24 Jun 2014

Over 500 Million DogeCoins Mined on Vulnerable Synology NAS

Hackers have mined more than 500 million DogeCoins by exploiting a vulnerability in some Synology's network attached storage systems, according to PCMag's SecurityWatch. All mined DogeCoins are said to be worth over $600.000. The affected systems display certain lags and spikes in CPU usage.

"To date, this incident is the single most profitable, illegitimate mining operation," said Pat Litke, a Dell SecureWorks researcher. "As cryptocurrencies continue to gain momentum, their popularity as a target for various malware will continue to rise.”

The exploitation seems to have been seen since early February, as the vulnerabilities probably were command injection flaws and unauthenticated remote file download. The mining process seems to have occurred from January to late February of this year.

Synology patched the flaws in September last year and in late February. Synology now auto-updates its operating system due to incidents such as this one.