loading...

Coinhive Hacked: Cryptominer’s DNS Breach as Company Reuses Old Password

Coinhive, the Monero miner maker that has proven a hit with ‘pirate’ sites, has been hacked as the company failed to update a password that was at least three years old.

The company said on Tuesday that hackers had used an old Cloudflare account password to reconfigure coinhive.com’s DNS settings.

Coinhive in a statement said “The account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server. This third party server hosted a modified version of the JavaScript file with a hardcoded site key. This essentially let the attacker ‘steal’ hashes from our users.”

The method that the hackers used to access the company’s DNS provider lay in a basic security error.But,the good news is the team stressed that no user account information was leaked and that its website and database servers were uncompromised.

In their official statement company said “The root cause for this incident was an insecure password for our Cloudflare account that was probably leaked with the Kickstarter data breach back in 2014. We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account.”

The company hasn’t revealed how long the unauthorized redirect stayed in place for, but it appears that all coins mined on sites hosting Coinhive’s script were ‘stolen’ during the period, instead of being credited to their accounts.

coinhive said they will reimburse the users for the lost revenue. The plan is to credit all site owners with an additional 12 hours of Monero mining based on their daily average hashrate. One Monero coin, 1 XMR, is worth about $89 right now.

All about Monero

 

As company said the Credential is leaked from Kickstarter hack used to hijack Cloudflare DNS highlighting the dangers of reusing pass phrases and not setting up two-factor authentication for everything.  It demonstrates how dangerous it is to reuse passwords for multiple accounts on the web.

 

Jahnavi M
Vulnerability analyst, Technical Writer, Security Blogger, Co-founder---SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: