Gaming Platform Settles on Bitcoin Mining Malware Allegations

The ESEA League, an online competitive gaming community, has decided to settle with the state of New Jersey after the active Attorney General there alleged that the gaming community operator infected user-machines with malware designed to mine for Bitcoins.

The ESEA League, an online competitive gaming community, has decided to settle with the state of New Jersey after the acting attorney general there alleged that the gaming community operator infected user-machines with malware designed to mine Bitcoins.

The league is owned and managed by E-Sports Entertainment, LLC, and is known for its strict anti-cheating policy, which is supported by a “industry leading anti-cheat client” that users are required to download.

In a blogpost linked to on ESEA’s homepage, the community’s cofounder, Eric Thunberg makes clear that ESEA’s decision to settle is not a concession to – and in fact the company disagrees with – the New Jersey attorney general’s account of the Bitcoin incident.

Bitcoin mining is a process through which Bitcoin users generate “blocks” in order to keep track of and legitimize Bitcoin transactions on the digital crypto-currency’s public ledger, the BlockChain. Generating a new block is tantamount to solving a complicated math problem because each new block must contain within it the record of the previous block, and thus the entire record of every Bitcoin transaction ever. Because the process is resource-intensive, the creators of new blocks are rewarded with new Bitcoins.

The attorney general alleged that an ESEA employee or employees infected thousands of personal computers with malware that enabled E-Sports to monitor what programs subscribers were running and illegally perform Bitcoin mining. ESEA allegedly bundled this malware along with its anti-cheating software package.

More specifically, New Jersey charged that E-Sports created and deployed malicious software that enabled the company to monitor the computers of their users, even when those users were not signed into the ESEA League. ESEA, the state further alleges, also created a botnet operating on the computational resources of its users. The purpose of this Botnet was to pool computer power from the ESEA League’s user-machines in order to mine Bitcoins.

Over a random two-week period of time, the state estimated that E-Sports hijacked more than 14,000 computers, and accrued some $3,500 mining Bitcoins.

“This is an important settlement for New Jersey consumers,” said acting Attorney General John J. Hoffman. “These defendants illegally hijacked thousands of people’s personal computers without their knowledge or consent, and in doing so gained the ability to monitor their activities, mine for virtual currency that had real dollar value, and otherwise invade and damage their computers.

The settlement requires that E-Sports pay the state $325,000 of the suspended $1 million penalty. In addition, the company as agreed to refrain from deploying software code that downloads to consumers’ computers without their knowledge and authorization, commit itself to a 10-year compliance program, and create a dedicated page on its website explaining the specific data it collects, the manner in which it is collected, and how the information is used. If the company fails to adhere to any of this over the next decade, it will be forced to pay the remaining $675,000.

Also named by the state is E-Sports software engineer Sean Hunczak, whom the state claims worked with Thunberg to develop the Bitcoin mining malware that used subscriber’s graphics processing units silently mine Bitcoins.

Thunberg is adamant that he and his company are guilty of nothing.

“The settlement that was signed makes explicitly clear that we do not agree, nor do we admit, to any of the State of New Jersey’s allegations,” Thunberg wrote on the ESEA website. “The press release issued by the Attorney General about our settlement represents a deep misunderstanding of the facts of the case, the nature of our business, and the technology in question.”

Thunberg goes on to write that the employee responsible for the Bitcoin incident “was terminated,” though it is not clear who that employee is, and Threatpost was unable to contact Thunberg for comment.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.