Coinhive breached due to old, reused password [source: helpnetsecurity]
by CIRT Team
Coinhive has suffered another setback: their DNS records have been surreptitiously changed by attackers, allowing them to steal cryptocurrency mined via the project’s script.
What is Coinhive?
The script uses the visitors’ computers’ CPU power to mine cryptocurrency, ideally with the visitors’ knowledge and consent. Coinhive keeps around 30% of the value of the mined Monero, and delivers the rest to the owners of the sites that sport the mining script.
The project encountered problems almost as soon as it was started, as many of those site owners began using the script without revealing the scheme to their visitors. This led to the initial script being blocked by many ad blockers.
Soon after, attackers began compromising other people’s and organizations’ websites and equip them with the mining script, while pocketing the proceeds themselves.
The latest incident
Coinhive announced on Tuesday that their account for Cloudflare (their DNS provider) has been accessed by an attacker, and that the DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.
For more, click here.