UC San Diego and the University of Maryland researchers have reported findings showing that roughly half of GEO satellite downlinks carry data without encryption.
Further, data interception can be reproduced with just $800 of consumer hardware.
Per WIRED, the team captured telco backhaul, industrial control traffic, and law-enforcement communications, and reported fixes to affected providers where possible.
UCSD’s Systems and Networking group lists the paper “Don’t Look Up” for CCS 2025 in Taipei, reinforcing that this is not a lab curiosity but a documented, peer-reviewed disclosure pipeline. The method targets legacy satellite backhaul rather than any single application layer.
Moreover, the study covered only a slice of visible satellites from San Diego, which implies a wider global surface.
Bitcoin in space – new risks from cheap hardware
For Bitcoin miners and pools operating from remote sites, the exposure maps cleanly to one operational choice: transport security on the path that carries Stratum.
Stratum is the protocol that connects miners to pools, distributes work templates, collects shares and block candidates, directs hashpower, and determines how rewards are accounted for.
Historical deployments of Stratum V1 often run over plaintext TCP unless operators explicitly enable TLS, which means pool endpoints, miner identifiers, and job templates can traverse radio links in the clear when satcom backhaul is in play.
The Stratum V2 specification ships with authenticated encryption by default, using a Noise handshake and AEAD ciphers, which closes the passive interception angle and hardens integrity against share hijack attempts that depend on manipulation of upstream traffic.
According to the Stratum V2 security spec, operators can bridge older rigs through a translation proxy, so firmware swaps on ASICs are not required to start encrypting sessions.
This satellite finding does not implicate every “Bitcoin over space” system.
Blockstream Satellite broadcasts public Bitcoin block data as a one-way downlink, and its Satellite API supports encrypted messages from senders, which places it in a different category than GEO backhaul, which transports private control traffic.
Per Blockstream, the service exists to improve network resilience for receiving blocks in regions with poor internet access and not to carry pool credentials or miner control sessions. Blockstream’s May network update confirms ongoing operations and frequency changes, and does not change the threat model for Stratum links that miners control.
Budget pressure matters for security rollouts. Hashrate is hovering near 1.22 ZH/s, and recent miner economics put hashprice around $51 per PH per day in late September, with the forward curve in the high-forties to low-fifties into the first half of 2026.
According to Hashrate Index, the updated Q4 2025 heatmap details country shares, which helps infer where satellite backhaul is more common due to terrestrial constraints. Present revenue conditions mean operators watch operating costs closely, yet the primary expense for transport encryption is engineering time, not new hardware, which lowers friction for near-term hardening.
A simple sensitivity model frames the downside if network portions still send Stratum V1 over unencrypted satellite links.
Security modeling
Let H denote total hashrate near 1,223 EH/s, and define p_sat as the share using satellite backhaul, p_geo as the share of those on GEO rather than encrypted LEO or terrestrial, and p_v1 as the share still running Stratum V1 without TLS.
At-risk hashrate equals H × p_sat × p_geo × p_v1. The ranges below illustrate order-of-magnitude exposure and the value of migration to TLS or Stratum V2.
ScenarioAssumptions (p_sat / p_geo / p_v1)EH/s at confidentiality riskLow0.5% / 30% / 20%0.37Base1% / 50% / 40%2.45High3% / 60% / 50%11.01Worst-case5% / 60% / 60%22.01
The operational guidance follows directly from the protocol stack.
First, enforce TLS across all Stratum V1 endpoints and on the routers in front of them. Then, prefer Stratum V2 for new links and add an SV1→SV2 translation proxy where hardware constraints exist.
TLS 1.3 handshakes are complete in one round trip, and production measurements show low CPU and network overhead on modern systems.
The performance cost is limited in most deployments, which clears a common objection for remote sites that watch latency and utilization. According to the Stratum V2 spec, authenticated encryption protects both confidentiality and integrity of channel messages, which removes the easy win for passive eavesdroppers documented by the satellite study.
Backhaul choices matter beyond header encryption.
Where operators can avoid legacy GEO, an encrypted LEO service or terrestrial path reduces interception risk, although no transport choice replaces endpoint hygiene.
When GEO remains necessary, enforce encryption at every hop, disable insecure management interfaces on satellite modems, and monitor for anomalies in share patterns and endpoint drift that could reveal interference.
The UCSD and UMD work shows that downlink interception is cheap and scalable with commodity hardware, which weakens any assumption that radio links escape attention due to physical distance from the adversary.
Providers, including T-Mobile, addressed specific findings after disclosure, which shows that remediation is practical once visibility exists.
Can this be patched?
The next year will determine how quickly pools and miners normalize encrypted transport. One path is secure by default, where pools accept V1 only over TLS and promote V2 broadly. Translation proxies smooth the transition for older fleets, compressing the window for interception.
A slower path leaves a long tail of unencrypted or partially encrypted sites, creating opportunistic exposure for actors with uplink interference capabilities.
A third path resists change and banks on obscurity, which becomes harder to justify as tools from the study percolate and proof-of-concepts move from academia to hobbyist communities.
None of these trajectories requires protocol invention, only deployment choices that align with well-understood primitives.
Confusion around Blockstream Satellite can distract from the actionable fix. Pool credentials do not live in the broadcast of public block data, and its API supports encrypted payloads for user messages, which separates resilience from control-plane privacy.
The service strengthens receive-side redundancy for the Bitcoin network in regions with weak connectivity, and does not replace transport security on miner-to-pool links.
The study makes one point clear for operators who run from the edge on radio backhaul: plaintext control traffic is now trivial to observe, and encrypting Stratum is a straightforward, low-overhead fix.
The operational path is TLS for V1 today, then Stratum V2.
Noderunner risk
Node operators, or “noderunners,” face a different risk profile than miners because Bitcoin nodes typically receive and relay public blockchain data rather than private credentials or payment instructions.
Running a full node does not require transmitting sensitive authentication material over a satellite link; the data exchanged, blocks, and transactions are already public by design.
However, if a node relies on GEO satellite backhaul for bidirectional internet access, the same exposure that affects any unencrypted TCP traffic applies: peers, IPs, and message metadata could be observed or spoofed if transport encryption is absent.
Using Tor, VPNs, or encrypted overlay networks like I2P minimizes this footprint.
In contrast to miners using Stratum V1, node operators are not leaking value-bearing control traffic but should still encrypt management interfaces and network tunnels to prevent deanonymization or routing interference.
