500 Million Dogecoins Mined by Unknown Hacker in Malware Attack

The hacker used data hubs to mine $200,000 in dogecoin in an attack researchers called "unprecedented".

AccessTimeIconJun 17, 2014 at 9:00 p.m. UTC
Updated Sep 11, 2021 at 10:53 a.m. UTC

An unknown hacker has reaped an estimated 500 million dogecoins – worth nearly $200,000 at today's prices – by hacking into a series of data storage hubs for computer networks, according to SecureWorks, an information services subsidiary of personal computing giant Dell.

The SecureWorks report revealed that the hacker targeted network attached storage (NAS) boxes made by Taiwan-based Synology Inc. and used its computing power to mine dogecoin through a private pool. The action caused problems for Synology’s customers, some of whom reported poor performance on Facebook in February.

SecureWorks called the months-long intrusion unprecedented, saying:

"To date, this incident is the single most profitable, illegitimate mining operation."

Following reports of an issue, the investigators ultimately discovered a folder entitled ‘PWNED’ that contained the mining software CPUMiner and the capacity to conceal the program.

The address the mined dogecoins were being sent to was also identified, revealing the accumulation of more than 400 million dogecoins. Along with another wallet, the hacker generated roughly 500 million dogecoins between January and April.

In addition to exploring the technical aspects of the attack, SecureWorks delved into the possible identity of the assailant, suggesting that "the findings strongly indicate that the threat actor is of German descent".

Hacker used private pool

The configuration file of the software that was infecting Synology’s NAS boxes pointed to the presence of hidden mining software. CPUMiner, the program used, had been modified to run on the boxes and was connecting to a dogecoin pool not associated with any public mining group, SecureWorks said. Each NAS box acted as an individual miner, connecting to the pool and generating dogecoins.

SecureWorks accessed the data being sent to the NAS boxes, which allowed them to ascertain the dogecoin wallet address holding the fraudulently mined dogecoins, as well as the possible identity of the hacker.

Dubbed "foilo.root3" in the configuration file, the user appears to have a connection with accounts on GitHub and BitBucket, although it remains unclear whether the name is unique to a single person.

Mining malware gains

The dogecoin mining attack represents one of the more creative approaches to generating digital currency through fraudulent means. Other recent attempts have found wrongdoers using unique means to upload software to mine bitcoin, but in nearly all cases, the program was designed to conceal itself and its operations.

Last month, unknown hackers attempted to distribute bitcoin mining malware through a modified torrent file of the video game Watch Dogs. This attack was notable as it targeted another form of online piracy.

A more unusual concealed attempt to create mining botnets out of mobile phones was uncovered in April. At the time, a group of wallpaper apps listed on the Google Play app store were discovered to contain bitcoin mining programs and were subsequently removed.

Image via Dig Doge


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.