The cryptocurrency mining software provider said this week that at approximately 10 pm GMT on Monday, the firm received a note from its DNS provider, Cloudflare which warned Coinhive that its account had been accessed by a threat actor.
“The root cause for this incident was an insecure password for our Cloudflare account that was probably leaked with the Kickstarter data breach back in 2014,” the company said. “We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account.”
The company also said it’s looking into ways of reimbursing users who lost revenue for last night’s traffic.
“Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate,” Coinhive said.
The hacker’s model was also simple: Get data from the 2014 Kickstarter leak, find CoinHive’s credentials, then use them to get into their CloudFlare account.
Because the hacker was using data from that breach, it’s not far-fetched to assume that CoinHive has not updated their CloudFlare password since that time. Even worse, it also seems to suggest that the people running the entire operation may have a habit of using the same password for multiple services.
The hacker used CloudFlare to redirect CoinHive’s DNS to his own server, allowing him/her to get access to all the sweet, sweet Monero being mined for a period of at least six hours.
This isn’t the first time that a hacker used CoinHive’s services to make a hefty profit.
In the last weeks, Politifact, a self styled and widely-trusted political fact-checking website—suffered an attack in which a hacker injected a code into its pages, mining Monero from its oblivious visitors.
It’s important to note that CoinHive could not have done anything to prevent that particular incident, but it points towards a worrying trend of hackers in search of riches attempting to hijack websites for their gain.
Based Blockchain Network