Coinhive closing

Coinhive closes – hackers will lose their favorite tool of exploitation

Coinhive development team published a blog post about the discontinuation of Coinhive system. Yes, the same Coinhive that we talked about some time ago. Coinhive cryptocurrency mining script used widely by hackers to exploit hacked websites and their visitors by using the computational power of computers used to browse infected sites.

For the sake of truth, it should be mentioned that Coinhive was not designed as a tool for hackers, but its concept was perfect for exploiting cracked websites. The development team has also developed a Proof of Work Captcha script that acted as bot protection.

Coinhive – Monero cryptocurrency mining script

Everything started as a script that allowed monetization of websites without displaying ads or affiliate links. The main idea of the script was to use the computational power of website visitors computers. This computational power used for Monero (XMR) cryptocurrency mining. Once this script is loaded it starts using a website visitor computer CPU for mining purposes.

Later the same team developed Proof of Work Captcha script used to protect contact forms, comment forms and even login forms from bots by requiring to share some computational power.

However, since the Coinhive script used the CPU, not a GPU its performance was limited and mining was quite inefficient. Anyway, to get some profit from such mining scheme on a single website you needed to have really massive traffic with more extended visitor sessions.

To obtain tangible results more websites with more traffic and more extended sessions needed. Then the hackers got involved in the game.

Coinhive widely used by hackers

Like other cryptocurrencies, Monero allows anonymous transfers. Hackers quickly realized that a vast network of hacked websites could guarantee revenue without complex monetization schemes. The number of hacked sites with injected mining script began to grow drastically. Websites based on the most popular content management systems like WordPress, Drupal, and others were the primary targets.

This trend was immediately noticed. Most of the computer security programs, antivirus programs have started identifying script as malicious software. We have also distributed instructions on how to clean up a website infected with Coinhive script. This script was blocked in browser extensions and other software. There was even a non-blocked version of the Coinhive script that was only activated with user consent.

The end of Coinhive

So the latest statement from script developers says that service will be available only till March 8, 2019. Accounts and payout requests will be active until April 30, 2019. And now the reason:

The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the “crash“ of the cryptocurrency market with the value of XMR depreciating over 85% within a year. This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.

It is a pity that a rather exciting project was included in the harmful activities by hackers and finally killed by economic reasons. On the other hand, fewer tools that motivate hackers to hack more websites for exploitation.

Darius S.

Similar Posts

ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

PCI compliance WooCommerce

What is PCI compliance and do you need it for your WooCommerce store

PCI compliance or more precisely PCI DSS (Payment Card Industry Data Security Standard) developed by the Payment Card Industry Security ...

Leave a Reply

Your email address will not be published. Required fields are marked *