Malicious Parties Expected to Use Your System’s Resources Using Coinhive

Coinhive has recently offered website owners to monetize their businesses using a JavaScript miner that employs visitors’ CPU power to mine cryptocurrency. The tool is meant to mine XMR (a cryptocurrency also known as Monero) directly from the browser, which, according to the developer, should allow the website’s owner to switch from monetizing from ads. While it is debatable whether website owners would make more money by mining in the background than showing banner advertisements, it is an option that many websites were quick to test; one of them being While Coinhive is meant to give 70% of the profits to the owner of the website, not everything is as perfect as it might seem to be at first. For one, it looks like the Coinhive miner has attracted more unwanted attention than expected.

If a website owner chooses to employ Coinhive, they load Coinhive JavaScript library to enable the miner. Then, every time the website is visited, the miner taps into the visitor’s CPU resources to mine Monero and make a profit. The payout rate is calculated using this formula: (<solved_hashes>/<global_difficulty>) * <block_reward> * 0.7. While this means that every time someone visits a website, money is being made using a cryptocurrency miner, it also means that the visitor’s CPU resources are being depleted, which might lead to slower performance, which might not be a welcome change, considering that the visitor does not earn anything in return. Moreover, it appears that the owners of websites using Coinhive have failed to inform visitors about it, and that is what the creators of Coinhive addressed in the first blog entry posted on September 22. The statement reads: “We're a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what's going on, let alone asking for their permission. We believe there's so much more potential for our solution, but we have to be respectful to our end users.”

While Coinhive miner’s potential is still being discussed and tested by website owners – which is normal, considering how new this tool is – there is another discussion going on, and this one is more worrying. Malware researchers everywhere report that schemers, hackers, and malware developers have been quick to employ the miner for their own gain. Joseph C. Chen at has reported that a tech-support scam has been found using the JavaScript miner. The scam is introduced via a misleading page imitating a Microsoft Windows security alert and pushing the target to call a bogus tech-support number. Besides promoting a scam, the page also loads the miner to mine cryptocurrency in the meantime. By doing this, the schemers behind all of this are doubling their chances at making a profit. While the miner does not hurt the user in the same way that they could be hurt if they were to contact schemers, this cannot be ignored. The miner has also been employed by SafeBrowse, a Google Chrome extension that is promoted as a tool that allows avoiding ads. If this extension is installed, incredible amounts of CUP power are exhausted.

It was also reported that the Coinhive miner was loaded into WordPress and Magneto sites without their owners’ knowledge, which suggests that attackers can compromise websites by injecting Javascript miner and using it for their own gain. Without a doubt, that is a very easy way for cyber criminals to make money. The miner has also been recently removed from and websites. There has been no official statement from the owner of the websites, and so it is unknown if they were compromised by third-party actors, or if the owners themselves were secretly trying out Coinhive to see if it could be used to make a profit. Overall, it appears that attackers could try to compromise more websites to make money for them, and so website owners must stay vigilant.

Unsurprisingly, Coinhive has been the center of attention in the past few weeks, and the tool has been both praised and ripped apart. While the solution that Coinhive offers is very interesting, the trust might have been lost for good as ad-blockers and anti-malware tools have already started blocking the miner. If the ad-blocker is activated, the owner of the website – or the party controlling the miner via it – is not going to earn any money. If anti-malware software detects the miner, the website could be blocked altogether. It is highly likely that this and other known cryptocurrency miners will be exploited by malicious parties trying to make money, and already-existing malware (e.g., tech-support scams, adware, hijackers, and redirectors) could employ the miner to serve them as well.

There is still a lot to learn, and things could develop in unexpected ways, but in the meantime, website owners are advised to stay careful and vigilant so as not to overlook any breaches linked to the unauthorized placement of the Coinhive miner. Website visitors also need to be vigilant because visiting sites where the miner is active could lead to high usage of CPU resources.