Categories: CryptoNews

In-Browser Mining Script Provider CoinHive Suffers Major DNS Hijack

As most readers are aware, there has been a lot of discussion regarding CoinHive as of late. This particular mining script has made the rounds all over the internet in recent months. Most of the news regarding this platform hasn’t been positive whatsoever. It turns out someone has hijacked the CoinHive DNS to mine cryptocurrency through all the websites which implemented this script.

CoinHive is Hijacked by Unknown Assailant

In a way, it is not entirely surprising to see someone take the time to hack CoinHive’s DNS servers. This on-site cryptocurrency mining script has proven quite popular, although not always for the right reasons. With so many websites implementing this script right now, it is evident there is a growing demand for this particular service. Popularity always comes at a cost, though, as the CoinHive team has found out the hard way.

More specifically, the company is dealing with a massive DNS hijack as we speak. The platform has been breached by an unknown assailant who is using the DNS hijack to mine cryptocurrency on his or her own behalf. This means anyone who is using CoinHive right now may be running a hijacked script and see no earnings whatsoever. That in itself is pretty disturbing, to say the very least.

For now, there isn’t too much information available on who may have hijacked the CoinHive platform. We do know someone got into the company’s CloudFlare account and modified the DNS servers accordingly. This allowed the assailant to replace the legitimate CoinHive code snippet with a malicious version which mines Monero on his or her behalf. While that in itself is highly problematic, things only get worse from there.

Related Post

It seems the CoinHive Cloudflare breach was facilitated by an old password leak dating back to 2014. There was a major Kickstarter data breach at that time, and the CoinHive team used the same password for its Cloudflare login years later. Moreover, there was no additional account security features set up such as 2FA. Bad security practices cannot be excused whatsoever.

The bigger question is how many websites may be affected by this malicious mining script. It is impossible to tell where things stand in this regard. Considering that thousands of websites use this script, though, the damage could be quite severe. For now, the best and safest course of action is to deliberately block any cryptocurrency mining scripts in one’s browser.

This also highlights the larger downside of relying on such scripts for revenue purposes. More specifically, a lot of these scripts are hosted by centralized entities, which form a point of weakness. It is always better to use a self-created script or simply look for other revenue models altogether. Rest assured this is not the last issue involving CoinHive the world will find out about.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

49 mins ago

Top 5 Best Crypto Presales to Grab Now: Don’t Miss These December Week 1 Gems

The crypto market is a buzz with promising presales as 2024 draws the curtains. With…

1 hour ago

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

9 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

9 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

10 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

10 hours ago