Operation Red Sunset: U.S. Probes Bitmain ASICs for Remote-Control Risks and Grid Exposure

Washington’s latest tech-security worry isn’t a smartphone or router—it’s purpose-built Bitcoin mining rigs. According to people familiar with the matter, the Department of Homeland Security led a federal probe—internally dubbed Operation Red Sunset—into whether Chinese manufacturer Bitmain’s hardware could be remotely accessed for espionage or used to disrupt the U.S. power grid. The review reportedly ran alongside White House National Security Council discussions that began under President Biden and continued into at least the early months of the current Trump administration.

The scrutiny has echoes of the Huawei-era playbook: supply chains, firmware, and data paths are treated as potential leverage points. A July report from the Senate Intelligence Committee concluded that Bitmain’s machines could be compelled to hand over data under China’s national security law and asserted the equipment can be remotely controlled by personnel in China. It cited reporting from October 2023 that backdoors had been identified in Bitmain devices as far back as 2017.

Concern predates today’s political leadership. In May 2024, President Joe Biden ordered MineOne Partners to cease operating a mining facility near Francis E. Warren Air Force Base, citing “foreign-sourced” equipment and “significant national security concerns.” The posture has arguably persisted despite commercial ties: President Donald Trump’s two sons have links to American Bitcoin, which this year agreed to buy 16,000 Bitmain machines in a $314 million deal.

The investigation reportedly involved U.S. customs halting and inspecting Bitmain shipments at ports, and also weighed potential tariff issues. Bitmain, for its part, told Bloomberg it has never engaged in activities that threaten U.S. national security and said it has not been notified of any federal investigation into its products.

The core question deserves a sober read: could an ASIC miner be secretly commandeered at scale without operators noticing? Engineers who live inside these data centers argue that’s unlikely. Nishant Sharma, founder of mining consultancy BlocksBridge, notes these systems are single-purpose devices with limited interfaces—often no Wi‑Fi, minimal OS complexity, and tight operational telemetry. In practice, a backdoor would be more suited to toggling pools, flipping configurations, or power-cycling units than exfiltrating rich data. And those changes surface quickly in dashboards—hashrate swings, stratum behavior anomalies, and odd network traffic draw attention in well-run facilities.

That doesn’t make the risk imaginary. The psychological leverage of a low-probability, high-impact remote kill switch is powerful. Grid planners and national security teams model coordinated outages, not just theft of compute. Even if the most a backdoor can do is stop, start, or repoint miners, synchronized actions across thousands of units could create brief load distortions or materially reroute hashrate—both unwelcome during stress events. The mere perception of hidden control can nudge policy, procurement standards, and capital flows.

The business implication is straightforward: buyers will increasingly demand verifiable firmware provenance, reproducible builds, hardware root-of-trust, and on-prem controllers that block unsolicited outbound connections. Adoption of more secure pool protocols and stricter network segmentation becomes table stakes. Vendors that provide transparent firmware signing, third-party audits, and continuous monitoring hooks will win large U.S. orders; those that resist will find customs inspections and contract carve-outs becoming the norm.

There’s also an ethical tightrope. Blanket suspicion of foreign-made rigs can turn into de facto bans that concentrate supplier power elsewhere and raise costs for U.S. miners, even when technical evidence is thin. A more disciplined approach favors testable controls: mandatory disclosure of remote management capabilities, independent code reviews, and live-fire audits that attempt to trigger unauthorized commands at scale.

Operation Red Sunset signals the new baseline: Bitcoin mining hardware sits inside the national critical infrastructure conversation. Whether or not a covert remote switch exists, the market will act as if it might—until vendors deliver verifiable proofs, and operators build architectures that assume nothing and verify everything.