July 14, 2015 By Douglas Bonderud 2 min read

Another day, another bitcoin mining hack. According to Threatpost, a group of unknown attackers was able to take control of servers owned by Norwegian mining service Cloudminr.io, harvest its entire database and take over its website. This isn’t the first problem encountered by the virtual currency and won’t be the last, but the mining disaster points to a canary that’s kicked the bucket and a market that may not be ready for nonstandard funds. Is it time to close the tunnels, shut down the exchanges and take a break from bitcoin?

What’s Yours Is Mine

As noted by The Hacker News, the home page of Cloudminr.io stood as mute testament to the attackers’ triumph, at least for a few days. While it’s now offline, the compromised version offered to sell Cloudminr’s entire database of 80,000 accounts — including usernames and passwords — for just one bitcoin, or around $240. As proof of their misdeeds, the cybercriminals also modified the homepage to show a partial list of compromised accounts, including plain text passwords.

The low price for this kind of valuable information suggests that profit isn’t the motivator here. As Threatpost pointed out, users had already expressed concern about the site’s legitimacy, and the use of unencrypted passwords to safeguard bitcoin accounts seems to confirm their worst fears.

The Underground Bitcoin Industry

Bitcoin mining collectives aren’t new, and while many engender the same kind of suspicion as Cloudminr, there’s continuing interest here: Why not leverage the power of someone else’s technology to mine virtual currency and generate free money? But bitcoins make tempting targets for malicious actors since, just like cash, it’s impossible to trace the real owner of any single coin.

In January, for example, the Bitstamp exchange was hacked, and $5 million worth of bitcoins was stolen, ZDNet reported. Back in 2013, Wired noted that inputs.io lost $1.2 million, and every BTC user remembers Mt. Gox.

So where does this leave users? On the horns of a dilemma: The allure of virtual currency is real under ideal conditions, bitcoin mining provides virtually endless income — but the lack of ownership granted single coins combined with the large volume of personal details that must be provided to mining companies makes for a perfect storm, with users underground too busy digging deep to notice that their canary is deathly silent.

Mine after mine claims its particular version of the bitcoin dream is perfectly safe. Here’s the thing: Any time currency and credentials mix online, there’s potential for attack. The fluctuating, unregulated nature of bitcoin makes it the ideal surface since users are always looking for a new way to store, mine or invest their bitcoins. With a little social engineering, brute force and good luck, cybercriminals can effectively reach in, scoop out the gold and leave worthless metal scraps in their wake.

Bitcoin remains a burgeoning industry, but users keep falling for the trap of sites that talk big and skimp on security. Someone will come along and get this right eventually, but for now, this is mining without a canary — dig at your own risk.

More from

Is AI saving jobs… or taking them?

3 min read - Artificial intelligence (AI) is coming to take your cybersecurity job. Or, AI will save your job.Well, which is it?As with all things security-related, AI-related and employment-related, it's complicated.How AI creates jobsA major reason it's complicated is that AI is helping to increase the demand for cybersecurity professionals in two broad ways. First, malicious actors use AI to get past security defenses and raise the overall risk of data breaches. The bad guys can increasingly use AI-based tools for improved reconnaissance…

CISA warns about credential access in FY23 risk & vulnerability assessment

3 min read - CISA released its Fiscal Year 2023 (FY23) Risk and Vulnerability Assessments (RVA) Analysis, providing a crucial look into the tactics and techniques threat actors employed to compromise critical infrastructure. The report is part of the agency’s ongoing effort to improve national cybersecurity through assessments of vulnerabilities in key sectors. Meanwhile, IBM’s X-Force Threat Intelligence Index 2024 has identified credential access as one of the most significant risks to organizations.Both reports shed light on the persistent and growing threat of credential…

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today