The RWTH Aachen University has conducted a research study which showed just how much profit the CoinHive crypto miner can generate. The miner makes $250,000 worth of Monero profit every month by using the computing power of unsuspecting internet users.
The research revealed that Monero was the coin mined in 75 percent of all browser-based cryptocurrency mining cases. The CoinHive organization is responsible for most of them.
“Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users,” stated security and investigation reporter Brian Krebs.
CoinHive produces in-browser, JavaScript miner scripts for Monero coins. These scripts can be embedded into a website, and each time a user accesses the website, the script will run the miner from the user’s browser. This will mine XMR by using the resources of the website’s visitors, and the embedder of the code gets the earnings.
CoinHive also has a shortlink version. It redirects you like a regular link, except that it makes some hashes (the number is set by the coder) with your PC before reaching its destination.
The research discovered that CoinHive makes a lot of money. Its browser-mining botnet accounts for 1.18 percent of the whole Monero network. The researchers also estimate that it makes 300 XMR (roughly $24,000) a week.
“If we sum up the block rewards of the actually mined blocks over the observation period of [four] weeks, we find that Coinhive [sic] earned 1,271 XMR. Similar to other cryptocurrencies, Monero’s exchange-rate fluctuates heavily, at time of writing one XMR is worth 200 USD, having peaked at 400 USD at the beginning of the year. Thus, given the current exchange-rate, Coinhive [sic] mines Moneros worth around $250,000 per month […]”
CoinHive keeps for itself 30 percent of the XMR resulted from the mining procedures, which equates to $75,000 a month, or nearly a million dollars a year.
CoinHive’s link database shows that there are almost two million active short links. Most of these links redirect users to video streams or filesharing sites, forcing their computers to mine XMR in the redirecting process. It is also quite alarming that most of the proceeds go to only 10 users.
“Coinhive’s [sic] link forwarding service is dominated by links from only 10 users. They mostly redirect to streaming videos and filesharing sites. We find that most short links can be resolved within minutes, however, some links require millions of hashes to be computed which is infeasible.”
Browser hijacking for crypto mining has started growing ever since market prices started going up in 2017. As more and more threats appear on the internet, users are advised to be extremely careful on what sites they browse, what links they click, and what extensions they install, as they easily could be the next victims of the exploiting mining script.
