UC San Diego and the University of Maryland researchers have reported findings showing that roughly half of GEO satellite downlinks carry data without encryption.
Further, data interception can be reproduced with just $800 of consumer hardware.
UCSD’s Systems and Networking group lists the paper “Don’t Look Up” for CCS 2025 in Taipei, reinforcing that this is not a lab curiosity but a documented, peer-reviewed disclosure pipeline. The method targets legacy satellite backhaul rather than any single application layer.
For Bitcoin miners and pools operating from remote sites, the exposure maps cleanly to one operational choice: transport security on the path that carries Stratum.
Stratum is the protocol that connects miners to pools, distributes work templates, collects shares and block candidates, directs hashpower, and determines how rewards are accounted for.
Historical deployments of Stratum V1 often run over plaintext TCP unless operators explicitly enable TLS, which means pool endpoints, miner identifiers, and job templates can traverse radio links in the clear when satcom backhaul is in play.
The Stratum V2 specification ships with authenticated encryption by default, using a Noise handshake and AEAD ciphers, which closes the passive interception angle and hardens integrity against share hijack attempts that depend on manipulation of upstream traffic.
This satellite finding does not implicate every “Bitcoin over space” system.
Blockstream Satellite broadcasts public Bitcoin block data as a one-way downlink, and its Satellite API supports encrypted messages from senders, which places it in a different category than GEO backhaul, which transports private control traffic.
A simple sensitivity model frames the downside if network portions still send Stratum V1 over unencrypted satellite links.
Let H denote total hashrate near 1,223 EH/s, and define p_sat as the share using satellite backhaul, p_geo as the share of those on GEO rather than encrypted LEO or terrestrial, and p_v1 as the share still running Stratum V1 without TLS.
At-risk hashrate equals H × p_sat × p_geo × p_v1. The ranges below illustrate order-of-magnitude exposure and the value of migration to TLS or Stratum V2.
The operational guidance follows directly from the protocol stack.
First, enforce TLS across all Stratum V1 endpoints and on the routers in front of them. Then, prefer Stratum V2 for new links and add an SV1→SV2 translation proxy where hardware constraints exist.
TLS 1.3 handshakes are complete in one round trip, and production measurements show low CPU and network overhead on modern systems.
Where operators can avoid legacy GEO, an encrypted LEO service or terrestrial path reduces interception risk, although no transport choice replaces endpoint hygiene.
When GEO remains necessary, enforce encryption at every hop, disable insecure management interfaces on satellite modems, and monitor for anomalies in share patterns and endpoint drift that could reveal interference.
The UCSD and UMD work shows that downlink interception is cheap and scalable with commodity hardware, which weakens any assumption that radio links escape attention due to physical distance from the adversary.
Providers, including T-Mobile, addressed specific findings after disclosure, which shows that remediation is practical once visibility exists.
The next year will determine how quickly pools and miners normalize encrypted transport. One path is secure by default, where pools accept V1 only over TLS and promote V2 broadly. Translation proxies smooth the transition for older fleets, compressing the window for interception.
A slower path leaves a long tail of unencrypted or partially encrypted sites, creating opportunistic exposure for actors with uplink interference capabilities.
A third path resists change and banks on obscurity, which becomes harder to justify as tools from the study percolate and proof-of-concepts move from academia to hobbyist communities.
None of these trajectories requires protocol invention, only deployment choices that align with well-understood primitives.
Confusion around Blockstream Satellite can distract from the actionable fix. Pool credentials do not live in the broadcast of public block data, and its API supports encrypted payloads for user messages, which separates resilience from control-plane privacy.
The study makes one point clear for operators who run from the edge on radio backhaul: plaintext control traffic is now trivial to observe, and encrypting Stratum is a straightforward, low-overhead fix.
The operational path is TLS for V1 today, then Stratum V2.
Node operators, or “noderunners,” face a different risk profile than miners because Bitcoin nodes typically receive and relay public blockchain data rather than private credentials or payment instructions.
Running a full node does not require transmitting sensitive authentication material over a satellite link; the data exchanged, blocks, and transactions are already public by design.
However, if a node relies on GEO satellite backhaul for bidirectional internet access, the same exposure that affects any unencrypted TCP traffic applies: peers, IPs, and message metadata could be observed or spoofed if transport encryption is absent.
Using Tor, VPNs, or encrypted overlay networks like I2P minimizes this footprint.
In contrast to miners using Stratum V1, node operators are not leaking value-bearing control traffic but should still encrypt management interfaces and network tunnels to prevent deanonymization or routing interference.
