By Alicia Maher
The server of one of America’s top chip producers, Nvidia, was attacked last Friday, causing a shutdown of the company’s business operations for two days.
Claiming Responsibility
While confirming the announcement, Nvidia claimed that the hack didn’t affect its users’ services. However, many users claimed otherwise. A few hours after the attack, LAPSUS$ (a ransomware hacker group) announced that it was responsible for the hack and stole nearly 1.5 TB of Nvidia’s user data.
However, the group stated that it would issue certain demands and expect Nvidia to meet them. Then, it stated that if its demands were not met, the firm’s data would be released to the public.
The Hacker’s Demands
One of the group’s demands was for Nvidia to remove all the LHR restrictions on its GPU hash rate, which slows down crypto mining operations. Also, it demands that Nvidia makes the base codes of its GPU drivers to be open source permanently. Thus, any developer can access and modify them.
While Nvidia’s GPU was primarily for gamers, crypto miners also found it useful and started purchasing huge amounts of it. Thus, causing a shortage of these chips over the last six months. One method Nvidia deployed to solve this misuse was to include a mining detection component into the chip.
Once this component detects that the chip is used for crypto mining purposes, it automatically reduces crypto mining speed by more than 50%. The hacker group might earn up to $1m from selling Nvidia’s Nerf blocking component. Hence, it is threatening to release Nvidia’s base source code and other trade secrets if the firm doesn’t meet its demands. A Telegram post purportedly from the group states that Nvidia has up to March 5 to accede to its request.
Part of the Telegram post reads thus; “our request is an assist for crypto miners and gaming firms. We request that Nvidia release updates for its 30 series firmware, eliminating restrictions on the LHR. If not, we will make its HW folder publicly accessible. Both of us understand the relevance of the LHR to mining and gaming.”
It Is Not A First Time
As of this writing, more than 70K data of Nvidia customers and employees have been released to the public. Despite the huge consequences of such data leak for the microchip sector, it isn’t the first time LAPSUS$ would be making demands from top companies.
The group has caused the shutdown of many other top firms such as Impressa (a leading media firm based in Portugal), Brazil’s health ministry, and Claro communications. As the deadline gets closer, crypto players patiently wait for what the group will do if Nvidia fails to submit to the group’s request.
If the chip manufacturers met the hackers’ demands, crypto miners (especially Ethereum miners) would benefit the most from it. Many have claimed that it seems that LAPSUS$ is also running a crypto mining operation, which is the only logical explanation to its demands from Nvidia.