ComfyUI Botnet Attack: 1,000+ AI Instances Hijacked for Crypto Mining

Emily Davis · 2026-04-07

Here's something that should make every AI developer and digital privacy professional sit up straight. Right now, there's an active campaign quietly sweeping the internet, specifically hunting for exposed ComfyUI instances. If you're not familiar, ComfyUI is that incredibly popular stable diffusion platform everyone's been using for AI image generation. Well, threat actors have found a way to turn these powerful tools into unwilling soldiers in a cryptocurrency mining and proxy botnet army. Think about that for a second. Someone's creative AI workspace, left exposed online, suddenly becomes a resource-draining cryptominer. It's a stark reminder that in our rush to deploy amazing technology, we sometimes forget the basic security steps. ### How The Attack Actually Works So how are they pulling this off? The mechanics are both simple and sophisticated. Attackers are using a purpose-built Python scanner that does one job relentlessly: it sweeps through major cloud IP ranges. We're talking about the big providers where many developers spin up their ComfyUI instances. This scanner isn't waiting for invitations—it's knocking on every digital door, looking for one that's unlocked. When it finds a vulnerable ComfyUI instance, the automation kicks in. The system checks if there's already an exploitable node installed. If not, it doesn't hesitate. It uses ComfyUI-Manager—a legitimate tool meant for managing extensions—to automatically install malicious nodes. It's like someone using your own key to let themselves into your house.  ### The Role of ComfyUI-Manager in This Mess This is where it gets particularly clever, and a bit unsettling. ComfyUI-Manager is supposed to be helpful. It's the package manager that lets users easily install workflows, nodes, and custom scripts. Developers love it because it streamlines their work. Unfortunately, that convenience has become the vulnerability. The attackers aren't breaking down digital walls. They're walking through an open gate that was left unguarded. By compromising the manager itself, they can push their malicious payload directly into otherwise functional systems. The infected instances then join a botnet that serves two purposes: - Cryptocurrency mining, draining the host's computing power and electricity - Acting as proxy nodes, potentially masking other malicious activities The financial motivation here is clear. Cryptomining is expensive when you're paying for the hardware and power. But when you're hijacking someone else's infrastructure? Suddenly your operational costs drop to nearly zero while your potential profits soar.  ### What This Means For Digital Privacy Professionals If you work with antidetect browsers or digital privacy solutions, this campaign should sound familiar alarm bells. The techniques here—IP scanning, automated exploitation, botnet creation—are the same playbook used against many other systems. The only difference is the specific target. Here's what I'd recommend if you're running any internet-facing AI tools: - Audit your exposed instances immediately - Update ComfyUI and all extensions to their latest versions - Review access logs for unusual scanning activity - Consider whether every instance truly needs to be publicly accessible - Implement proper authentication even for "internal" tools Remember, security isn't about building impenetrable fortresses. It's about making your system just slightly more annoying to attack than the next guy's. Most automated scanners will move on if they encounter any resistance at all. ### The Bigger Picture We Can't Ignore This isn't just about ComfyUI. It's about a pattern we've seen repeated across countless platforms. As one security researcher put it recently: "We build amazing tools with incredible capabilities, then deploy them with default configurations and wonder why they get compromised." The truth is, the AI development space is moving incredibly fast. Sometimes security practices struggle to keep up with the pace of innovation. But incidents like this cryptomining botnet campaign serve as expensive reminders. Every exposed service is a potential entry point. Every default password is an invitation. Every unpatched vulnerability is an opportunity for someone looking to make a quick profit at your expense. Stay vigilant out there. The digital landscape keeps changing, but the fundamental rules of security remain the same. Know what you're exposing, understand your tools, and never assume that just because something is new and exciting, it's immune to old-school attacks.