Follow Cyber Kendra on Google News! | WhatsApp | Telegram

CoinHive DNS Server Hijacked by Unknown Hacker

A crypto mining service CoinHive DNS server has been hijacked by an unknown hacker and replaced with attackers' own DNS which helps in generating cryptocurrency for attackers.

The attacker replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker's own wallet.

The incident was discovered on the 23rd of this month and was fixed later by. After that Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.
This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.


Coinhive says that the root cause of the hack was the leaked database of Kickstarter back in 2014. Attackers have gained access to the Coinhive CloudFront account that was leaked in the Kickstarter data breach.

This is another example of not changing passwords and following best practices.

Coinhive says-
"We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account."  
"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate," Coinhive added.

Post a Comment