Report: Fraudulent Monero Mining Generates $100K Per Month for Hackers
A German university released a cryptocurrency mining-centric report, Aug. 14, noting a rise in revenue generated by illegal mining software, despite the fall in “cryptojacking.”
Coinhive Faces the Heat Again
As reported by Digital Trends, RWTH University in Aachen, Germany, has presented a detailed account of the infamous, browser-based miner Coinhive being used to produce over $250,000 worth of Monero (XMR) per month for attackers, as per trading value denoted by CryptoSlate at the time of writing.
Developed to be a social good, the Coinhive miner was initially introduced to crypto-enthusiasts to allow them to exchange their extra computing power for access to mine the Monero network. The code, however, targets websites seeking to make money without advertisements, meaning a user’s computer will slow down while it generates coins in exchange for ad-free viewing.
Hackers, meanwhile, have configured Coinhive to send a user’s mined Monero to their own digital wallets by hacking websites and secretly installing the code. They are also plugging Coinhive into legitimate-appearing browser extensions.
Interestingly, the Coinhive miner accounts for 1.8 percent of Monero’s hashing power, with a majority of mining incentives realized for nefarious purposes.
The report noted:
“If we sum up the block rewards of the actually mined blocks over the observation period of four weeks, we find that Coinhive earned 1,271 XMR.”
At the time of writing, Monero is trading at $89.28, signifying a $113,474 profit for hackers in a month of fraudulent mining. Meanwhile, Coinhive developers receive over 30 percent of this amount for providing their tools.
Only 10 Addresses Getting Rich
The research also claims that only 10 wallet addresses received a chunk of the fraudulently mined Monero. In this regard, attackers are using a “short link” service to redirect advertisements to their servers and paying a commission to website administrators.
The report explained:
“With Coinhive, the creator of the short link receives a share of the block reward that is mined by the users visiting the short links.”
For research purposes, the university team ran a “WebAssembly” script to detect web-based mining software running on the internet. Scan results showed a clear dominance of Coinhive, which accounted for 75 percent of mining usage. Comparable scans include AuthedMine, WP Monero Miner and CryptoLoot.
The JavaScript-based Coinhive proves to be an easy target for hackers around the world due to its choice of programming language, and attackers have deployed the open-source mining software to a diverse range of victims–including government websites, corporations and even the San Diego Zoo.