Researchers from the University of California, San Diego and the University of Maryland reported findings showing that about half of GEO satellite downlinks transmit data without encryption.
Additionally, data interception can be reproduced with consumer hardware that costs as little as $800.
According to WIRED, the team captured carrier backhaul, industrial control traffic, and law enforcement communications and reported fixes to affected providers where possible.
UCSD’s Systems and Networking Group lists the paper “Don’t Look Up” for CCS 2025 in Taipei, emphasizing that this is a documented, peer-reviewed disclosure pipeline, not a lab curiosity. This method targets traditional satellite backhaul rather than a single application layer.
Furthermore, this study only covered the part of the satellite visible from San Diego, which means a larger area of Earth’s surface.
Bitcoin in space – new risks from cheap hardware
For Bitcoin miners and pools operating from remote sites, risks map clearly to one operational choice: transport security on the path that carries Stratum.
Stratum is a protocol that connects miners to pools, distributes working templates, blocks shares and candidates, directs hashing power, and determines how rewards are calculated.
Historically, Stratum V1 deployments often run over plaintext TCP unless the operator explicitly enables TLS. This means that pool endpoints, miner IDs, and job templates can pass over the wireless link in clear text when the Satcom backhaul is running.
The Stratum V2 specification ships by default with authenticated encryption using noise handshake and AEAD ciphers. This closes the passive interception angle and strengthens integrity against share hijacking attempts that rely on manipulating upstream traffic.
Stratum V2’s security specifications allow operators to bridge older rigs through translation proxies, eliminating the need to replace ASIC firmware to initiate crypto sessions.
This satellite discovery is not relevant to all “Bitcoin in Space” systems.
Blockstream Satellite broadcasts public Bitcoin block data as a one-way downlink, and its Satellite API supports encrypted messages from senders, putting it in a different category than GEO backhaul, which transports private control traffic.
According to Blockstream, the service exists to improve network resiliency for receiving blocks in areas with poor internet access, and avoids transmitting pool credentials or miner control sessions. Blockstream’s May network update confirms continued operations and frequency changes, leaving the miner-controlled Stratum link threat model unchanged.
Budget pressures are important in security deployments. The hashrate is hovering around 1.22 ZH/s, and recent miner economics suggest that the hash price in late September will be around $51 per PH per day, with a forward curve in the high 40s to low 50s to early 2026.
According to Hashrate Index, the updated Q4 2025 heatmap details each country’s share and helps infer where satellite backhaul is more prevalent due to terrestrial constraints. In the current revenue climate, carriers are closely monitoring operating costs, but the primary cost of transport encryption is engineering time rather than new hardware, which frees up short-term enhancements.
A simple sensitivity model shows the downside of transmitting Stratum V1 over a satellite link where the network portion is still unencrypted.
security modeling
Let me H Shows a total hash rate of around 1,223 EH/s and defines p_sat As a share using satellite backhaul, p_geo as a share on encrypted LEO or GEO rather than terrestrial; and p_v1 Because the share is still running Stratum V1 without TLS.
The hashrate at risk is equal to H × p_sat × p_geo × p_v1. The following ranges illustrate the orders of magnitude risk and value of moving to TLS or Stratum V2.
| scenario | Assumption (p_sat / p_geo / p_v1) | EH/s with confidentiality risks |
|---|---|---|
| low | 0.5% / 30% / 20% | 0.37 |
| base | 1% / 50% / 40% | 2.45 |
| expensive | 3% / 60% / 50% | 11.01 |
| worst case | 5% / 60% / 60% | January 22nd |
Operational guidance follows directly from the protocol stack.
First, apply TLS on all Stratum V1 endpoints and the router in front of them. Then, prioritize Stratum V2 for new links and add an SV1→SV2 translation proxy if hardware constraints exist.
The TLS 1.3 handshake completes in one round trip, and production measurements show low CPU and network overhead on modern systems.
Most deployments have limited performance costs, which eliminates the common objections of remote sites monitoring latency and utilization. According to the Stratum V2 specification, authenticated encryption protects both the confidentiality and integrity of channel messages, eliminating the cakewalk for passive eavesdroppers documented in satellite surveys.
Backhaul selection is more important than header encryption.
If carriers can avoid legacy GEO, encrypted LEO services or ground paths reduce the risk of interception, but there are no transport options that can replace endpoint hygiene.
If GEO is still required, enforce encryption at every hop, disable insecure management interfaces on satellite modems, and monitor sharing patterns and endpoint drift anomalies that may reveal interference.
UCSD and UMD research shows that downlink interception is inexpensive and scalable with commodity hardware. This weakens the assumption that the wireless link escapes attention due to physical distance from the adversary.
Providers, including T-Mobile, addressed certain findings post-disclosure. This shows that remediation is practical once visibility is achieved.
Can this be patched?
Next year will determine how quickly pools and miners normalize encrypted transport. One path is secure by default, and the pool only accepts V1 over TLS and widely promotes V2. Conversion proxies smooth the transition of older fleets and compress the window of interception.
A slow path leaves a long tail of unencrypted or partially encrypted sites, posing an opportunistic danger to attackers with uplink interference capabilities.
The third path is one that resists change and relies on obscurity, but becomes harder to justify as the tools of research percolate and proofs of concept move from academia to hobbyist communities.
None of these trajectories require the invention of protocols, only the choice of deployment along well-understood fundamentals.
Confusion about Blockstream Satellite can distract from practical fixes. Pool credentials are not present within broadcasts of public block data, and its API supports encrypted payloads in user messages, separating resiliency and control plane privacy.
This service increases redundancy on the receiving side of the Bitcoin network in regions with weak connections, but does not replace the transport security of the miner-to-pool link.
This study makes one thing clear for carriers operating from the edge with wireless backhaul. That said, observing the plaintext control traffic is easy, and Stratum encryption is a simple, low-overhead fix.
The current operational path is TLS in V1 and then Stratum V2.
Node runner risks
Because Bitcoin nodes typically receive and relay public blockchain data rather than private credentials or payment instructions, node operators, or “node runners,” face a different risk profile than miners.
When running a full node, there is no need to send sensitive authentication material over the satellite link. The data, blocks, and transactions exchanged are already public by design.
However, if your nodes rely on GEO satellite backhaul for bidirectional internet access, they are exposed to the same risks that affect unencrypted TCP traffic. This means that without transport encryption, peer, IP, and message metadata can be monitored and spoofed.
Using an encrypted overlay network like Tor, VPN, or I2P minimizes this footprint.
In contrast to miners using Stratum V1, node operators do not leak valuable control traffic, but must encrypt their management interfaces and network tunnels to prevent anonymization and routing interference.
