Coinhive Miner Proliferating Exponentially

Last updated: Mar 30, 2023
6 Min Read
AI Generated Summary

Launched on the 14 of September, Coinhive is a relatively new website JavaScript plugin that garnered some interest from the cryptocurrency community. However, over the past month, it has grown at a near exponential rate and is mining vasts amounts of Monero for those who are using it legitimately or otherwise.

It has been discovered on sites such as the Piratebay, CBS ShowTime and a number of other streaming websites. Some of these are been done by the actual webmasters themselves while others are exploiting vulnerabilities in well-known websites in order to make money with them in an elicit fashion.

This is not the first time that miners have used malware to mine crytpocurrency from unsuspecting users. It was recently discovered by Kaspersky security labs that hackers had spread windows exploits that mined Monero on a user’s PC in the background.

What is Coinhive?

Coinhive Monero Miner WebsiteFor those who have not heard about it, Coinhive is a JavaScript library that someone can insert into their websites code. It is then programmed to self-execute in the browser of the user and will utilise their CPU to crunch some numbers on the Monero blockchain.

Although many may look at it as a potentially malicious script, it does have legitimate users and was developed explicitly for that purpose. Instead of these sites having to rely on advertising revenue that could hamper user experience, Coinhive allows the users to contribute to the site through processing power.

For example, the Pirate bay which is a large torrent site, made use of the miner in a test session. This was unfortunately short lived as many users complained about their browsers being used for the benefit of the webmaster. This seemed to have got the ball rolling though.

Next came the news the CBS Showtime brand's website had the curious miner embedded in its code. This was quite suspicious as many people believed CBS would not have implemented this as it would hamper user experience. However, the SetThrottle in the code on ShowTime was set at 0.97 which implies that it only mines 3% of the time. This is not the usual MO of a cyber-criminal.

Using Coinhive on a site can indeed be quite a profitable venture. For example, a recent analysis has concluded that a site with the traffic such as Pirate Bay is likely to make about 12k a month from the mining.

Yet, any innovation no matter the intent could eventually be used for the benefit of cyber criminals and this is exactly what happened in this case as the code spread to all corners of the hacking community.

Exponential Growth

Coinhive Threat Warning AVGAs hackers have realised the potential of the miner, so has it cropped up in a number of other locations. For example, it has been located in the source code of a chrome plugin. This would allow the hackers to mine from the users every time they are using their chrome browser.

Hackers have also used chameleon domains in order to trick the users. For example, they would register a domain such as or the like which looks like the original site. Once users enter this domain they are taking to the fake site which runs the script. Of course, this is only for a short period of time as the user will eventually bounce.

However, if the hacker was to create a number of different chameleon domains like this then they are likely to be able to mine a large amount of Monero across a range of different sites.

Of course, why should a hacker create their own domain when they can merely hack existing websites with a great deal of traffic. This has happened as reports by have discovered sites with the popular WordPress and Magento CMSs that have been hacked and the code inserted.

These scripts could also be used for a number of adware campaigns as the hackers have realised that users are becoming increasingly immune to these ads. Hence, they could make much more if they just load the ads with the JavaScript plugin and let it tick away in the background.

How to Avoid it

You would be pleased to know that a few ad blocking plugins are now beginning to realise the threat posed by JavaScript miners and have started to actively block the script from executing. For example, AdBlock plus is able to recognise the script in the background.

There are also a number of browser plugins that have been developed solely for the purpose of blocking the miners. These include such plugins as MinerBlock and Antiminer.

The Subtle Threat

Although the cybercrime that makes the headlines are the ones that tend to scare, they are sometimes less effective as those that attempt to go under the radar. This is exactly what malware mining scripts are designed to do.

Moreover, because they go unnoticed for a relatively long period of time, people do not report them and hence remove them. This means more profit for the miner. Even though coinhive was developed as an alternative method for site fundraising, it has been exploited.

As a user, if you are able to install the right preventative measures on your browser then you are likely to counter the threat (at least for now).

Featured Image via Fotolia

Editorial Team

The Coin Bureau Editorial Team are your dedicated guides through the dynamic world of cryptocurrency. With a passion for educating the masses on blockchain technology and a commitment to unbiased, shill-free content, we unravel the complexities of the industry through in-depth research. We aim to empower the crypto community with the knowledge needed to navigate the crypto landscape successfully and safely, equipping our community with the knowledge and understanding they need to navigate this new digital frontier. 

Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.

Previous article
Quantconnect Brings Algorithmic Trading to Cryptocurrencies
next article
China Sees Surge of Second Hand Mining Equipment for Sale