Cloud Threats Deploying Crypto CDN

A recent malicious campaign exploited the blockchain-based Meson Network, a decentralized content delivery network (CDN) operating in Web3, to create thousands of Meson Network nodes using a compromised cloud account. The attacker leveraged vulnerabilities in a Laravel application and WordPress misconfiguration to gain initial access, then used automated reconnaissance to spawn nearly 6,000 EC2 instances across multiple AWS regions, incurring significant costs for the account owner. The attack focused on using bandwidth and storage rather than traditional crypto mining resources like CPU cycles, as Meson Network rewards tokens based on bandwidth and storage contribution. This incident highlights a shift in attack strategies towards exploiting storage and bandwidth in Web3 technologies, necessitating vigilance and updated security practices to prevent substantial financial losses.