How Unsuspecting Homeowners Helped Hackers Mine 500 Million Dogecoins

Security flaws opened the door to a dogecoin mining scam that may have affected thousands.

AccessTimeIconJun 19, 2014 at 8:25 p.m. UTC
Updated Sep 11, 2021 at 10:54 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

New details have emerged regarding the illicit mining of roughly half a billion dogecoins in the winter and early spring of 2014, which mainly targeted unsuspecting homeowners and may have affected thousands of customers of Taiwan-based manufacturer Synology.

Earlier this week it came to light that an as-yet unidentified hacker or hackers gained administrator access to network attached storage (NAS) servers sold by Synology. This resulted in the creation of roughly 500 million dogecoins over a several month-long period, with activity peaking in February.

The malware attempt first came to the company’s attention in September, prompting a quick response and the development of a software fix within four days of initial discovery. A follow-up fix was announced in February. However, some customers failed to update their NAS servers. As a result, those involved with the hack were able to exploit security vulnerabilities and create a botnet that mined bitcoin and dogecoin.

Many of the customers involved were homeowners who largely remained unaware of the problem until it had already been addressed by Synology. Thadd Weil, public relations specialist for Synology America Corp., told CoinDesk that the event was the first time that a digital currency-focused cyber attack successfully impacted their customers.

However, he said that attempts to do so have happened before and are likely to take place again, stating:

“We’ve become a target, because we’re one of the names in network attached storage. As such, nefarious people have been aiming their guns at us since the end of last year, most particularly. We’ve been releasing operating system updates frequently [as a result].”

Initial response led to quick bug fix

Weil explained that in mid-September, the company’s security response teams were alerted to fraudulent activity taking place. He added that the discovery was part of Synology’s routine scanning activities. Within four days of discovering the malicious files embedded in the NAS servers – contained in folders entitled “PWNED” – Synology was able to generate a patch that nullified the effects of the software.

The company later released another update, announced in a February press statement, that outlined the problems and identified the malicious data involved. This response was published after some users took to social media platforms to alert Synology about sluggish performance of their NAS boxes and unusually high CPU usage.

Update protocol flaws

However, the vulnerability remained unaddressed for most users because the fix was not announced on a broad enough scale. Weil acknowledged that the company could have done a better job communicating with customers who may have been at risk, explaining:

“We didn’t do a good enough job letting [our customers] know why they needed to update their operating system.”

Weil continued by saying that prior to the incident, Synology did not directly upgrade the NAS server software. As a result, some customers never addressed the security flaw, which enabled those behind the hack to repurpose the NAS servers for bitcoin and dogecoin mining.

Synology now issues automatic upgrades to its customers as a result of the patch protocol flaw.

Weil added that Synology has been keeping track of the issue since mining activity on its hardware spiked, with the most recent update coming out this week.

Unsuspecting targets

Another part of the problem was that the most common targets in this case were homeowners who don’t nearly use the bandwidth capacities of their NAS servers. Because of this, many customers weren’t even aware of the problem unless they were using significant processing power.

The choice of targeting Synology’s products mirrors attacks on mobile devices and with the intention of creating a botnet. By pooling the resources of many small devices, a hacker or hackers can generate enough hashing power to successfully mine digital currency, whether its bitcoin or dogecoin.

As in those cases, the NAS servers don’t generate much computing power – “it’s kind of like assigning a calculator to do 3D rendering,” as Weil explained – but, on a broad scale, are capable of significant hashing power when used for mining.

Weil was unable to provide a specific number on the amount of customers that were affected, but he speculated that it must have been “in the thousands”.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.