Coinhive shutting down

  • 28 February 2019
  • 2 replies

Userlevel 7
Badge +25
  • Sr. Security Analyst & Community Manager
  • 1163 replies
Coinhive has just made public that they will be shutting down their service on March 8th. Coinhive has become infamous the past year as the innovator behind the javascript based cryptomining service. However, that service quickly turned into the criminal cryptojacking attack campaigns that became so popular in 2018 infecting millions of sites and netting criminals millions in cryptocurrency at victims expense.

I honestly did not see this happening, but I do understand. I believed that coinhive didn't intend for their creation to be abused by criminals. However, they still kept 30% of ALL the earnings. Most of that profit came from illicit mining which has earned them a lot of bad press. 2018 was a terrible year for the price of XMR(monero) which means their service is a lot less profitable now. Combined with the fact that the XMR dev team hard-forked the coin and changed the difficulty of the hashrate means Coinhive is making very little money from actual legitimate miners. They created this service as a way for legitimate domain owners to host their script so they could make enough compensation to replace ads. Ads are annoying and I believe this innovation was aimed at attempting to fix that problem. But what they got was a whole bunch of criminals breaking into other people's domains and injecting them with coinhive scripts that essentially stole from visitors to that domain. Without consent, millions of victims computers were subject to maximum hardware stress for extended periods of time, all to give some criminals a few pennies worth of cryptocurrency per computer.

Would you continue to operate a startup business in which all the money you did make was just a 30% cut of criminals stealing from victims in the form of an increased power bill? Maybe a year ago when the hashing difficulty was easier (you earned more XMR) and XMR was worth 10x more, it might have been easier to "sleep at night" but now it probably just isn't worth it.

Even before this news, there were plenty of other copy cats, so criminals will use other services. At the time of this writing Coinhive had about around 65% share of all cryptojacking campaigns. I anticipate that Cryptoloot, CoinImpt, JSECoin will take larger shares of the cryptojacking attack now that the largest player has left. We might even see a new competitor service emerge.

2 replies

Userlevel 7
Badge +63
Interesting and thanks Tyler!
Userlevel 7
Badge +25

“Javascript based crypto mining!” Really?  Who would trust that?   Just all those words in the same sentence makes me cringe. Would you trust a self driving car that ran on javascript?

Seriously, who did not see this coming?  What's next, Python Crypto mining?  SIGH