Hacker Earns £365,000 Mining Dogecoin With NAS Boxes

An unidentified hacker has made at least $620,496 (£365,750) in Dogecoin virtual currency, after infecting thousands of Network Attached Storage (NAS) servers made by Taiwanese manufacturer Synology with Dogecoin-mining malware.

According to Dell subsidiary SecureWorks, the attacker was using known vulnerabilities in the DiskStation Manager (DSM) software. The company calls it the single most profitable illegitimate crypto-currency mining operation to date.

Synology launched an investigation into the matter in February, after a customer reported that he found a process entitled ‘PWNED’ using up all of his NAS system resources. He also discovered the relevant application files located in a folder under the same name.

Slave miners

NAS systems are simple file servers – essentially just boxes of networked hard drives equipped with their own CPU and RAM and managed by an embedded operating system, usually based on the Linux kernel.

Since January, Synology NAS users had started noticing that their systems were performing slowly while displaying very high levels of CPU usage, even during downtime.

As it turns out, the hacker was able to infect unpatched appliances using known vulnerabilities in its DSM Linux distribution. These vulnerabilities were disclosed by security researcher Andrea Fabrizi in September 2013, and subsequently patched by the company. However, not all users had applied the patches, leaving the door open for the attacker.

An investigation by SecureWorks identified the malware as CPUMiner, compiled specifically for the Synology platform. By following the workload as it was uploaded from the enslaved NAS boxes to the attacker’s server, investigators established that the botnet was used to mine Dogecoin.

Dogecoin started as a joke – a crypto-currency based on the (allegedly) popular Internet meme – but it soon grew into an online payment tool with a current market cap of around $30 million.

Now, the joke is on the owners of Synology NAS boxes – since the middle of January, the hacker had mined at least 500 million Doge, worth around £365,750 on the open market.

A major drawback of mining crypto-currencies using CPU as opposed to specialised ASIC chips is it doesn’t make financial sense – miners would spend more money on electricity than what they would get back in Bitcoin or Dogecoin. But obviously, that was not a concern for the attacker.

One of the users on the Synology Facebook page suggested that the operation could have remained undetected much longer if the hacker didn’t name the folder ‘PWNED’.

Removal of the malware has been discussed at length in the Synology forums.

Last month DogeVault, a popular online virtual currency wallet for Dogecoin, was attacked by hackers who stole almost all of its Doge and “destroyed” the internal systems. It currently aims to repay 25 percent of account balances.

An earlier version of the story erroneously claimed the hacker had made £365 million in Dogecoin.

What do you know about Bitcoin? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

View Comments

  • I've been using cloud contracts for nearly 8 months. I started with a contract I bought with cex and to be fair about it they delivered without any issues, the biggest issue was getting a return on the initial outlay {let alone|least

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

12 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago