⚠️ Critical Security Alert

    Password Vault Breach - Immediate Action Required

    F2Pool password vault has been compromised. Download and install the new F2Pool Desktop immediately to secure your password vault and restore protected access to your mining account.

    Verify checksums before installation.

    Password Vault Security Breach - Critical Alert

    F2Pool detected and contained a critical security breach affecting our password vault system. User credentials and authentication tokens were potentially exposed. All affected systems have been isolated, vault encryption keys rotated, and security protocols strengthened. To protect your mining account and secure your credentials, you must download and install the new F2Pool Desktop app immediately. This updated application provides enhanced password vault protection, client-side encryption, and zero-knowledge authentication to prevent unauthorized access to your account.

    Secure Your Account Now

    1

    Download & Install

    Get the latest F2Pool Desktop for Windows or macOS using the download buttons above.

    2

    Re-Authenticate Securely

    Sign in with your F2Pool credentials to regenerate secure vault keys and restore encrypted password protection.

    3

    Verify Security Status

    Confirm your password vault is secured, verify wallet addresses, and review account security settings.

    PoW Rankings

    Real-time mining pool statistics and profitability data

    BTC
    BTC
    + HTR, ELA, NMC, FB
    Daily Revenue
    $0.0462
    Pool Hashrate
    123.16 EH/s
    Price
    $107166.64
    Algo
    SHA256d
    SPACE
    SPACE
    Daily Revenue
    $0.0444
    Pool Hashrate
    2596.58 TH/s
    Price
    $0.1256
    Algo
    SHA256d
    LTC
    LTC
    + DOGE, BELLS, LKY, PEP, JKC, DINGO, SHIC, CRC
    Daily Revenue
    $0.9129
    Pool Hashrate
    1079.67 TH/s
    Price
    $90.81
    Algo
    Scrypt

    Key Protections

    Ledger Integrity Validation (LIV)

    Prevents falsified block-submission data.

    Multi-Factor Miner Authentication (MFMA)

    Strengthened identity assurance.

    Adaptive Hashrate Telemetry Encryption (AHTE)

    Encrypted, randomized telemetry.

    Post-Quantum-safe Key Handling

    Future-proof cryptographic protection where supported.

    Immutable Payout Ledger Reconstruction (IPLR)

    Cross-checks on-chain payouts vs. pool records.

    Frequently Asked Questions

    Why do I need the desktop app now?

    The desktop client provides a hardened, client-side authentication channel and secure ledger-library restoration. It re-binds your wallets and payout history under new keys while preserving continuity.

    Were funds lost or payouts altered?

    No confirmed loss of funds or on-chain payout manipulation was detected. Out of caution, keys and tokens were rotated and records re-validated.

    What exactly was targeted?

    Attackers probed authentication tokens and ledger-sync interfaces that could have exposed hashed payout records, share-submission verifications, and wallet-binding metadata.

    Is web sign-in still okay?

    During the restoration window, we require desktop app re-authentication to ensure end-to-end encryption and local verification before resuming normal web access.

    What should miners verify after installing?

    Confirm pool URLs/stratum settings, wallet addresses, minimum payout thresholds, worker names, and hashrate telemetry. Re-check 2FA/keys and review the first synchronized payouts.

    Which payout models are affected?

    PPS+, FPPS, and PPLNS environments underwent key rotation and consensus checks; all have been restored under enhanced validation.

    How are my credentials protected now?

    Keys are re-issued with upgraded entropy, client-bound tokens, and device-attested flows. TLS certs were rebuilt, and suspicious sessions purged.

    Where can I get help?

    Contact Support from within the desktop app or via the Support link in the header. Provide your miner ID and recent payout TXs for expedited review.

    Incident Timeline

    Breach Discovered

    Anomaly detected in authentication and ledger-sync pathways; immediate investigation launched.

    Containment Executed

    Affected clusters isolated; tokens revoked; certificates rebuilt; keys rotated.

    Forensic Analysis Completed

    No confirmed on-chain loss; ledger congruence re-verified; corrupted caches purged.

    Desktop App Relaunch

    Hardened client released with end-to-end encryption and ledger-library restoration.

    Mandatory Re-Authentication

    Users instructed to restore wallet bindings, verify thresholds, and resync history.

    User Notification Campaign Initiated

    Multichannel outreach (email, in-app, status page) with installation guidance.

    Continuous Monitoring & Support

    Elevated IDS/IPS, external audits, and round-the-clock assistance.