It’s early 2017, winter is in full swing, and I’m putting the finishing touches on my FreeNAS build. Not being much of a builder or systems person, I’ve gone all out on this build, because some tech blogger on the internet told me I should. Loaded with 6-3TB WD Reds, dual Xeons, 32gb of RAM – this thing is ready to…. sit in a closet and run Plex and Time Machine.

Fast forward a couple weeks and it’s starting to dawn on me that I have way more machine than I need to be running FreeNAS, so I start to look into whether mining Bitcoin is still a thing. A few days later and I’m balls deep in terminal, learning how to compile and build scripts. All in hopes of getting a Monero CPU miner that’s built for Ubuntu running on this thing. Turns out the dual Xeons (circa 2013 server farm trash) kinda kick ass at CPU mining.

By Spring, crypto is really taking off in the mainstream, and I’ve managed a nice little collection of Monero before the difficulty went through the roof. That of course led me down the rabbit hole of investing what little money I’ve got into Ethereum, NEO, Iconomi (whoops), all the hotness. I also bought a bunch of GPU’s and got into Ethereum mining, I was hooked. Of course when you get hooked, you want to talk about it with everyone, including your coworkers. Especially when you write code for a living.

So my boss is around my age (early 30's), we both have similar interests, we get along very well. I’ve been blabbing on about crypto for months, and he always tells me I’m crazy for taking the risk, and he’s all about the stock market. Sounds like I’m the only person he knows that is into this stuff. That was until a new hire told us they had bought a single Bitcoin for $2000, which I of course scoffed at, “you should get into Ethereum, Bitcoin already blew up”. (double whoops)

Fast forward a bit more, to early October, it’s my wedding anniversary, my wife and I are just getting home from dinner. We’re about to start packing for our first trip to Europe (we leave in 2 days). I take my phone out of my pocket and it’s flooded with missed calls and texts from my boss. “Did you put a Bitcoin miner on all our websites?”, “You did, I can see it all, what the hell”, etc etc. By the time I get inside and open my computer up, I’ve already been locked out of everything company related. My whole existence sinks to the floor. How am I going to going to pay for this trip, how am I going to afford our medical bills, how can I tell my wife? (without getting into too many details, we have a LOT of out of pocket expenses this year, because MAGA, right?).

Sure enough, I start opening each of our websites in dev tools, Coinhive…. Coinhive…. Coinhive. WHAT, THE, FUCK. Short little functions running Coinhive in the footer of every website, to a Monero wallet. Awesome.

After a full 48 hours of digging wherever I could, and countless phone calls to my boss, we still had no way to find out how it happened… scratch that, not how, but WHO did it. The few logs that existed showed IPs from all around the world pinging in. VPN most likely.

I managed to (I guess) give enough reassurance that it wasn’t me, and I was luckily able to keep my job. But without finding the answer to this whole thing, I can’t help but feel part of him still thinks I did it.

It’s a really shitty feeling, especially being accused outright for something like that. It shows how quickly years of rapport can be cast aside.

Since being allowed “back in”, I’ve found multiple security flaws in our small operation, but nothing along the lines of a smoking gun. (Although our router still having admin/root was pretty shocking to me.) My only real take away from this whole experience is, what did Coinhive expect? They knew damn well this would be exploited the way it was. I’m sure they’re happy that a google search for “coinhive” will produce more results for malware and hackers than it does their actual product.

As Thurgood Jenkins may have said, “I still love crypto, but not as much as I love pussy.”

Has this happened to anyone else? Overseas hackers sounds like a bit much… my assumption is an old employee with access, or some high school/college kid sitting in our parking lot running wireshark or something.