Coinhive to Shut Down, but Will Cryptojacking Die With It?
In late 2017, a new type of malware began spreading across the internet. While cryptocurrency-mining trojans were nothing new — they started popping up in 2012 and 2013, as Bitcoin first gained popularity — this new attack vector mined currency via browser scripts, not a stand-alone application.
The Coinhive team posted a brief blog post to their website, but the entire site appears to be currently offline, despite claims that the service wouldn’t deactivate until March 8. The post reads:
Some of you might have anticipated this, some of you will be surprised. The decision has been made. We will discontinue our service on March 8, 2019. It has been a blast working on this project over the past 18 months, but to be completely honest, it isn’t economically viable anymore.
The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the “crash“ of the crypto currency market with the value of XMR depreciating over 85% within a year. This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.
Thus, mining will not be operable anymore after March 8, 2019. Your dashboards will still be accessible until April 30, 2019 so you will be able to initiate your payouts if your balance is above the minimum payout threshold.
Thank you all for the great time we had together.
Monero has lost most of its value in the past 12 months and currently sits around $49 according to PCMag, compared with a ~$400 valuation 12 months ago. Coinhive initially launched its mining service as a way for websites to generate revenue. There was even some early interest around this idea; given that neither websites nor readers are happy about the state of online advertising. Readers want websites that aren’t buried in ads. Websites want revenue to continue publishing content. The push/pull relationship between the two hasn’t left anyone particularly happy.
But while the idea of mining cryptocurrency on a per-website basis makes a certain appealing sense, the reality is that there was no way for users to practically configure or choose how mining time was allocated, nor keep different sites from slamming their systems with multiple conflicting mining demands. Our own tests showed that even if a single “well-behaved” website could become problematic if you visited on multiple browsers at the same time, as shown below:
Hackers soon discovered they could insert Monero mining scripts into penetrated websites. Less-scrupulous sites started doing the same thing on their own initiative. Instead of serving as an alternative revenue source for legitimate businesses via some sort of agreement with their visitors, Coinhive became known for enabling malicious mining without user consent. Given that the firm took a 30 percent cut of the Monero it mined, it had little reason to crack down on the practices that enriched it.
Coinhive may have shut down, but we’ll have to wait and see if browser-based cryptocurrency mining goes with it. The way these things tend to go, there’ll just be someone else waiting in the wings to pick up the concept and run it in a different direction. Falling cryptocurrency prices may have more to do with a decline in crypto-jacking software than the decline of any single company.