Mining cryptocurrencies is expensive. One hacker passed the cost on to NAS users.

A hacker generated digital coins worth more than $620,000 by hijacking a popular type of Internet-connected storage device from Synology, security researchers said.

The incident, which was documented in a research report published Tuesday by Dell SecureWorks, is only the latest hack to steal other people's computing resources to perform the computationally intense process of digital currency mining. The cryptographic operations behind the process often draw large amounts of power and produce lots of heat. People looking to acquire a large war chest of digital coins typically must pour large amounts of money and effort into the endeavor. One way malicious actors get by this requirement is by compromising large numbers of devices operated by other people. The devices then perform the work at the expense of the unsuspecting end users and pass on the proceeds to the attacker.

According to researchers from SecureWorks*Counter Threat Unit, the attackers exploited four separate vulnerabilities contained in the software of Synology network-attached storage boxes. The vulnerabilities were documented in September and fixed in February by Synology. By then, large numbers of people began complaining their Synology devices were running sluggishly and extremely hot. It turns out that at least some of them were running software that mined large sums of the Dogecoin cryptocurrency.

"To date, this incident is the single most profitable, illegitimate mining operation," SecureWorks researcher Pat Litke wrote. "This conclusion is based in part on prior investigations and research done by the Counter Threat Unit, as well as further searching on the Internet. As cryptocurrencies continue to gain momentum, their popularity as a target for various malware will continue to rise (as can be seen here, in figure 1)."
Given the expense and hassle of mining cryptocurrencies, attackers have been sneaking mining code onto other people's devices for years now; given the skyrocketing prices of Bitcoin, the practice has become more common. In April 2013, researchers unearthed a trojan that spread on Skype that mined bitcoins. A month later, an e-sports service was caught updating its software to secretly mint more than $3,600 worth of the digital currency on the backs on end users. Android apps with millions of downloads have also been found harboring surreptitious mining routines.

The open-source software added to hacked Synology devices was called CPUMiner. It was specially compiled to run on DiskStation Manager, a version of Linux for network devices. By examining the configuration settings, SecureWorks researchers were able to find the public key corresponding to the attacker's Dogecoin wallet. Based on that detail and several Web searches, they concluded the attacker is of German descent and was able to mine more than 500 million Dogecoins, with a face value of $620,496.

The incident is a potent reminder why it's important to install security updates on all Internet-connected devices. Synology users can find more information here on how to patch their devices.