View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Bitcoin hacker nets himself a neat $83,000

Unknowing miners have the fruits of their labour pinched.

By Jimmy Nicholls

A hacker earned $83,000 mining cryptocurrencies through hijacking traffic on networks belonging to the likes of Amazon, Digital Ocean and OVH, according to Dell.

Fifty-one networks were compromised across 19 internet service providers (ISPs) in the attack, with the hacker working from February to May of this year.

The mining community became aware of the problem on March 22, when a user named ‘caution’ saw suspicious activity on WafflePool, an altcoin mining pool, and posted a message on bitcointalk.org, a cryptocurrency forum.

As other users confirmed, altcoin miners were being redirected to a malicious mining pool, in which their computers were still solving the complex maths equations to unlock new batches of altcoins like bitcoins, the normal process to release new bitcoins that is otherwise known as mining.

Normally each miner in a pool gets a split of the bitcoins the pool has unlocked, but because the hacker had redirected the miners to the malicious pool, they were not compensated.

A Dell SecureWorks spokesperson said: "The data shows that the hijacker attempted to broadcast illegitimate routes for an entire week in February.

"That activity was apparently unnoticed in the cryptocurrency mining communities, which may suggest that the initial hijacks were not successful."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Bitcoin, Dogecoin, HoboNickels and Worldcoin were targeted during the attack, with the hacker using bogus border gateway protocol (BGP) broadcasts to redirect traffic, according to Dell.

"These hijacks and miner redirections would not have been possible without peer-to-broadcast routes," it added.

Update:

An Amazon spokesman said: "Amazon Web Services’ networks continue to be secure and operate as designed. The issue described is a common Internet scheme that targets an end user’s ISP network.

"It uses a false source to advertise routing information to the end user’s ISP network and subsequently send traffic to the wrong destination."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU