Hacker Earns £365,000 Mining Dogecoin With NAS Boxes

An unidentified hacker has made at least $620,496 (£365,750) in Dogecoin virtual currency, after infecting thousands of Network Attached Storage (NAS) servers made by Taiwanese manufacturer Synology with Dogecoin-mining malware.

According to Dell subsidiary SecureWorks, the attacker was using known vulnerabilities in the DiskStation Manager (DSM) software. The company calls it the single most profitable illegitimate crypto-currency mining operation to date.

Synology launched an investigation into the matter in February, after a customer reported that he found a process entitled ‘PWNED’ using up all of his NAS system resources. He also discovered the relevant application files located in a folder under the same name.

Slave miners

NAS systems are simple file servers – essentially just boxes of networked hard drives equipped with their own CPU and RAM and managed by an embedded operating system, usually based on the Linux kernel.

Since January, Synology NAS users had started noticing that their systems were performing slowly while displaying very high levels of CPU usage, even during downtime.

As it turns out, the hacker was able to infect unpatched appliances using known vulnerabilities in its DSM Linux distribution. These vulnerabilities were disclosed by security researcher Andrea Fabrizi in September 2013, and subsequently patched by the company. However, not all users had applied the patches, leaving the door open for the attacker.

An investigation by SecureWorks identified the malware as CPUMiner, compiled specifically for the Synology platform. By following the workload as it was uploaded from the enslaved NAS boxes to the attacker’s server, investigators established that the botnet was used to mine Dogecoin.

Dogecoin started as a joke – a crypto-currency based on the (allegedly) popular Internet meme – but it soon grew into an online payment tool with a current market cap of around $30 million.

Now, the joke is on the owners of Synology NAS boxes – since the middle of January, the hacker had mined at least 500 million Doge, worth around £365,750 on the open market.

A major drawback of mining crypto-currencies using CPU as opposed to specialised ASIC chips is it doesn’t make financial sense – miners would spend more money on electricity than what they would get back in Bitcoin or Dogecoin. But obviously, that was not a concern for the attacker.

One of the users on the Synology Facebook page suggested that the operation could have remained undetected much longer if the hacker didn’t name the folder ‘PWNED’.

Removal of the malware has been discussed at length in the Synology forums.

Last month DogeVault, a popular online virtual currency wallet for Dogecoin, was attacked by hackers who stole almost all of its Doge and “destroyed” the internal systems. It currently aims to repay 25 percent of account balances.

An earlier version of the story erroneously claimed the hacker had made £365 million in Dogecoin.

What do you know about Bitcoin? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

View Comments

  • I've been using cloud contracts for nearly 8 months. I started with a contract I bought with cex and to be fair about it they delivered without any issues, the biggest issue was getting a return on the initial outlay {let alone|least

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

3 days ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

3 days ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

3 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

4 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

4 days ago