Opt-in cryptomining script Coinhive 'barely used' say researchers

We wouldn't say 'barely', says Coinhive

By John Leyden


Few sites are bothering to use the opt-in version of Coinhive, the controversial ride-along JavaScript crypto-mining package that requires end-users' consent to run.

So said security firm Malwarebytes in an analysis emitted on Monday, but Coinhive developers disputed those findings and argued that a third of cryptomining-using websites get their users' consent.

Cryptomining sees web pages operators use visitors' computers to mine for the Monero cryptocurrency as they surf a site. Sometimes the mining is covert, as a result of mining malware infections. Publishers can also run miningware without explicitly telling users about their efforts. On other occasions publishers formally tell visitors they're helping it to raise funds by running mining code.

Coinhive tried to make the last cryptomining scenario legit by offering software that only works after users opt-in. In October 2017 the outfit therefore introduced a new API (AuthedMine) that explicitly requires user input for any mining activity to be allowed.

Reg now behind invisible HTML5 Bitcoin paywall


Data from Malwarebytes, unveiled on Monday, said that in January and February 2018 the opt-in version of Coinhive was used by just 40,000 folk each day compared to three million users of its silent miner. The security software firm adds that even sites that do use the opt-in option may still be crippling machines by running an unthrottled miner, as was the case this month of Salon, a news website.

The developers of Coinhive disputed these figures. “We don't have statistics about the exact number of clients, but as for our raw hashrate: ~35% comes from AuthedMine,” the developers told El Reg via Twitter. “Many sites still use the classic implementation with their own (non intrusive) opt-in or with a prominent opt-out. Ultimately it's the decision of the website owners.”

Malwarebytes' findings were supported by security researcher Troy Mursch who said its figures are consistent with his own research.

The Coinhive crew went on to claim that Malwarebytes blocks AuthedMine, too. “Attempts to get this resolved remained unanswered,” they said.

Malwarebytes' The State of Malicious Cryptomining report also notes how groups used the WannaCry vulnerabilities to infect servers with cryptomining packages, a tactic previously reported by El Reg. ®

Bootnote: The "Read More" box above links to our 2017 April Fool's Day prank, in which we joked that we'd added cryptomining to the site. Not many months later, actual cryptomining became prevalent.

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Kaspersky Lab loses the privilege of giving Twitter ad money

Twitter's loss is the EFF's gain

Sir, you've been using Kaspersky Lab antivirus. Please come with us, sir

US govt bans agencies from using Russian outfit's wares

UK white hats blacklisted by Cisco Talos after smart security code stumbles

Cisco gracefully says it won't charge for the privilege

Kaspersky Lab's move from Russia to Switzerland fails to save it from Dutch oven

Netherlands turns up the heat as transparency plans unveiled

Hackers latch onto new Apache Struts megavuln to mine cryptocurrency

Underground forums alight with Struts chat, we hear

Another US government committee takes aim at Kaspersky Lab

Worries about 'espionage, sabotage, or other nefarious activities' cough - NSA! - cough

It's 'nyet' again, yet again, for Kaspersky: Appeal against US govt ban snubbed by Washington DC court

Appeals judges shoot down Russian vendor's plea

Kaspersky VPN blabbed domain names of visited websites – and gave me a $0 reward, says chap

Updated DNS leak flaws are outside of bug-bounty scope

Pain in the brain! Kaspersky warns of hackable brain implants

That furious clicking you hear is Charlie Brooker frantically writing his next script

Judge bins sueball lobbed at Malwarebytes by rival antivirus maker for torpedoing its tool

Litigious security biz upset at blanket PC ban