Nvidia Hacker Seeks $1 Million for LHR Ethereum Bypass

Hackers
(Image credit: Shutterstock)

Things have taken a rather interesting turn in the ongoing Nvidia hacking saga. In the time since our initial reporting, South American hacking group Lapsus$ claimed to have obtained confidential information regarding NVIDIA's Light Hash Rate (LHR) cryptocurrency mining limiter for GeForce RTX 30 Series graphics cards. The hacker group previously said it would provide access to the software and firmware data that enables LHR, but now it says it will sell the software bypass tool for $1 million, according to PC Magazine.

Nvidia's LHR reduces mining capabilities by 50 percent on average, but this bypass would fully restore Ethereum mining performance. The initial and well-intentioned reason for instituting the LHR was to make GeForce RTX 30 graphics cards less enticing to miners, opening up supplies for gaming enthusiasts. Despite Nvidia's best efforts, GeForce RTX 30 supplies remain tight, and GPU-based Ethereum mining is still prevalent in today's market. While GPU prices have steadily dropped since the start of 2022, some GeForce RTX 30 graphics cards are still selling on average for twice their MSRP on eBay.

However, the decision to put a $1 million price tag on the LHR bypass tool seems shortsighted at best. Publicly-available tools already restore a portion of the lost Ethereum mining performance for affected Ampere graphics cards. As a result, it's probably not worth it for even a large-scale mining operation to fork over $1 million for the privilege of unlocking the GPU's full performance potential.

The other more damning proposition is that the move to Proof of Stake will further sideline the importance of GPUs for Ethereum mining. The off-delayed transition, dubbed "The Merge," is expected to occur in 2022. So miners would have a limited window to make back their $1 million outlay to Lapsus$ given the rough seas ahead for Ethereum mining.

In other news, Lapsus$ is demanding that Nvidia commit to open-sourcing its GPU drivers across all major platforms (Windows, Linux, macOS) "from now on and forever." If Nvidia doesn't respond by Friday, Lapsus$ claims that it will "release the complete silicon, graphics, and computer chipset files for all recent NVIDIA GPUs, including the RTX 3090 Ti and upcoming revisions." 

Earlier this week, Lapsus$ also claimed it would release the source code for Nvidia's Deep Learning Super Sampling (DLSS) technology. The hacker group, which says that it obtained over 1TB of data from Nvidia, also asserts that it unearthed information on upcoming Ada, Hopper and Blackwell GPUs.

For its part, Nvidia said that it is "aware of a cybersecurity incident which impacted IT resources." The company went on to add, "we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident."

Brandon Hill

Brandon Hill is a senior editor at Tom's Hardware. He has written about PC and Mac tech since the late 1990s with bylines at AnandTech, DailyTech, and Hot Hardware. When he is not consuming copious amounts of tech news, he can be found enjoying the NC mountains or the beach with his wife and two sons.

  • King_V
    Almost seems like they're making a half-hearted, and clumsy, attempt at painting themselves as the good guys.

    They got caught, they got hacked themselves, and, while it appears they had their data backed up, they seem . . kind of desperate?

    They're giving off a very weird dynamic here, but their talk of wanting things open source, or wanting to free Nvidia GPUs from mining restrictions seem exceptionally insincere.
    Reply
  • spongiemaster
    A million dollars is nothing to Nvidia. They should ship these guys a million dollars in pennies just for laughs. Let's see them try to spend that.
    Reply
  • King_V
    Pretty sure the ransom is demanded in crypto... because it's untraceable. Well, at least, less easily traceable.

    It's probably cheaper, and far more cathartic, to just hack them some more. Sort of like the way NewEgg used to call the bluffs of patent-trolls, and forcibly drag them through the entire expensive legal process.
    Reply
  • hasten
    spongiemaster said:
    A million dollars is nothing to Nvidia. They should ship these guys a million dollars in pennies just for laughs. Let's see them try to spend that.
    You think that they couldnt launder cash in the carribean or in their own state? Its not that hard to do. They will lose a decent percentage, but think of it as tax. Heck, HSBC used to fudge OFAC lookups to launder terrorist funds. BSA helps but doesnt even stop it in the US.
    Reply
  • renz496
    spongiemaster said:
    A million dollars is nothing to Nvidia. They should ship these guys a million dollars in pennies just for laughs. Let's see them try to spend that.

    Some people said the hacking group intend to sell that LHR unlock to miners. That 1 million referring to the amount of they ask of miner if they want it.
    Reply
  • jacob249358
    Scammer gets scammed, they instantly regret it. Welcome to the dmcu. (Dhar Mann cinematic universe)
    Reply
  • hotaru251
    Nvidia wont do it.
    likely a yr until next gen gpu's tops.
    and they get paid no matter what (mining or not) and LHR was only done to appease the masses who couldnt get GPU.


    there is literally no reason for em to pay.
    Reply
  • Friesiansam
    Nvidia will not pay. Paying a blackmailer just encourages them to do it more and, would you trust them to do what they say they will, following payment?
    Reply
  • InvalidError
    Nvidia doesn't give a damn that LHR gets broken, more sustained 3000-series GPU sales without having to drop prices for them and AIBs. Even leaking the design files and drivers may not matter much since you need to be a relatively large company to have the infrastructure to use them. Anyone using a meaningful chunk of stolen IP is going to get found out in short order and this could quickly end in corporate suicide.
    Reply
  • jkflipflop98
    hasten said:
    You think that they couldnt launder cash in the carribean or in their own state? Its not that hard to do. They will lose a decent percentage, but think of it as tax. Heck, HSBC used to fudge OFAC lookups to launder terrorist funds. BSA helps but doesnt even stop it in the US.

    I think the point is they'd have to shovel up about 200 tons of copper off the street to spend their money.
    Reply