A hacker earned $83,000 mining cryptocurrencies through hijacking traffic on networks belonging to the likes of Amazon, Digital Ocean and OVH, according to Dell.
Fifty-one networks were compromised across 19 internet service providers (ISPs) in the attack, with the hacker working from February to May of this year.
The mining community became aware of the problem on March 22, when a user named ‘caution’ saw suspicious activity on WafflePool, an altcoin mining pool, and posted a message on bitcointalk.org, a cryptocurrency forum.
As other users confirmed, altcoin miners were being redirected to a malicious mining pool, in which their computers were still solving the complex maths equations to unlock new batches of altcoins like bitcoins, the normal process to release new bitcoins that is otherwise known as mining.
Normally each miner in a pool gets a split of the bitcoins the pool has unlocked, but because the hacker had redirected the miners to the malicious pool, they were not compensated.
A Dell SecureWorks spokesperson said: "The data shows that the hijacker attempted to broadcast illegitimate routes for an entire week in February.
"That activity was apparently unnoticed in the cryptocurrency mining communities, which may suggest that the initial hijacks were not successful."
Bitcoin, Dogecoin, HoboNickels and Worldcoin were targeted during the attack, with the hacker using bogus border gateway protocol (BGP) broadcasts to redirect traffic, according to Dell.
"These hijacks and miner redirections would not have been possible without peer-to-broadcast routes," it added.
Update:
An Amazon spokesman said: "Amazon Web Services’ networks continue to be secure and operate as designed. The issue described is a common Internet scheme that targets an end user’s ISP network.
"It uses a false source to advertise routing information to the end user’s ISP network and subsequently send traffic to the wrong destination."
