Illegally Released NSA Hacker Tool EternalBlue Being Used to Mine Cryptocurrency

One Year After Their Illegal Release, the NSA’s Classified Exploits Are Still Being Used to Mine Crypto

One year ago, the National Security Agency suffered one of the worst leaks in its history: a series of classified exploits built by the NSA were stolen and published online. Today, those exploits continue to be used to attack cryptocurrency miners worldwide.

One of the exploits, called EternalBlue, is a particularly effective backdoor exploit. EternalBlue can be used to silently break into virtually any Windows machine in the world.

Hackers have used EternalBlue to install ransomware on thousands of computers worldwide. Government organizations, corporations, and even entire towns have ground to a halt due to EternalBlue ransomware attacks.

EternalBlue isn’t the ransomware itself; instead, EternalBlue is simply the exploit that allows attackers to install ransomware. Over the last few months, attackers have used the EternalBlue exploit to install WannaCry and NotPetya, two of the world’s most popular ransomware programs. After infecting a single computer in the network, this malware targets other devices on the network.

Today, however, the EternalBlue backdoor is being used for a new purpose: to install cryptocurrency mining software on users’ computers.

Microsoft Released a Patch Over a Year Ago

After a software exploit leaks online, the software company typically scrambles to patch that exploit as soon as possible.

That’s exactly what happened last year when the NSA’s Windows exploits were posted online. Microsoft quickly released patches slamming the EternalBlue backdoor shut and preventing any further attacks.

Despite the rapid fix, however, “almost a million computers and networks are still unpatched and vulnerable to attack,” according to security firms.

Microsoft released the patch all the way back in March 2017. To this day, however, computers worldwide remain highly vulnerable to the EternalBlue backdoor.

How NSA Exploits Are Being Used for Cryptocurrency Mining

If you’re able to remotely gain control of thousands of computers worldwide, then you can profitably mine cryptocurrency. That’s exactly what modern hackers are doing with EternalBlue and other exploits.

In days gone by, these hackers might have installed ransomware and pried a few hundred dollars out of infected users.

Today, however, things have changed, and users’ machines are being quietly used to mine cryptocurrency. As TechCrunch explains:

“Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.”

Security experts are calling such attacks “WannaMine”. The software uses exploits like EternalBlue to attack a computer. Then, once the backdoor is open, the WannaMine cryptocurrency mining software is installed, and that software is quickly propagated across the network.

One major Fortune 500 multinational company knows that better than anyone. That company was recently hit by WannaMine. After the first machine was infected with the WannaMine cryptocurrency mining virus, the virus quickly spread to 1,000 other machines in the company’s network.

Cryptocurrency mining attacks are nothing new. Last year, as crypto prices surged, we saw a number of infected websites use crypto mining scripts to hijack your browser’s processing power and devote it to cryptocurrency mining.

Some websites also use this system in a legitimate way: instead of running advertisements, they run a cryptocurrency mining script. Your computer’s processing power is used for cryptocurrency mining when you visit the website, and you don’t see advertisements. WannaMine, However, Works Differently.

WannaMine Can Mine Cryptocurrency “Faster and More Efficiently” While Going Unnoticed

We saw clunky cryptocurrency attacks in the past. WannaMine crypto mining exploits, however, work in a different way.

Today’s WannaMine virus is faster and more efficient at mining cryptocurrency than ever before. Security researchers at recently posted a good writeup on the attack.

Essentially, WannaMine is able to mine cryptocurrency efficiently while remaining undetected. One strategy used by the exploit is to activate the mining script just before the computer goes to sleep:

“The PowerShell script will also change the power management settings on the infected machine just before the miners are dropped to prevent the machine from going to sleep and maximize mining power availability”

The end result is a cryptocurrency mining exploit that works more efficiently – and more quietly – than other miners that have come before it. Your computer might be mining cryptocurrency all night – but you won’t know it because it only occurs when you’ve stepped away from your computer.


EternalBlue continues to be a persistent thorn in the side of security experts worldwide. Discovered over a year ago, EternalBlue was patched by Microsoft in March 2017. Today, however, over a million computers remain vulnerable to the attack, and that’s why cryptocurrency mining attacks like WannaMine are spreading worldwide.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Bitcoin Exchange Guide News Team
B.E.G. Editorial Team is a gracious group of giving cryptocurrency advocates and blockchain believers who want to ensure we do our part in spreading digital currency awareness and adoption. We are a team of over forty individuals all working as a collective whole to produce around the clock daily news, reviews and insights regarding all major coin updates, token announcements and new releases. Make sure to read our editorial policies and follow us on Twitter, Join us in Telegram. Stay tuned. #bitcoin

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer


Please enter your comment!
Please enter your name here


Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

YFI Plunge Might be Over After Record Number of Addresses Unload All their Tokens

In the past three days, the DeFi darling YFI has lost more than 36% of its value, going from $34,400 to $21,950 today. At the...

Financial Firms & Law Enforcement Find Cryptocurrencies More Risky Than Opportunistic: RUSI Survey

Financial firms, government, and the private sector all see cryptocurrencies as risky, found a survey by the Royal United Services Institute think-tank and the...

Kadena to Launch DEX to Rival Uniswap; Touts Higher Speeds and Multiple Protocol Support

Kadena announced on Tuesday that it would roll out a Decentralized Exchange (DEX) dubbed ‘Kadenaswap’ towards the end of 2020 in a bid to...

Crypto Exchange Bitpanda Raises $52 Million in Series A Round to Offer Access to Stock Markets

Cryptocurrency exchange Bitpanda has raised $52 million in its first major funding round, Series A led by PayPal co-founder Peter Thiel’s Valar Ventures. Other...

Coinbase Launches Staking Program For Cosmos, ATOM Holders Can Earn 5%

In a blog post released on Wednesday, Coinbase introduced staking on ATOM, promising up to 5% return per annum on the value staked. The...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today