Threat Management, Threat Management, Incident Response, TDR

Coinhive closes its doors

The popular in-browser cryptomining service Coinhive will shutter operations next week, claiming the service isn’t economically viable anymore.

The Monero mining feature offered any website a “legitimate” way to generate income without relying on online advertisements or revenue by using a small piece of Javascript embedded on a webpage to leach computing power from visiting computers to mine the currency.

Coinhive then kept a percentage of the earnings in exchange for the services that have been used by well plenty of well-known sites, including Showtime, and The Pirate Bay, sometimes without informing users.

“The drop in hash rate (over 50 percent) after the last Monero hard fork hit us hard,” Coinhive said on its site. “So did the 'crash' of the cryptocurrency market with the value of XMR depreciating over 85 percent within a year. This and the announced hard fork and algorithm update of the Monero network on March 9 has led us to the conclusion that we need to discontinue Coinhive.”

Coinhive explained that dashboards will be accessible until around April 30, 2019, and that users will be will be able to initiate payouts if their balances are above the minimum payout threshold.

Tyler Moffitt, senior threat research analyst at Webroot, said that the cryptojacking site represented a significant percentage of the malicious URLs his firm has seen.

“Would you continue to operate a startup business in which all the money you made was just a 30 percent cut of criminals stealing from victims in the form of an increased power bill?” Moffitt said to SC Media. “Maybe a year ago when the hashing difficulty was easier (you earned more XMR) and XMR was worth 10x more, it might have been easier to 'sleep at night,' but now it probably just isn't worth it. Even before this news, there were plenty of copycats, so criminals will continue to use other services.”

Moffitt anticipates Cryptoloot, CoinImp and JSECoin will take larger shares of the cryptojacking attack now that the largest player has left and that we may even see new competitors emerge. He added that people have learned to block cryptominers with add-ons but as the threat evolves, criminals will rely more on domain obfuscation, making these methods obsolete.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.