Over 1,000 ComfyUI Instances Compromised in Global Cryptomining Attack
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON — More than 1,000 instances of the open-source AI image generation tool ComfyUI were compromised on Monday, allowing attackers to execute unauthenticated code for cryptomining and botnet expansion.
The attack, detected on April 7, 2026, targeted self-hosted installations of the software, which is widely used by developers and artists to create generative AI workflows. Security researchers identified that the vulnerable instances were left exposed to the public internet without authentication protocols, enabling remote code execution.
Once inside the systems, the attackers deployed scripts to mine Monero, a privacy-focused cryptocurrency. The operation also established a command-and-control infrastructure, turning the compromised machines into nodes within a larger botnet. This dual-purpose attack not only generated illicit revenue through mining but also expanded the attackers' network capabilities for potential future operations.
ComfyUI, developed by a community of open-source contributors, allows users to build custom machine learning pipelines. The software's modular nature means it is often hosted on personal servers or cloud environments. The vulnerability exploited in this incident appears to stem from default configurations that lack password protection or firewall restrictions, leaving the interfaces accessible to any internet-connected device.
The scale of the compromise suggests a coordinated effort to scan for exposed instances across the global network. While the specific actors behind the attack remain unidentified, the methodology indicates a focus on high-volume, low-effort exploitation of misconfigured systems. The use of Monero for mining aligns with trends observed in similar campaigns, where the cryptocurrency's untraceable nature is preferred by threat actors.
Security experts have advised users to immediately audit their ComfyUI installations. Recommendations include restricting access to local networks, implementing strong authentication measures, and updating software to the latest versions. Administrators are urged to scan their networks for signs of unauthorized mining activity, such as unusually high CPU usage or unexpected network connections.
The incident highlights the growing risks associated with the rapid adoption of generative AI tools. As more individuals and organizations deploy these technologies, the attack surface expands, creating opportunities for bad actors to exploit weak security practices. The compromise of over 1,000 systems underscores the need for robust security configurations in open-source software deployments.
Questions remain regarding the full extent of the damage and whether the compromised systems were used for purposes beyond mining and botnet expansion. Investigators are working to trace the origins of the attack and determine if any sensitive data was accessed during the intrusion. The situation continues to develop as more details emerge about the vulnerability and the affected systems.