The cryptocurrency craze is in full effect and malicious actors online are looking for vulnerable pages to insert their crypto-mining scripts into.
These scripts quietly load and operate in the background, sapping a computer’s processing resources in order to mine cryptocurrency for a 3rd party.
In late December, MakerBot discovered that a vulnerability in the comments section of Thingiverse allowed malicious crypto-mining code to be inserted into the comments of about 100 Things, out of the site’s library of over 2 million designs. The mining scripts never had access to users’ private data.
The community and Thingiverse’s development team reacted quickly.
They banned or warned offenders and recently deployed a fix that prevents malicious iframe embeds for things like crypto-mining, but still allows for friendly embeds of videos and documents in the comments section.
Thingiverse users don’t need to worry about people hijacking their Things, nor do they need to take extra means to protect their computers when accessing Thingiverse.
MakerBot will continue to operate Thingiverse in the spirit of openness, community, and sharing.
It’s important to note that when Thingiverse faces challenges like this, in the greater context of digital trends, MakerBot and the community have responded quickly and responsibly to protect each other and the hard work they put into their 3D designs.