Earlier this week, officials from the Security Service of Ukraine (SBU) seized a collection of suspicious computer hardware from the South Ukrainian Nuclear Power Plant near the city of Yuzhoukrainsk. The officials claim that the hardware was used to mine cryptocurrency at the facility. The state-owned power plant is registered as a state secret, and non-approved computer equipment is strictly forbidden. No arrests or charges against facility staff have been made public.
The mining operation itself appears to have been quite small. SBU officials (aided by the National Guard of Ukraine) found two seperate mining setups in the power plant. According to a report on Coindesk, the first was found in the facility’s administrative wing, and consisted of “six Radeon RX 470 GPU video cards, a motherboard, power supplies and extension cords, a USB and hard drive, and cooling units.” The location of the second mining rig wasn’t disclosed, but it was reported to include “16 GPU video cards, 7 hard drives, 2 solid-state drives, and a router.”
Even with a limitless supply of free electricity, the earnings from these GPU-based mining rigs would be quite humble, likely far less than $100 a day. The amount and type of cryptocurrencies being mined was not reported, and it’s also unclear how long the clandestine mining operation had been running. Given the cost of the GPUs and other hardware, it’s entirely possible that the crypto miners lost money on the scheme.
While the SBU likely wasn’t thrilled to learn that workers at the facility had been mining cryptocurrency as a side-hustle, the bigger issue is one of network security. Potentially exposing the nuclear facility’s network to malicious computer worms brought in on outside hardware is a serious risk. In 2010, the infamous Stuxnet computer worm was introduced into an Iranian nuclear facility through outside hardware, ultimately causing millions of dollars in damage. Given the often-tense relationship between the governments of Ukraine and Russia — a country with a well-established history of cyberattacks — the lax network security at the nuclear facility should be a wake-up call to Ukraine’s law enforcement and regulators.