Making money mining Coinhive? Yeah, you and nine other people

Mining internet currency on websites with Coinhive scripts is a lucrative endeavor, but only for a handful of people.

This according to researchers from RWTH Aachen University, who used a new detection technique to track pages mining the cryptocurrency and found that [PDF] just 10 users were responsible for 85 per cent of the links that the Coinhive service uses to mine about $250,000 worth of Monero currency every month.

In other words; it's nice work if you can get it. And you can't get it.

The Aachen U group of Jan Rüth, Torsten Zimmermann, Konrad Wolsing, and Oliver Hohlfeld crawled the Alexa million list of top websites and the full .org domain to gather and the fingerprint code Coinhive scripts embedded on pages to link the mining activity to a Coinhive account.

Typically, a Coinhive user will embed the code (ethically or otherwise) into high-traffic web pages. Visitors to the page then execute the JavaScript to perform the calculations needed to mine blocks that create new Monero. Coinhive then takes a 30 per cent cut of the payout and gives the rest to the user.

Because the Coinhive user spreading the code has to include their account token in the script in order to get paid, the researchers were able to measure who is most active in spreading the Coinhive code via shortened links.

What they found was an extremely top-heavy system where only a few people reaped most of the profits.

"We observe a power-law which highlights the existence of few heavy users that created a large number of links," the researchers said.

"In fact, 1/3 of all links are contributed by a single user only and roughly 85 per cent of all links are created by only 10 users. Of course, a single user could use multiple tokens, however, this would only emphasize our current observations."

Peanuts for CPU cycles

The researchers are not the first people to find this out. Earlier this year, a Japanese man cuffed for illegally spreading the Coinhive code said he only managed to make around 5,000 Yen, or $45, from the scheme.

To be fair, the researchers also note that there simply aren't that many sites actually using Coinhive. They estimate that just .08 per cent of the sites they probed in the study were actually serving the browser mining code, and Coinhive itself only accounts for around 1.18 per cent of all Monero mining.

"While probably profitable for Coinhive, it remains questionable whether mining is a feasible alternative to ads," the researchers note.

Although the figures found in the study are interesting, the researchers say it is their fingerprint detection method that could be the most valuable product of the work. They note that the method could be incorporated by blocklists that are currently unable to detect and filter out many of the shortened links used to redirect users to unauthorized mining pages.

"For its detection, we find the public NoCoin filter list to be insufficient to broadly detect browser mining," the researchers conclude.

"We thus present a new technique based on WebAssembly fingerprinting to identify miners, up to 82 per cent of thereby identified mining websites are not detected by block lists." ®