EPlus3D

Malicious Crypto-Mining Attempt on 3D Printing File Library Thingiverse Stopped In Its Tracks

Formnext Germany

Share this Article

Hi ho, hi ho, it’s off to work we go! [Image: IMDB]

Even though I know the profession itself is not the safest, whenever I hear someone mention mining, I can’t help but get an instant picture in my head of the seven dwarves from Snow White. However, there’s been an uptick over the last several years of a different kind of mining, which is dangerous in its own way: crypto-mining. You’ve likely heard of Bitcoin, which was the first decentralized cryptocurrency – a type of exchange using cryptography to secure the transactions. New units of this type of currency are generated by mining, which, according to How-To Geek, requires an intense amount of computational processing power.

Hackers and other crytocurrency thieves comb the web, searching for vulnerable pages into which they can insert their crypto-mining program scripts, which load and operate under the radar in the background of a computer’s hardware. These malicious scripts, while mining cryptocurrency for a third party, can actually deplete a computer’s processing resources, while the miners get all of the money…bad news all around.

Late last month, MakerBot, which operates the largest 3D printing file library and community in the world – Thingiverse – discovered that malicious crypto-mining code had been inserted into the comments of about 100 3D printable Things, due to a vulnerability in the comments section itself.

While 100 out of the site’s library of over 2 million designs may not sound like much, the malicious attack goes against the Thingiverse friendly spirit of collaboration, not to mention violating its Terms of Use. Unfortunately, because of its open source nature, Thingiverse, like many large, user-generated content sites, is sometimes attacked by people with less than friendly intentions.

The site’s comments section is most often used for embedding helpful content, but in this case, the crypto-mining scripts were inserted instead. Fortunately for everyone involved, the malicious scripts never had access to Thingiverse users’ private data, and the site’s development team, together with the community, acted fast to stop the mining in its tracks.

The offenders were warned, or in some cases banned altogether, and Thingiverse recently deployed a fix, which will prevent similar malicious iframe embeds for the purposes of crypto-mining. However, you will still be able to embed friendly documents and videos in the site’s comments section.

Site users do not need to worry about any unsavory hackers or miners hijacking their uploaded Things, and it’s also not necessary for any extraordinary steps to be taken when accessing the site to protect the computer from attack. However, MakerBot does recommend that any users who are worried about cybersecurity should investigate browser add-ons and apps that can work to block malicious crypto-mining scripts from loading and causing havoc.

According to MakerBot, “We will continue to protect and educate users, and are proud to manage such an important resource for the entire 3D printing community. MakerBot will not tolerate violations of Thingiverse’s Terms of Use.”

MakerBot says, even in light of this recent crypto-mining, it will keep operating the Thingiverse site “in the spirit of openness, community, and sharing.”

This is perhaps the most important takeaway from the incident – makers stick together through thick and thin. When Thingiverse was hit with a major challenge, MakerBot, and the rest of community, stepped up quickly to help protect each other, and their 3D designs.

What do you think of this news? Discuss this and other 3D printing topics at 3DPrintBoard.com or share your thoughts below. 

[Source: MakerBot]

 

Share this Article


Recent News

Carbon Newest 3D Printing Elastomer Is 40% Bio-based

China’s BLT Metal 3D Printing Sales up Almost 60% YOY



Categories

3D Design

3D Printed Art

3D Printed Food

3D Printed Guns


You May Also Like

3D Printing News Unpeeled: BLT, M Holland & Tecnológico de Monterrey

BLT has announced its half year results for 2023 with $2.44 million in profit for the first half year up from a $5.34 million loss last year for the same period....

3D Printing Webinar and Event Roundup: September 24, 2023

We’ve got another eventful week coming up in the 3D printing industry! There are events and conferences in several countries, including the U.S., Canada, and Singapore, and webinars on all...

3D Printing News Briefs, September 16, 2023: Certification, Fuel Cells, Microalgae Ink, & More

In today’s 3D Printing News Briefs, we’re kicking things off with business, as former Waymo legal executive David Tressler joins 6K as its Chief Legal Officer. Moving on, MakerVerse received...

3D Printing News Unpeeled: 16 & 20 lasers & Mighty Buildings Gets $52m

Farsoon Technologies and Bright Laser Technologies (BLT) both unveiled large powder bed fusion machines. Farsoon´s FS1521M has 16 fiber lasers and a 1.5 meters by 850mm Z-axis build volume. BLT´s BLT-S800...