Another day, another bitcoin mining hack. According to Threatpost, a group of unknown attackers was able to take control of servers owned by Norwegian mining service, harvest its entire database and take over its website. This isn’t the first problem encountered by the virtual currency and won’t be the last, but the mining disaster points to a canary that’s kicked the bucket and a market that may not be ready for nonstandard funds. Is it time to close the tunnels, shut down the exchanges and take a break from bitcoin?

What’s Yours Is Mine

As noted by The Hacker News, the home page of stood as mute testament to the attackers’ triumph, at least for a few days. While it’s now offline, the compromised version offered to sell Cloudminr’s entire database of 80,000 accounts — including usernames and passwords — for just one bitcoin, or around $240. As proof of their misdeeds, the cybercriminals also modified the homepage to show a partial list of compromised accounts, including plain text passwords.

The low price for this kind of valuable information suggests that profit isn’t the motivator here. As Threatpost pointed out, users had already expressed concern about the site’s legitimacy, and the use of unencrypted passwords to safeguard bitcoin accounts seems to confirm their worst fears.

The Underground Bitcoin Industry

Bitcoin mining collectives aren’t new, and while many engender the same kind of suspicion as Cloudminr, there’s continuing interest here: Why not leverage the power of someone else’s technology to mine virtual currency and generate free money? But bitcoins make tempting targets for malicious actors since, just like cash, it’s impossible to trace the real owner of any single coin.

In January, for example, the Bitstamp exchange was hacked, and $5 million worth of bitcoins was stolen, ZDNet reported. Back in 2013, Wired noted that lost $1.2 million, and every BTC user remembers Mt. Gox.

So where does this leave users? On the horns of a dilemma: The allure of virtual currency is real under ideal conditions, bitcoin mining provides virtually endless income — but the lack of ownership granted single coins combined with the large volume of personal details that must be provided to mining companies makes for a perfect storm, with users underground too busy digging deep to notice that their canary is deathly silent.

Mine after mine claims its particular version of the bitcoin dream is perfectly safe. Here’s the thing: Any time currency and credentials mix online, there’s potential for attack. The fluctuating, unregulated nature of bitcoin makes it the ideal surface since users are always looking for a new way to store, mine or invest their bitcoins. With a little social engineering, brute force and good luck, cybercriminals can effectively reach in, scoop out the gold and leave worthless metal scraps in their wake.

Bitcoin remains a burgeoning industry, but users keep falling for the trap of sites that talk big and skimp on security. Someone will come along and get this right eventually, but for now, this is mining without a canary — dig at your own risk.

More from

Increasingly Sophisticated Cyberattacks Target Healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

4 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read