In-Browser Mining Script Provider CoinHive Suffers Major DNS Hijack

As most readers are aware, there has been a lot of discussion regarding CoinHive as of late. This particular mining script has made the rounds all over the internet in recent months. Most of the news regarding this platform hasn’t been positive whatsoever. It turns out someone has hijacked the CoinHive DNS to mine cryptocurrency through all the websites which implemented this script.

CoinHive is Hijacked by Unknown Assailant

In a way, it is not entirely surprising to see someone take the time to hack CoinHive’s DNS servers. This on-site cryptocurrency mining script has proven quite popular, although not always for the right reasons. With so many websites implementing this script right now, it is evident there is a growing demand for this particular service. Popularity always comes at a cost, though, as the CoinHive team has found out the hard way.

More specifically, the company is dealing with a massive DNS hijack as we speak. The platform has been breached by an unknown assailant who is using the DNS hijack to mine cryptocurrency on his or her own behalf. This means anyone who is using CoinHive right now may be running a hijacked script and see no earnings whatsoever. That in itself is pretty disturbing, to say the very least.

For now, there isn’t too much information available on who may have hijacked the CoinHive platform. We do know someone got into the company’s CloudFlare account and modified the DNS servers accordingly. This allowed the assailant to replace the legitimate CoinHive code snippet with a malicious version which mines Monero on his or her behalf. While that in itself is highly problematic, things only get worse from there.

It seems the CoinHive Cloudflare breach was facilitated by an old password leak dating back to 2014. There was a major Kickstarter data breach at that time, and the CoinHive team used the same password for its Cloudflare login years later. Moreover, there was no additional account security features set up such as 2FA. Bad security practices cannot be excused whatsoever.

The bigger question is how many websites may be affected by this malicious mining script. It is impossible to tell where things stand in this regard. Considering that thousands of websites use this script, though, the damage could be quite severe. For now, the best and safest course of action is to deliberately block any cryptocurrency mining scripts in one’s browser.

This also highlights the larger downside of relying on such scripts for revenue purposes. More specifically, a lot of these scripts are hosted by centralized entities, which form a point of weakness. It is always better to use a self-created script or simply look for other revenue models altogether. Rest assured this is not the last issue involving CoinHive the world will find out about.