Hacker Earns £365,000 Mining Dogecoin With NAS Boxes

An unidentified hacker has made at least $620,496 (£365,750) in Dogecoin virtual currency, after infecting thousands of Network Attached Storage (NAS) servers made by Taiwanese manufacturer Synology with Dogecoin-mining malware.

According to Dell subsidiary SecureWorks, the attacker was using known vulnerabilities in the DiskStation Manager (DSM) software. The company calls it the single most profitable illegitimate crypto-currency mining operation to date.

Synology launched an investigation into the matter in February, after a customer reported that he found a process entitled ‘PWNED’ using up all of his NAS system resources. He also discovered the relevant application files located in a folder under the same name.

Slave miners

NAS systems are simple file servers – essentially just boxes of networked hard drives equipped with their own CPU and RAM and managed by an embedded operating system, usually based on the Linux kernel.

Since January, Synology NAS users had started noticing that their systems were performing slowly while displaying very high levels of CPU usage, even during downtime.

As it turns out, the hacker was able to infect unpatched appliances using known vulnerabilities in its DSM Linux distribution. These vulnerabilities were disclosed by security researcher Andrea Fabrizi in September 2013, and subsequently patched by the company. However, not all users had applied the patches, leaving the door open for the attacker.

An investigation by SecureWorks identified the malware as CPUMiner, compiled specifically for the Synology platform. By following the workload as it was uploaded from the enslaved NAS boxes to the attacker’s server, investigators established that the botnet was used to mine Dogecoin.

Dogecoin started as a joke – a crypto-currency based on the (allegedly) popular Internet meme – but it soon grew into an online payment tool with a current market cap of around $30 million.

Now, the joke is on the owners of Synology NAS boxes – since the middle of January, the hacker had mined at least 500 million Doge, worth around £365,750 on the open market.

A major drawback of mining crypto-currencies using CPU as opposed to specialised ASIC chips is it doesn’t make financial sense – miners would spend more money on electricity than what they would get back in Bitcoin or Dogecoin. But obviously, that was not a concern for the attacker.

One of the users on the Synology Facebook page suggested that the operation could have remained undetected much longer if the hacker didn’t name the folder ‘PWNED’.

Removal of the malware has been discussed at length in the Synology forums.

Last month DogeVault, a popular online virtual currency wallet for Dogecoin, was attacked by hackers who stole almost all of its Doge and “destroyed” the internal systems. It currently aims to repay 25 percent of account balances.

An earlier version of the story erroneously claimed the hacker had made £365 million in Dogecoin.

What do you know about Bitcoin? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

View Comments

  • I've been using cloud contracts for nearly 8 months. I started with a contract I bought with cex and to be fair about it they delivered without any issues, the biggest issue was getting a return on the initial outlay {let alone|least

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago