You can now find Cyber Kendra on Google News | Telegram

CoinHive DNS Server Hijacked by Unknown Hacker

A crypto mining service CoinHive DNS server has been hijacked by an unknown hacker and replaced with attackers' own DNS which helps in generating cryptocurrency for attackers.

The attacker replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker's own wallet.

The incident was discovered on the 23rd of this month and was fixed later by. After that Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.
This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.


Coinhive says that the root cause of the hack was the leaked database of Kickstarter back in 2014. Attackers have gained access to the Coinhive CloudFront account that was leaked in the Kickstarter data breach.

This is another example of not changing passwords and following best practices.

Coinhive says-
"We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account."  
"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate," Coinhive added.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.