New academic research released by RWTH Aachen University has discovered that cryptocurrency miner CoinHive is very profitable. In fact, it’s generating over $250,000 worth of Monero profit every month by hi-jacking internet users’ CPUs. One of the users could have easily been you.
As reported by The Next Web, the research itself provides a broad overview of browser-mining activity across the Web. It reveals that Monero accounts for 75 percent of all browser-based cryptocurrency mining. The organization CoinHive is behind most of it. Thus, it is no wonder that security and investigation reporter Brain Krebs warns readers by claiming:
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users.
What is CoinHive?
CoinHive offers an in-browser, JavaScript-based miner for the Monero Blockchain. People can embed the mining script into a website. Then, when a user visits the website, the script will run the miner from the user’s browser. It will then mine XMR. Whoever embeds the code receives the mining profit.
CoinHive also offers a ‘shortlink solution’. This works much like a regular link — except that, to reach the destination, the user’s machine must perform some hashes (the number of which is set by its creator).
CoinHive argues that these services create the possibility for “an ad-free experience.” In actuality, it has created a new cyber-threat. Users are now paying other people through their CPU power — and they can be completely unaware.
CoinHive Set to Make $1,000,000 in Annual Revenue
The university researchers found that CoinHive is very profitable. Its ad-hoc browser-mining botnet is responsible for 1.18 percent of the entire Monero network. Moreover, the analysis suggests it is generating over 300 XMR (approximately $24,000) per week.
In the research, they note:
If we sum up the block rewards of the actually mined blocks over the observation period of [four] weeks, we find that Coinhive [sic] earned 1,271 XMR. Similar to other cryptocurrencies, Monero’s exchange-rate fluctuates heavily, at time of writing one XMR is worth 200 USD, having peaked at 400 USD at the beginning of the year. Thus, given the current exchange-rate, Coinhive [sic] mines Moneros worth around $250,000 per month […]
CoinHive keeps 30 percent of all mined XMR for itself. That’s $75,000 a month, or almost a million dollars in annual income.
Only 10 Users Dominate CoinHive’s Short Link Service
By scraping through CoinHive’s link database, the research found that there are almost two million active short links. Essentially, they force users to undertake Monero mining. Most of these links lead to video streams or filesharing sites. Yet, what’s more alarming is that most of the profit goes to only 10 users:
Coinhive’s [sic] link forwarding service is dominated by links from only 10 users. They mostly redirect to streaming videos and filesharing sites. We find that most short links can be resolved within minutes, however, some links require millions of hashes to be computed which is infeasible.
That some links are never set to resolve is significant — it highlights how malicious this new service can become.
Bitcoinist has already reported on 200,000 routers in Brazil being injected with modified CoinHive code. Because the code was injected into the router, users were mining Monero in the background of literally every page they visited.
It’s becoming clear that alongside rapid innovation, the blockchain industry is also bringing new threats. Unsuspecting in-browser mining is a pertinent threat that is worrisome. Fortunately, there are some attempts to solve this problem already. For example, security researcher Troy Mursche recommends the browser extension minerBlock. It uses JavaScript detection and a blacklist to limit the possibility of users mining cryptocurrency unexpectedly.
It seems like we are now at war with a new cyber-threat, and it’s turning out to be very profitable.
How will the war on in-browser cryptocurrency mining play-out? Let us know in the comments below!
[Correction: This story was originally reported by The Next Web.]
Images courtesy of Pexels, Shutterstock.
