Coinhive breached due to old, reused password [source: helpnetsecurity]

by CIRT Team

Coinhive has suffered another setback: their DNS records have been surreptitiously changed by attackers, allowing them to steal cryptocurrency mined via the project’s script.

What is Coinhive?

Coinhive is a project that provides Monero-mining JavaScript code to website owners who want to earn money but not bombard visitors with ads.

The script uses the visitors’ computers’ CPU power to mine cryptocurrency, ideally with the visitors’ knowledge and consent. Coinhive keeps around 30% of the value of the mined Monero, and delivers the rest to the owners of the sites that sport the mining script.

The project encountered problems almost as soon as it was started, as many of those site owners began using the script without revealing the scheme to their visitors. This led to the initial script being blocked by many ad blockers.

Soon after, attackers began compromising other people’s and organizations’ websites and equip them with the mining script, while pocketing the proceeds themselves.

The latest incident

Coinhive announced on Tuesday that their account for Cloudflare (their DNS provider) has been accessed by an attacker, and that the DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping