When Ops Turn Rogue: Inside Baidu’s 2018 Crypto‑Mining Scandal

In early 2018, Baidu employee An, an operations staff member, exploited his privileged access to upload a compressed file miner.tar.gz containing a script named java_4u3. The script automatically unpacked, created directories, deleted traces, and connected to a proxy to gain control over the target servers.

Using the script, An deployed a custom cryptocurrency‑mining program on more than 155 Baidu servers. The malicious code hijacked the servers’ CPU cycles to mine Bitcoin and Monero, sending the generated hashes to a hash‑site that paid out in Bitcoin, which An later converted to cash via otcbtc.com.

The operation yielded roughly 100,000 RMB in profit. After the mining activity was detected by Baidu’s security monitoring system in June 2018, an investigation identified An as the perpetrator. Baidu spent 27,000 RMB on emergency forensic services to extract logs, analyze samples, and trace the breach.

In July 2018, Baidu filed a lawsuit against An for illegal control of a computer information system. The court sentenced him to three years in prison, confiscated 110,000 RMB of illicit gains (with 11,000 RMB offset as a fine), and ordered the return of seized equipment.

The case highlights the significant risk posed by insiders with privileged access, especially in operations roles that manage critical infrastructure. Experts recommend implementing strict approval, logging, and verification procedures for all production‑system actions, separating duties for backup and restoration, and fostering professional ethics among operations staff.