The CoinHive website for Monero mining was hijacked so that the websites embedded by its code have purposely redirected their generated cryptocurrency to the attackers’ servers, instead of CoinHive’s official servers.
The blooming popularity of cryptocurrencies was so rapid that even attackers have diverted their attention into these digital currencies rather than physical ones. Attackers have devised numerous ways to take advantage of the anonymity of the currency and its characteristic of being almost impossible to trace.
Mining cryptocurrencies can be a costly investment for it consumes a great amount of computing power, and consequently, hackers have started using malware that, ideally, temporarily rents computing resources of computers it hijacks to make money in forms of digital currency. Only last September, 2017, Microsoft Servers were targeted by hackers to mime Monero and have successfully earned $63,000 in three months.
Although researchers not yet identified the attackers, it was reported that the attackers have been infecting unpatched Windows web servers with the cryptocurrency miner since at least May 2017 to mine Monero cryptocurrency.
The reason of hackers choosing Monero is that it uses a proof-of-work algorithm called CryptoNight, which perfectly suits computer or server CPUs and GPUs. However, this is not the first time when researchers have reported such malware mining Monero by temporarily utilizing computing resources of compromised computers.
Officially, CoinHive have released the following statements:
CoinHive have also announced that it will recompense users who have been affected of the hacking incident.
Due to the smallest negligence which is one little piece of information, a Cloudfare account password, that slipped through the internet, the CoinHive have suffered a great lost. This implies that cyber-security is not only about establishing firewalls or general protective measure, but about securing and noting every little cyber-activity that have the potential to cause even the slightest cyber-breach.
Accordingly, it is strongly advised that after reported breaches, affected administrators and users should change their passwords immediately to avoid leakage across the internet. Using pass-phrases must also be avoided. It is also advisable to always use two-factor authentication.
Since CoinHive is one of the most popular service that aids websites to utilize their visitorss computing power, others might have been glad of the CoinHive hacking. However, for those who does not want web pages to take advantage of their computer resources, other third party apps can be installed like No Coin or minerBlock application. There are also browser extensions that can also block web-based miners.