A Guy Mined $600K of Dogecoin with a Botnet of Storage Devices

It's a bit late to get into the cryptocurrency mining game. To make any serious cash, you need a data center's worth of hardware and equipment to mine for you, 24 hours a day. A much more efficient way is to take over other peoples' devices and get them to do the work for you.

This is exactly what one hacker did, who took control of home networks and used them to mine Dogecoin, the meme based cryptocurrency. According to an investigation published on Dell's SecureWorks blog, the hacker—operating under the pseudonym "Folio"—made over half a million dollars in two months.

It all starts back in September 2013. Andrea Fabrizi, a security consultant, disclosed a series of vulnerabilities of the Linux-based operating system powering certain network-attached storage (NAS) devices. These devices are cheap and very popular, and are used for storing anything, from photos to videos to music.

The vulnerability meant that a hacker could locate a NAS box just by Googling a specific term, and then exploit it to do their bidding. The hacker called Folio figured this out, and put those boxes to use mining Dogecoin.

A Facebook user called Joakim Lotsengard alerted Synology—the company behind the NAS box—to the breach via Facebook back in February, but it was too late: Folio had made most of his cash during the previous two months, according to the Dell blog post.

Folio had planted a CPUMiner—the software needed to mine a cryptocurrency—on the devices, ironically in a folder named "PWNED." In all, he mined over 500 million Doge, roughly equivalent to $620,496. Wow.

The blog's author tracked down the culprit's Github and Bitbucket accounts, giving them the name Folio. Judging by their contents, he is German, and not new to the cryptocurrency mining scene.

We've seen illegal cryptocurrency mining aimed at small devices before, with malware piggy-backing off of mobile phones. Those efforts, however, were pretty pointless, and didn't generate any sort of serious income.

But Dogecoin could be a viable currency for hackers to generate, if they can make a big enough botnet. Dogecoin mining doesn't require much computing power, because its still in the early days of being mined. An earlier adopter could make a load of coin if they tried hard enough, and got their malware on enough devices through a powerful enough exploit—as was the case in the early days of Bitcoin, naturally enough.