Bitcoin
$64,994.10+6.22%
Ethereum
$3,109.21+4.50%
Binance Coin
$558.44+2.49%
Solana
$144.83+11.80%
XRP
$0.49748154+1.27%
Toncoin
$7.06+18.83%
Dogecoin
$0.15267163+6.94%
Cardano
$0.46047461+4.64%
Shiba Inu
$0.00002276+5.23%
Avalanche
$35.44+5.86%
Wrapped Bitcoin
$65,058.77+8.46%
Tron
$0.10892008-0.73%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Consensus 2024Price Increase Extension Ends In
01
DAY
11
HR
46
MIN
27
SEC
Finance

Hackers Are Attacking Cloud Accounts to Mine Cryptocurrencies, Google Says

Compromised accounts were also used to find new targets and host malware and phishing scams.

By Aoyon Ashraf
AccessTimeIconNov 26, 2021 at 7:26 p.m. UTC
Updated May 11, 2023 at 4:04 p.m. UTC
(John Lund/Stone/Getty Images)
(John Lund/Stone/Getty Images)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Compromised Google Cloud accounts were used by 86% of “malicious actors” to mine cryptocurrencies, according to a new report.

Some 50 Google Cloud Platforms, or GCP, customer instances were compromised, according to the report from Google. Crypto mining typically consumes large amounts of computing resources and storage space, Google’s cybersecurity action team wrote in the report. The remainder of the hacking activities included phishing scams and ransomware.

VolumeMuteUnmute

Over $67M in Crypto Lost to Hacks and Exploits in February: Immunefi Report

  • Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
    00:59
    Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
  • Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
    09:43
    Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
  • Breaking Down the State of Hacking in 2024
    02:01
    Breaking Down the State of Hacking in 2024
  • Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
    00:59
    Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs

    • Exploits remain common in the digital assets sector, especially with large amounts of capital flowing into the industry. In May a hacking group installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of International Business Machines, LinkedIn and eBay.

    Moreover, in August, more than $600 million was stolen in one of the biggest crypto heists to date, exploiting a vulnerability in the Poly Network, although some of the amount stolen was returned. In 2014, Mt. Gox, the world’s largest bitcoin exchange at the time, filed for bankruptcy after hackers stole $460 million worth of crypto.

    Poor security practices

    Most of the attacks on the GCPs are primarily due to poor security practices by the customers, including the use of weak or no passwords. “Malicious actors gained access to the Google Cloud instances by taking advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases,” the report said.

    In the cases of hackers using accounts to mine cryptocurrencies, mining software was installed within 22 seconds of the attack, making manual interventions ineffective in preventing such attacks. “The best defense would be to not deploy a vulnerable system or have automated response mechanisms,” the report recommended.

    To prevent such attacks, the team recommended several different security approaches, including scanning for vulnerabilities, using two-factor authentication and implementing Google’s Work Safer product for security.

    “Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact,” the authors concluded.

    CORRECTION (Dec. 1, 17:47 UTC): Corrects to note that 50 Google Cloud Platform customer instances were compromised, not hacked, in second paragraph.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Aoyon Ashraf
    Aoyon Ashraf

    Aoyon Ashraf is managing editor with more than a decade of experience in covering equity markets

    Follow @Aoyon_A on Twitter

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.