Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Coinhive hacked: Cryptominer's DNS server hijacked to redirect Monero over to hackers


grimm

Recommended Posts

The company said it is currently looking at ways to reimburse users for the lost revenue.

Coinhive said hackers managed to hijack its DNS server, tweak its settings and briefly redirect their generated cryptocurrency over to a third-party server. The cryptominer maker said on Tuesday (24 October) that hackers used an old password for its Cloudflare account that it said was likely leaked in the Kickstarter data breach in 2014.

The team said hackers used the old password to reconfigure Coinhive's DNS settings and briefly replace DNS records that pointed its domain to a new IP address. The new, third-party server hosted a modified version of the coinhive.min.js file that included a hardcoded site key.

"This essentially let the attacker 'steal' hashes from our users," the Coinhive team said in a blog post on Tuesday.

As a result, thousands of sites worldwide that loaded the manipulated script to mine Monero actually did so for the hacker rather than legitimate site owners. The hackers reportedly had control over Coinhive's domain name for around six hours.

However, Coinhive said no account information was leaked and its web and database servers were not accessed in the attack. However, it did not specify how much revenue was potentially lost during the attack.

"We have learned hard lessons about security and used 2FA [two-factor authentication] and unique passwords with all services since, but we neglected to update our years old Cloudflare account," Coinhive said. "We are deeply sorry about this severe oversight."

The company said it is currently looking at ways to reimburse users for the lost revenue.

"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate. Please give us a few hours to roll this out," the team said.

As a cryptomining service, Coinhive has grown in recent months allowing site developers to load a Javascript file on their websites that secretly uses a visitor's CPU power to mine Monero. Popular piracy site The Pirate Bay is running Coinhive to mine Monero alongside the site's ads, but with no opt-out option for users.

Hackers also recently inserted Coinhive miner code into popular fact-checking site Politifact to secretly mine cryptocurrencies.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...