Canaan’s initial public offering prospectus filed with the U.S. Securities and Exchange Commission (SEC) on Oct. 28 indicates it intends to list on NASDAQ under the ticker name CAN and sets a placeholder amount of $400 million for the raise. The final amount of intended raise, valuation and price per share offering have not been decided at this stage.

Canaan Creative, the Avalon bitcoin miner maker and one of the world’s largest mining equipment manufacturers, has just formally filed another attempt to go public – this time in the U.S.

The filing shows the Hangzhou, China-based bitcoin miner maker lost $45.8 million for the six months ending June 30, 2019, on net revenue of $42.1 million, compared to $178.9 million profit on net revenue of $1.947 billion for the first half of 2018.

Canaan said net income in full year 2018 was $8.3 million on net revenue of $394 million, as the bitcoin price plunged in the second half of 2018 from above $6,000 to around $3,000, causing many bitcoin miners to be unprofitable to operate.

The filing marks the third attempt of Canaan in its efforts to go public, after its first and second trial in mainland China and Hong Kong, respectively, both fell through due to market uncertainties.

Chinese media this month pegged Canaan’s valuation at between $2 billion and $3 billion, with 126 million shares to be issued.

The company started considering giving it another go in either mainland China or the U.S. earlier this year and has reportedly filed a draft prospectus confidentially with the SEC in July. But a formal F-1 form was not made public until today.

Bitcoin’s price jump this year has caused the demand for bitcoin mining equipment to outstrip the supply available from several major miner makers, which subsequently led to surging sales for leading manufacturers such as Bitmain, Canaan, and MicroBT. For instance, MicroBT, the maker of WhatsMiner, expects $400 million in revenue just for the third quarter of 2019.

Bitmain, on the other hand, is also reportedly seeking to go public in the U.S. after its long-anticipated IPO failed in Hong Kong as the local exchange and regulators remained uncertain on its sustainability.

AT&T’s Cybersecurity Branch Breaks Down Crypto Miner Threat to Email Servers

AT&T’s Alien Labs is dipping its toes into cryptomining malware analysis with a new technological breakdown of how a monero miner infiltrates networks.

Released Thursday, the report by security researcher Fernando Domínguez provides a step-by-step walkthrough of how one rather low-profile cryptojacker infects and spreads across vulnerable Exim, Confluence and WebLogic servers, installing malicious code that mines monero through a proxy.  Exim servers represent more than half of all email servers, according to ZDNet.

The worm first injects target servers with a BASH script that checks for, and kills, competing mining processes before attempting to infiltrate other known machines in the network. Crypto-miners often kill off competing miners when they infect a system, and for one very simple reason: The more CPU a different process hogs, the less is left over for others, according to the report.

Breached servers then download the script’s payload: an “omelette” (as the downloaded executable file variable is termed) based on the open-source monero miner called XMRig.

Available on GitHub, XMRig is a malware hacker favorite and a common building block in cryptojackers’ arsenal. It has been retrofitted into MacBook miners, spread across 500,000 computers and, in 2017, became so popular that malicious mining reports spiked over 400 percent.

This modified miner does its business via proxy, according to AT&T Alien Labs. That makes tracing the funds, or even discerning the wallet address, nearly impossible without proxy server access.

Frying this omelette is hard. When it downloads, another file called “sesame” – identical to the original BASH script – downloads as well. This is the key to the worm’s persistency: it hitches onto a cron job with a five-minute interval, enabling it to withstand kill attempts and system shutdowns. It can even automatically update with new versions.

AT&T Alien Labs began following the worm in June 2019. It had previously been studied by cloud security analysis firm Lacework in July.

Researchers don’t quite know how widespread this unnamed monero miner is. Alien Labs’ report admits that “it is hard to estimate how much income this campaign has reported to the threat actor”, but notes the campaign is “not very big.”

Nonetheless, it serves as a reminder to all server operators: Always keep your software patched and up to date.

Leave a Reply

Your email address will not be published.