Security experts have uncovered evidence of two huge cyber attacks targeting crypto-currencies such as Bitcoin, warning that the digital money is “ripe for exploitation”
Security experts have uncovered evidence of two huge cyber attacks targeting crypto-currencies such as Bitcoin, warning that the digital money is “ripe for exploitation”.
In one, the thief was able to redirect internet traffic from at least 19 internet service providers (ISPs) to steal crypto-currency from a group of Bitcoin miners. For several short bursts of around 30 seconds the hacker was able to hijack “mining pools” which collaborate to unearth new coins, and redirect any profit to his or her own wallet by using high level protocols that allow the internet’s largest networks to communicate and cooperate.
Researchers from Dell Secureworks estimate that at its peak the hacker was able to steal $9,000 each day of Bitcoin, Dogecoin and Worldcoin. During the attacks the hacker was benefiting from the computing power donate by the pool members, diverting their profits.
“With this kind of hijacking, you can quite easily grab a large collection of clients,” says Pat Litke, one of Dell Secureworks’ researchers. “It takes less than a minute, and you end up with a lot of mining traffic under your control.”
It is believed that the hacker was somehow able to gain access to a staff account at a North American ISP and issue spoofed commands. The researchers are not naming the affected ISP or providing more details of how it was achieved.
Another of Dell’s researchers, Joe Stewart, told Wired: “We’re going to see other events like this. It’s ripe for exploitation.”
The researchers also unearthed a similar attack which targetted Network Attached Storage devices, which people use to store files on their home networks. They found some unusual code in affected Synology devices which they believed “screamed cryptocurrencies”.
Owners were complaining that their NAS drives were “performing sluggishly and had a very high CPU usage”.
Buried deep within discovered code was a Dogecoin wallet address, and analysis revealed that it had received 500m Dogecoins, or roughly £370,000, the bulk of which was earned in January and February of this year. The hacker had been using people’s own hardware to mine digital currencies for his or her own gain.
“To date, this incident is the single most profitable, illegitimate mining operation. As cryptocurrencies continue to gain momentum, their popularity as a target for various malware will continue to rise,” says Pat Litke.
The researchers say that tracking down the perpetrator of crimes like this is often “a wild goose chase that leads down many rabbit holes”. However, clues in his code point to certain online accounts that indicate they are of German descent, they say.