CoinHive’s DNS Used to Mine Cryptocurrency

coinhive

CoinHive which is a popular browser-based service offering website owners to embed a JavaScript code to make use of their site visitors’ CPUs power for mining the Monero cryptocurrency for earning.

An unknown hacker was able to hijack CoinHive’s CloudFlare account which allowed the hacker to modify the DNS servers and replace site’s official JavaScript code which was already embedded into thousands of websites with a modified malicious version.

https://coin-hive[.]com/lib/coinhive.min.js

Hacker was able to perform this trick by reusing a leaked password from 2014 data breach

It appears that the hacker reused an old leaked password to access CoinHive’s CloudFlare account which was a part of the Kickstarter data breach in 2014.

“Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.”

“This third-party server hosted a modified version of the JavaScript file with a hardcoded site key.”

Thousands of websites which were using CoinHive’s Javascript embed code were tricked for about six hours into loading a malicious code that mined Monero cryptocurrency for the hacker rather than the actual site owners as a result.

“We have learned hard lessons about security and used 2FA [Two-factor authentication] and unique passwords for all services since, but we neglected to update our years old Cloudflare account.”

Your Web Browser might be mining cryptocurrency for someone without you knowing

CoinHive came into the media attention a few weeks ago when world’s popular torrent website, The Pirate Bay, was caught secretly using this browser-based cryptocurrency miner on its site.

After this discovery, more than thousands of websites also started using CoinHive as an alternative monetization model by using their site visitors’ CPU processing power to mine cryptocurrencies.

Even some hackers are also using services like this to earn money from compromised websites by injecting a script secretly.

Well, the company is looking for ways to reimburse its users for the revenue that was lost due to the data breach.

How to Block sites from mining cryptocurrency using your CPU power

Due to concerns mentioned above, some Antivirus products such as Malwarebytes and Kaspersky, have started blocking CoinHive’s Javascript to prevent their customers from illegal mining and extensive CPU usage.

You can also install, No Coin Or minerBlock, which are small open source browser extensions (plug-ins) that block coin mining sites.

SHARE