization to access our community through our company’s resources. We are extremely disappointed and concerned by the unauthorized actions of this unauthorized individual. As of this morning, ESEA has made sure that all Bitcoin mining has stopped. ESEA is also in the process of taking all necessary steps internally to ensure that nothing like this ever happens again.

The post went on to say the amount generated by the sale was $3,713.55. ESEA will be donating it to the American Cancer Society and will match 100 percent of it for a total of $7,427.10.

   
Register
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.