Late last month, Nvidia, one of the largest chipmakers in the world, suffered a cyber attack. Initially described as a ransomware attack, it since emerged that the hacker group claiming responsibility had secured over 1TB of proprietary files, threatening to leak them unless Nvidia paid up.

Now, ransomware attacks usually have a tangential relationship to cryptocurrencies, in that the hacks often demand the hacks are paid in cryptocurrencies. Chainalysis reported earlier this year that this value exceeded $600m for both 2020 and 2021. However, what is unusual about this hack is that the hackers issued some rather unusual demands, requesting that Nvidia remove a feature that it has introduced into its products to limit their use for mining cryptocurrency. To unpack a little more about what this means, it's worth providing a little more background.

The boom in demand for crypto-mining hardware

As we discussed in our blog post last year, there is huge demand for the hardware that is used to mine cryptocurrencies. In broader terms, this is exacerbating a general worldwide microchip shortage, which is having impact on virtually all industries that rely on microchips (in particular the auto industry), as well as producing a significant amount of hardware waste.

However, whereas Bitcoin mining relies on custom-built microchips called Application Specific Integrated Circuits (ASICS), the mining of other popular cryptocurrencies, most notably Ethereum, is well suited for commercial computer graphics cards. These cards are normally used in computers to generate the advanced graphics used in modern video games, but are increasingly snapped up by crypto-miners aiming to get some return.

Consequently, the market value of these graphics cards tends to track with the price of Ethereum, much to the joy of scalpers - who are able to re-sell the products at significant mark-ups - and the frustration of computer gaming hobbyists.

A crypto-mining restrictions arms race

Nvidia, possibly recognising the potential for negative PR, began to add restrictions to its products to limit their usefulness to crypto miners and (hopefully) limit their appeal to miners and scalpers alike. This is a rare example of a company deliberately making their products less appealing to a market willing to pay over the odds. Naturally, crypto-miners fought back, looking to find ways to bypass the restrictions. With their demands for the removal of their restrictions, this seems to be the latest escalation.

It is worth noting that Ethereum is due to move from the energy-and-chip-hungry proof-of-work mechanism to a much leaner proof-of-stake mechanism this year (albeit significantly delayed from an original 2019 release date). However, it is still too early to understand exactly what impact this will have on the market; Ethereum isn't the only game in town, so we might see these devices repurposed for other altcoins such as Monero.

Finding the perpetrators

Nvidia will doubtless have already commenced an incident response, the details of which will likely be kept private. However, we can consider the approaches that they might take in this kind of situation.

A typical incident response service would first look to address immediate threats (to prevent further attacks, or even stop the attack that might still be in progress), and take steps to mitigate and reduce damage. Once the dust has settled, they would turn their attention to finding out “what actually happened here, and what was taken?”. Under GDPR, as soon as a company becomes aware of a data breach it must be reported to the company’s regulator within 72 hours, and it is important at this point to have an understanding of the type and quantity of data that has been breached.

Since this is a cyber intrusion, Nvidia might turn to investigators to forensically examine log files, network traffic, application behaviours, and other likely signatures that might identify the method the hackers used. Assuming a ransom is paid, the insights from the investigation may be combined with on-chain tracing to identify the perpetrators, as took place last year when the US DOJ was able to recover $2.3m of the ransom paid following the Colonial Pipeline hack.

This kind of on-chain data is of great use to law enforcement, who, due to the immutability of blockchain data, are able to use it as pristine data in court cases. This was demonstrated only last month when the DOJ seized $3.6bn of cryptocurrency linked to the hack of the Bitfinex exchange in 2016 and brought charges against the two hackers. Additionally, a recent investigation by AlixPartners leveraged on-chain data to use as evidence, filed in court, to support allegations of impropriety.

Cases like this should serve as a warning to attackers that the blockchain might be pseudonymous on the surface, but it provides an excellent avenue for data analysis to uncover patterns and relationships that can be used to unmask bad actors.

How might this particular episode end?

Hacking groups are often driven by a variety of motivations beyond pure financial gain, such as political motivations (as we are seeing with groups like Anonymous, who are directing multiple cyber attacks against Russian state institutions), or maybe simply just to prove that they can. It’s hard to guess exactly what the true motives of this group are. They could easily be motivated for financial reasons, such as crypto-miners wanting to get the best returns from their hardware (or scalpers wanting to maintain their business a while). Alternatively, the motivation may be driven by principle, as possibly indicated by another demand that Nvidia commits to making its graphics cards software open-source (proprietary code is released publicly, and is able to be modified by anyone who so wishes).

It is not yet known how Nvidia will respond to these demands, and it is possible that, like many hacks before it, it will result in an undisclosed financial settlement. Regardless, this case provides an interesting example of how the current hot market for cryptocurrencies, global semiconductor shortages, and cyber attacks have combined into an unusual set of demands being issued.