The attacks may have been more widespread, as the nature of the attack makes confirmation a somewhat labor-intensive process. At least 22 attacks, each lasting less than 30 seconds, have been confirmed thus far. The attacks were routed to a router on an ISP in Canada, and all of the BTC thefts paid out to a single address. SecureWorks estimates that the attacker made roughly $9,000 per day during the height of the hacking activity.
The attacks are interesting in part because they don’t exploit a weakness in any of the involved cryptocurrency systems, but rather the ISP level of the network. This prompted SecureWorks to suggest that the likely culprit is most likely a current or former employee of the ISP with access to the router’s password. SecureWorks also noted that pools could prevent the attacks in future by requiring miners to use Secure Socket Layer (SSL) protocols.