3

Moneropool is currently the second result when googling, "monero mining", however its suggested miner crytonote-easy-miner gets flagged as a trojan by firefox and windows defender. I've read that legitimate cryptocoin miners sometimes trigger false alarms due to actual malware containing them as a payload. Is this such a case? If so why are there no warnings on Moneropool that you're likely to run into this using their suggested miner?

Ceribia
  • 131
  • 1
  • 2
  • I think moneropool is OK. You are correct on the false positives. No warnings, well, you could ask the moneropool admin to add them. I suppose it's mostly for Windows users that this would happen. – user36303 Aug 24 '16 at 18:59

2 Answers2

6

Answering whether a mining pool (or anything in the cryptocurrency space) is safe is an especially tough challenge, but I will try to look at the things that you should consider if you are evaluating a pool's trustworthiness.

First, let's look at the pool's size:

  • moneropool.com currently has a reported hashrate of ~517 kH/s out of a total network hashrate of ~24.7 MH/s according to http://minexmr.com/pools.html.
  • According to the pool, it currently has ~135 workers.
  • This means the pool's workers average ~3.8 kH/s each.

For comparison, one of the largest Monero pools throughout the currency's history is monero.crypto-pool.fr, which has a hashrate of ~4.4 MH/s and ~350 workers, or 12.6 kH/s per worker.

What we can draw from this is that moneropool.com is relatively small in the grand scheme of Monero at a little more than 2% of the total network, and also that smaller miners tend to use the pool. Neither one of those things sound unreasonable, and even at 2% the pool should be able to pull in ~14 blocks per day (there are ~720 blocks each day, once every two minutes). As a sanity check, the pool's reported 11 blocks found in the past 24 hours as of this moment, but over 30 in the past 48 hours. Since some variance is to be expected, this all sounds good.

Now, lets look at some other indicators:

  • According to minexmr.com/pools.html, moneropool.com seems to have a somewhat sinusoidal (wave-like) pattern to its usage, with significant daily highs and lows in terms of hashrate. This could be a number of things, but a few come to mind:

    1. One or more sysadmins mine with moneropool.com, and use unused servers and computer resources to mine at night when their systems are idling.
    2. moneropool.com miners have found some pattern with Monero and another coin that shows that it is more profitable to mine one during the day and the other at night.
    3. A botnet is mining with moneropool.com that relies of computer systems either idling at night or being turned on during the day.

    Please note, none of those three things necessarily say anything about the pool. But they may make you more or less inclined to participate.

  • moneropool.com is using what has essentially become the gold standard in Monero mining pool software, Matt Little's node-cryptonote-pool (https://github.com/zone117x/node-cryptonote-pool). This seems reasonable, and at first glance nothing seems forged or off about it.

  • moneropool.com has a relatively small payout threshold of 0.5 XMR. This seems both reasonable and like a good way to promote a pool to small miners.
  • A quick whois lookup for moneropool.com shows that it was registered through Namecheap.com, a relatively common domain seller, and has been in operation since 15 May 2014, meaning it is over two years old.

Now what does all that mean?

Well, as I prefaced, it can be challenging to say with certainty that a pool is legitimate. However, a quick look at some basic stats do seem to suggest that moneropool.com is at least worth considering. My suggestion? Use it for a week with a small hashrate, then use another pool for a week, and see which pool you like better. Ultimately, there is only so much "evil" any mining pool can do.

My other bit if advice? If a pool suggests a specific miner, be sure to check with a number of other pools to see if they also suggest that miner. Then ask on reddit, bitcointalk, or here to make sure the mining software is valid. Mining software, and not the pools, are where you can really get in trouble if someone is looking to compromise your computer or wallet.

bigreddmachine
  • 3,737
  • 1
  • 10
  • 30
1

I've read that legitimate cryptocoin miners sometimes trigger false alarms due to actual malware containing them as a payload. Is this such a case?

I can't say for certain for that specific software (I don't use it), but in general most Monero CPU miners get flagged. So, this is probably a case of that.

If so why are there no warnings on Moneropool that you're likely to run into this using their suggested miner?

Some pool operators do more than others. For instance, the pool I run, I indicate the problem with virus reports

Ginger Ale
  • 5,676
  • 2
  • 18
  • 46