Last Updated on
NEW YORK (InsideBitcoins) — Networks belonging to Amazon, Digital Ocean, OVH, and others — 51 in all — have been hacked by an unknown assailant. Tens of thousands of dollars worth of cryptocurrencies, and perhaps much more, were hijacked in the process.
Bitcoin miner pools affected include Middlecoin, BTCGuild, LiteGuardian, HashCows, Cleavermining, CloudMines, Coinshift, Ghash.IO, Hashfaster, NoBrainierCrypto, Nut2Pools, WafflePool, Eclipse, Eligius, Slush, Dogecoinr, F2Pool, BitMinter, 50BTC, and others, according to a comprehensive report by Pat Litke and Joe Stewart for SecureWorks, a security services division of Dell.
Bitcoin miners are individuals or companies that earn bitcoins and other cryptocurrencies in exchange for maintaining computers that enable the processing for digital currency transactions.
In total, $83,000 in Bitcoin was systematically stolen from pools of Bitcoin miners, but total losses could increase when the dust settles. Other cryptocurrencies may also be involved in the heist.
The heist was identified by Dell SecureWorks after being tipped off to suspicious activity by a forum user on March 22, 2014. After several weeks of deep research the breakdown on how the theft was pulled off has been revealed:
- First mining systems were mysteriously redirected to an unknown IP address.
- Then, once they were connected to the new IP address, the miners’ systems continued to receive work to process but they no longer earned block rewards (Bitcoins) for their mining efforts.
- The redirection was done by hacking the Border Gateway Protocol (BGP) inside the Internet Service Provider (ISP) that provided the Internet connection to the Bitcoin miner computers.
In total, 19 different ISPs were compromised.
Dell SecureWorks found that all the malicious attacks were traced back to a single router at an ISP in Canada that has not been named.
Who did it?
In short, no one knows. The current speculation is that the assailant is either a random malicious hacker or a rogue past or present employee of the Canadian ISP.
Dell SecureWorks did point out in their report that the theft could have been prevented if the mining computers used Secure Socket Layer (SSL) protocol and server certificate validation. Such technology ensures that miner computers will only communicate if they are certified and validated, regardless of IP address changes.
Written by Darnell Jackson