Coinhive’s seemingly evil nature stems from those who use the code. It’s meant to be integrated into websites to tap into the unused portions of your processor and mine digital Monero coins in the background. Released in 2017, Coinhive’s code targets websites that want to make money without running annoying advertisements. The tradeoff is that your PC slows down while it generates digital coins in exchange for ad-free viewing.
But hackers are taking advantage of Coinhive’s potential by breaking into websites, secretly installing the code, and configuring Coinhive to send the resulting Monero to their digital wallets. They are also inserting Coinhive into web browser extensions that appear legitimate on the surface.
“If we sum up the block rewards of the actually mined blocks over the observation period of four weeks, we find that Coinhive earned 1,271 XMR,” the report states. “Similar to other cryptocurrencies, Monero’s exchange-rate fluctuates heavily, at time of writing one XMR is worth $200, having peaked at $400 at the beginning of the year.”
At the time of this publication, the worth of a single Monero digital coin (XMR) dropped to $82. That’s still no chump change at $104,222 for four weeks worth of mining. The Coinhive developers get a chunk of that stash, too, earning 30 percent from each mined XMR.
Where is all of this Monero going? The report claims most of the mined funds are piped to 10 individuals. They’re using a short link service provided by Coinhive that requires web surfers to mine Monero in order to reach their destination. Most of these are resolved in minutes while others require an “unfeasible” number of hashes — in the millions — to compute.
“This link redirection monetization is comparable to short link services delaying the redirection while serving advertisements and paying the link creator a commission,” the report explains. “With Coinhive, the creator of the short link receives a share of the block reward that is mined by the users visiting the short links.”
To broadly detect web-based mining across the internet, the researchers ignored the public No Coin filter and developed a new technique based on WebAssembly. Scans showed Coinhive as the largest web-based mining provider to date with a 75 percent usage across mining websites. Other miners detected by this technique include AuthedMine, WP Monero Miner, and CryptoLoot.
No Coin is actually a browser extension with a blacklist that blocks sites with cryptocurrency mining code. The argument is that even though using these miners is great for removing ads, visitors don’t have means to opt out of the mining process. It’s separate from your typical ad-blocking solution because it addresses a different browsing problem. This extension is available for Google Chrome, Mozilla Firefox, and Opera.