500 Million Dogecoins Mined by Unknown Hacker in Malware Attack

The hacker used data hubs to mine $200,000 in dogecoin in an attack researchers called "unprecedented".

AccessTimeIconJun 17, 2014 at 9:00 p.m. UTC
Updated Sep 11, 2021 at 10:53 a.m. UTC

An unknown hacker has reaped an estimated 500 million dogecoins – worth nearly $200,000 at today's prices – by hacking into a series of data storage hubs for computer networks, according to SecureWorks, an information services subsidiary of personal computing giant Dell.

The SecureWorks report revealed that the hacker targeted network attached storage (NAS) boxes made by Taiwan-based Synology Inc. and used its computing power to mine dogecoin through a private pool. The action caused problems for Synology’s customers, some of whom reported poor performance on Facebook in February.

SecureWorks called the months-long intrusion unprecedented, saying:

"To date, this incident is the single most profitable, illegitimate mining operation."

Following reports of an issue, the investigators ultimately discovered a folder entitled ‘PWNED’ that contained the mining software CPUMiner and the capacity to conceal the program.

The address the mined dogecoins were being sent to was also identified, revealing the accumulation of more than 400 million dogecoins. Along with another wallet, the hacker generated roughly 500 million dogecoins between January and April.

In addition to exploring the technical aspects of the attack, SecureWorks delved into the possible identity of the assailant, suggesting that "the findings strongly indicate that the threat actor is of German descent".

Hacker used private pool

The configuration file of the software that was infecting Synology’s NAS boxes pointed to the presence of hidden mining software. CPUMiner, the program used, had been modified to run on the boxes and was connecting to a dogecoin pool not associated with any public mining group, SecureWorks said. Each NAS box acted as an individual miner, connecting to the pool and generating dogecoins.

SecureWorks accessed the data being sent to the NAS boxes, which allowed them to ascertain the dogecoin wallet address holding the fraudulently mined dogecoins, as well as the possible identity of the hacker.

Dubbed "foilo.root3" in the configuration file, the user appears to have a connection with accounts on GitHub and BitBucket, although it remains unclear whether the name is unique to a single person.

Mining malware gains

The dogecoin mining attack represents one of the more creative approaches to generating digital currency through fraudulent means. Other recent attempts have found wrongdoers using unique means to upload software to mine bitcoin, but in nearly all cases, the program was designed to conceal itself and its operations.

Last month, unknown hackers attempted to distribute bitcoin mining malware through a modified torrent file of the video game Watch Dogs. This attack was notable as it targeted another form of online piracy.

A more unusual concealed attempt to create mining botnets out of mobile phones was uncovered in April. At the time, a group of wallpaper apps listed on the Google Play app store were discovered to contain bitcoin mining programs and were subsequently removed.

Image via Dig Doge


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.