Hackers made $110,000 mining remotely on hijacked HP servers
Between December 9 and 17, a data center of HP servers was the largest contributor to the Raptoreum cryptocurrency’s blockchain. At its peak, the center’s output exceeded that of every other mining system combined. A later investigation found that the servers were most likely under the control of hackers during the period, who would have made approximately $110,000.
At present, the company whose servers were hacked hasn’t made itself known. They’re likely one of the hundred or so major computing groups that have reported themselves as victims of the viral Log4J vulnerability this month, whose number include Amazon, IBM, and Microsoft.
The Log4J vulnerability was found in early December to enable the remote execution of arbitrary code, even on systems running as a localhost with no external connections. It’s since broadly been patched, although it continues to plague servers in niche circumstances.
It was the sudden disappearance of the HP server group on December 17 indicating that the servers had been patched which revealed they were being used non-consensually. One of them, though, has been continuing to mine; possibly it failed to patch, or else it’s being kept as a honeypot.
All of this information is viewable through the Raptoreum blockchain. Its developers are bringing attention to it to dispel the rumor that Raptoreum is unstable. Raptoreum’s base algorithm, GhostRider, is a proof-of-work and proof-of-stake blend that’s intentionally resistant to accelerators and other causes of instability.
GhostRider is particularly fond of AMD CPUs because of their large L3 cache. Raptoreum is surprisingly profitable on AMD’s pricy Epyc server CPUs because of their 256 MB of cache on models with 32 or more cores. This likely prompted the hackers to target the HP servers, which were found in an informal investigation conducted by Raptoreum’s developers to be 9000-series and using Epyc processors.
During the period in which the HP servers were mining, the address they belonged to accumulated about 30% of the total block reward or 3.4 million RTM. It was worth around $110,000 when the hackers sold half of it on CoinEx but the half they’ve kept has slightly decreased in value since.