Friday, April 12, 2024

Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

It is very usual these days to find many applications having a hidden crypto-mining module. But the recent trend is more mainstream and is done via web pages. Yes, now websites have started doing crypto-mining and are done totally in the background, all thanks to Coinhive.

To note, we have already reported about the beginning of this web-based mining last month.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Websites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors.

A traditional miner would go for GPU resources on a device or a PC, but what makes Coinhive different is that it uses CPUs compute power. And this gives it a great advantage because it works on every computing device that can run a javascript page.

A fake 1337x and 400+ websites have this mining script active:

Ad blocker AdGuard last month reported that 220 sites on the Alexa top 100,000 listserve crypto mining scripts to more than 500 million people.

But we found that number crossed its next 100th marker faster, and now more than 400 sites under Alexa top 100,000 are running this script on their visitor’s machines and devices

At GBHackers, we discovered one such fake site ( ) of the very popular torrent sharing site 1337x  doing this. The problem is, when you google this site’s name, the first result you get is the fake website’s address. So, we reported this site immediately to Google and the next day, the script was removed from the source code.

Here is how their script looks like,


As per CoinHive ,

If you run a blog that gets 10 visits/day, the payout will be minuscule. But with just 10–20 active miners on your site, you can expect a monthly revenue of about 0.3 XMR (~$38).

It’s a good deal for a site owner and we like the idea of CoinHive But also, we feel it’s not ready for its prime time yet. We will give you one good reason for that.

It’s not possible to determine the computing potential of every visitor’s machine and set the mining throttle number to some value. If you set it to something high, the visitor’s PC performance will cripple and he will never visit the site again. And if you set it to low, you will not earn much to keep the blog going.

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea,” noted Adam Kujawa, director of Malwarebytes Labs. “The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote: “ The reason we block Coinhive is that there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.

A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl. “

Hearing everyone’s plea and seeing all the fuzz about the abuse, coinhive had come up with a great way of dealing this issue. It’s called . As per Coinhive,  it is similar to the previous cryptocurrency miner but with one crucial and very important addition – a user consent page.

“AuthedMine enforces an explicit opt-in from the end user to run the miner. We have gone to great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”

So, what if you don’t like websites mining crypto-currency using your computer’s power?

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin

But if you are a normal user, install AdGuard’s extension on your browser and you will be good to go. Here is a screenshot of how AdGuard reacts to a website running a crypto-mining script in the backend.


Using Coinhive’s crypto-mining script is definitely a great deal for the blog owners. But unfortunately, it’s a bad news for the visitors as their CPUs power is being continuously eaten which takes a huge toll on their electricity bills.

So, we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.



Latest articles

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Taxi App Vendor Data Leak: 300K Passengers Data Exposed

Around 300,000 taxi passengers' personal information was left exposed on the internet, causing concern...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles