Q&A: What is the story with Coinhive?

Unwitting website visitors turned into slaves in a coin-mining chain-gang

Photograph: iStock

Photograph: iStock

 

You may have heard about thousands of websites that were hit by a cryptocurrency miner, turning visitors into an unwitting tool in the quest for digital currency. But what exactly does it all mean?

What happened?

On Sunday it emerged that several thousand websites - including some Irish Government sites - had been hit by a cryptocurrency miner that was hijacking visitors’ systems to mine for digital currency. At the heart of this was Coinghive, a JavaScript plugin. The plugin allows websites to use visitors’ computing power while they’re on the site to mine for cryptocurrency - in this case, monero. It can be built into websites, ostensibly to give website owners a new source of revenue, away from online advertising. However, it can also run without website users’ knowledge.

Cryptocurrency?

Digital currencies such as bitcoin, monero, litecoin and ethereum. They are digital or virtual currencies that use cryptography for security and anticounterfeiting, and operate independently of a centralised authority.

And crypto-mining?

That’s the act of earning cryptocurrency by solving mathematical problems, and adding the transaction into the blockchain. Solve enough of these equations and problems, and you’ll have enough cryptocurrency to swap for actual money, or you can squirrel it away in the hopes that it might start to appreciate in value - similar to bitcoin’s meteoric rise (and subsequent fall).

The blockchain, by the way, is a digitised, decentralised public ledger of transactions that can be verified. New transactions or data is added as a “block” once completed.

How did Coinhive get into people’s systems?

Someone managed to get Coinhive into a legitimate plug in called Browsealoud, which is made by Texthelp. That plugin acts as a screen reader for people with vision impairment or literacy problems, and many websites - including Irish Government sites - have it installed. The tainted version of the plugin ran Coinhive on any browser that visited the site, sucking up resources from laptops, PCs, tablets and phones to help mine monero for whoever was behind the attack. Once Texthelp was alerted to the problem, it disabled Browsealoud until its engineers could fix the problem.

All in all, about 4,200 websites were affected.

Why didn’t people notice?

This particular version of Coinhive can run without your knowledge. It’s just there, working in the background, with no pop ups or permission needed from the site visitor.

So where’s the harm?

Well, it could impact on your machine’s performance. Depending on how old or how powerful your hardware is, you may not notice the impact the cryptomining software has on your device. If it affecting your system, you might find your machine is running slower, the fans are kicking in because your hardware is being pushed to do more than usual, and the CPU is working at a higher rate than normal. At its worst, mining for cryptocurrencies can damage your device, making it run at full speed all the time, so be careful. It’s energy intensive too, so your electricity bill could go up.

Second of all, and this is probably most important, you don’t see any of the money. They use your resources and then take the proceeds, sticking you with the extra energy bills.

And finally, it’s worse remembering that this time around it was crypto miners; next time, it could be something worse. It gives website owners a wake up call.

How do I stop cryptocurrency miners from running on my machine?

You can install antivirus software, or anti malware programmes. They will typically pick up any attempts to run software like this on your machine without your knowledge. Adblockers will do it too.

Also, once you close the tab with the website running Coinhive, that’s it; it shuts down.