Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Making money mining Coinhive? Yeah, you and nine other people

10 users controlling the bulk of cryptocoin generator funds

Shaun Nichols in San Francisco Wed 15 Aug 2018  //  23:23 UTC

Mining internet currency on websites with Coinhive scripts is a lucrative endeavor, but only for a handful of people.

This according to researchers from RWTH Aachen University, who used a new detection technique to track pages mining the cryptocurrency and found that [PDF] just 10 users were responsible for 85 per cent of the links that the Coinhive service uses to mine about $250,000 worth of Monero currency every month.

In other words; it's nice work if you can get it. And you can't get it.

The Aachen U group of Jan Rüth, Torsten Zimmermann, Konrad Wolsing, and Oliver Hohlfeld crawled the Alexa million list of top websites and the full .org domain to gather and the fingerprint code Coinhive scripts embedded on pages to link the mining activity to a Coinhive account.

Typically, a Coinhive user will embed the code (ethically or otherwise) into high-traffic web pages. Visitors to the page then execute the JavaScript to perform the calculations needed to mine blocks that create new Monero. Coinhive then takes a 30 per cent cut of the payout and gives the rest to the user.

Because the Coinhive user spreading the code has to include their account token in the script in order to get paid, the researchers were able to measure who is most active in spreading the Coinhive code via shortened links.

What they found was an extremely top-heavy system where only a few people reaped most of the profits.

"We observe a power-law which highlights the existence of few heavy users that created a large number of links," the researchers said.

"In fact, 1/3 of all links are contributed by a single user only and roughly 85 per cent of all links are created by only 10 users. Of course, a single user could use multiple tokens, however, this would only emphasize our current observations."

Peanuts for CPU cycles

The researchers are not the first people to find this out. Earlier this year, a Japanese man cuffed for illegally spreading the Coinhive code said he only managed to make around 5,000 Yen, or $45, from the scheme.

Ransomware is so 2017, it's all cryptomining now among the script kiddies

READ MORE

To be fair, the researchers also note that there simply aren't that many sites actually using Coinhive. They estimate that just .08 per cent of the sites they probed in the study were actually serving the browser mining code, and Coinhive itself only accounts for around 1.18 per cent of all Monero mining.

"While probably profitable for Coinhive, it remains questionable whether mining is a feasible alternative to ads," the researchers note.

Although the figures found in the study are interesting, the researchers say it is their fingerprint detection method that could be the most valuable product of the work. They note that the method could be incorporated by blocklists that are currently unable to detect and filter out many of the shortened links used to redirect users to unauthorized mining pages.

"For its detection, we find the public NoCoin filter list to be insufficient to broadly detect browser mining," the researchers conclude.

"We thus present a new technique based on WebAssembly fingerprinting to identify miners, up to 82 per cent of thereby identified mining websites are not detected by block lists." ®
Send us news
15 Comments

It's 2025 and almost half of you are still paying ransomware operators

PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more

CoreWeave's $9B Core Scientific acquisition is a bid for more power

All the GPUs in the world aren't worth much if you don't have a place to put them

Armored cash transport trucks allegedly hauled money for $190 million crypto-laundering scheme

PLUS: APNIC completes re-org; India cuts costs for chipmakers; Infosys tax probe ends; and more

Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings

Feds gut host behind pig butchering scams that bilked $200M from Americans

Philippines company allegedly run by Chinese national has form running scams

DOGE worker's old creds found exposed in infostealer malware dumps

PLUS: Celsius scammer sent to slammer; Death-by-hacking victim warns you're never safe; and more

RSA cofounder: The world would've been better without cryptocurrencies

Cryptographers' panel a bit gloomy this year

Bank of England flirts with offline digital dosh

No signal? No problem. But also no solid commitment to Britcoin yet

Is Washington losing its grip on crypto, or is it a calculated pivot to digital dominance?

It's been a very busy week for Digicash Donald's administration

Crypto takes a dip as Trump signs Bitcoin Reserve order

With no allowance to sell and little room to buy, and markets on the slide, it's UB40 time: Red, red, whine

FCC stands up Council on National Security to fight China in ways that CISA used to

PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware

Two arrested after pensioner scammed out of six-figure crypto nest egg

The latest in a long line of fraud stings worth billions each year