The NerdMiner Hack Nobody's Talking About And Why You Should Stay Away

02 Apr 25

If you've ever interacted with the solo mining community, especially those experimenting with NerdMiners, the tiny but fascinating Bitcoin mining devices, you've probably come across someone trying to sell you a “revolutionary” firmware that supposedly turns your NerdMiner into a lightning fast mining machine.

Sounds tempting, right? But let’s take a step back and ask a simple question:
How come such a massive breakthrough isn’t already part of the official NerdMiner firmware?
And more importantly, is this even technically possible?

Let’s take a closer look at how the NerdMiner works, and spoiler alert: these miracle firmwares are very likely scams exploiting a vulnerability in Public Pool, the most common pool for NerdMiners.

How NerdMiner Mining Really Works

NerdMiner is a DIY, open source Bitcoin solo miner powered by microcontrollers like the ESP32. It’s meant to be educational, fun, and functional.
That said, it's still constrained by its hardware. A well optimized NerdMiner can typically push out about 45–55 kH/s depending on the setup and the esp32 model. Faster models can reach about 80-120KH/s but we are basing our article on the esp32-devkit v1 model, the one on the picture.

The official firmware is already quite refined. Of course, you can tweak:

how the midstate is calculated,
the nonce generation strategy,
how jobs are processed across threads.

But even with heavy optimization, getting over 50 kH/s is already an achievement. Claims of 200 or 300 kH/s? That’s not optimization, that's trickery.

Public Pool: A Great Concept With One Major Flaw

Public Pool is one of the few (if not the only) mining pools that accepts connections from NerdMiners and supports solo mining in a straightforward, transparent way.
But there’s a catch, it contains a vulnerability: it doesn’t properly validate double submissions (or triple or quadruple).

What is Double Submit?

In Bitcoin mining, when your miner finds a valid nonce (a solution to the cryptographic puzzle), it submits it to the pool. The pool:

verifies the result,
checks if it’s a duplicate,
credits the miner stats accordingly.

Public Pool doesn’t properly check for duplicate submissions

That means a miner can send the same solution multiple times, and the pool’s statistics will count them all as legitimate shares, even though they’re all the same.

Let’s Try It: An Experiment in Hashrate Faking

To demonstrate how this exploit works, we took the official NerdMiner firmware and made a simple tweak:

Every time the miner finds a valid solution,
Instead of submitting it once, we submit it 5 times in a row.

Once downloaded the original repo from https://github.com/BitMaker-hub/NerdMiner_v2 you just need to modify the file mining.cpp at about line 315

from this:

tx_mining_submit(client, mWorker, mJob, nonce);

to this

for(int i = 0; i <5; i++){

tx_mining_submit(client, mWorker, mJob, nonce);

}

Just this simple trick will increase your hashrate, now you just need to build your project and write your firmware on your esp32.

Start Mining and.. OMG! The Results?

Stunning at least at first sight:

The pool reported a massive spike in hashrate, exceeding 250 kH/s.
The difficulty of the solutions is only one and submitted multiple times.
The NerdMiner was doing the exact same amount of work, just submitting the results multiple times.

Sure, your stats look great, too bad they’re built on recycled work.

nerdminer console stats

What happens if we set 10 submits per share?

public pool not real stats

So… Is It All Fake?

Yes.
These “miracle” firmware versions don’t actually boost performance. They simply exploit a flaw in Public Pool to inflate the perceived hashrate.

Worse still, if too many people start doing this, Public Pool could become unusable, flooded with duplicate traffic and false stats.

Why Are These Firmwares Being Sold?

Simple: it’s psychological, and financial of course.

You install the firmware, and boom, your hashrate triples.
You think you’ve unlocked hidden power in your miner, but you’re just tricked. That’s because the actual performance hasn’t changed.

What these sellers count on is your excitement when you see the high hashrate. They don’t tell you:

what their firmware actually does,
how it manipulates statistics,
that it has zero effect on your real hashrate.

And the worst part?
They often distribute these as binary files with no source code. You're supposed to just flash them blindly, which is a huge security risk.

Many of these scammers are active in online communities, sharing screenshots of “supercharged” NerdMiners and saying:

“Want results like this? DM me.”

The Power of Open Source and Community Trust

The NerdMiner project thrives because of a vibrant, smart, and generous community of developers, hackers, and tinkerers.
That 50 kH/s baseline wasn’t luck, it’s the result of:

countless code reviews,
hardware tests,
discussions, trials, and real optimizations.

The idea that someone suddenly discovered a secret trick to triple performance and kept it to themselves? That’s not how this community works.

These fake firmwares take advantage of new users who aren’t yet familiar with the technical details. And that’s why we’re writing this article, to raise awareness.

What You Can Do

Don’t buy firmware you can’t verify.
If the code isn’t open source, walk away.
Stick to the official repo and trusted forks.
The best optimizations are already public.
Call out suspicious behavior.
If someone’s selling “magic firmware” with unbelievable stats, warn others.
Learn and experiment safely.
If you want to test the double submit trick for yourself, do it in a testnet or private setup. Understand what you’re doing before using it in production.
Protect the solo mining movement.
Abusing a pool exploit hurts everyone. Let’s keep the ecosystem healthy.