You can now find Cyber Kendra on Google News!

CoinHive DNS Server Hijacked by Unknown Hacker

A crypto mining service CoinHive DNS server has been hijacked by an unknown hacker and replaced with attackers own DNS which helps in generating crypto currency for attackers.

Attacker replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker's own wallet.

The incidents was discovered on 23rd of this month and was fixed later by. After that Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.
This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.

Coinhive says that the root cause of the hack was the leaked database of the Kickstarter back in 2014. Attacker have gained access to Coinhive cloudfront account that was leaked in Kickstarter data breach.

This is another example of not changing password and following best practices.

Coinhive says-
"We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account."  
"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate," Coinhive added.


Post a Comment