Cryptojacking software Coinhive will be terminated next week

Coinhive, a legitimate Monero mining tool that has been abused by malware authors, will be shut down due to economical unviability

The termination of the hacker preferred virtual miner Coinhive is inevitable - developers announced the shut down on March 8th.

Coinhive developers officially announced^[1] that they will discontinue the crypto miner after March 8, 2019, and shut down dashboards on April 30th. The company said there are several reasons for the service termination, including financial struggles which started due to Monero depreciation:

The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the “crash“ of the crypto currency market with the value of XMR depreciating over 85% within a year. This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.

Coinhive is a legitimate, browser-based, crypto mining tool that offered website developers to monetize on visitor's CPU power instead of serving ads. Of course, such development was always announced to users by reputable sites. In most cases, users even prefer sharing some of their computing power instead of viewing countless ads on the website.

Unfortunately, the tool has been widely abused by cybercriminals – they would often insert Coinhive's mining code^[2] into hacked websites to profit from cryptocurrency that was illegally mined on visitors' machines. Also, some website authors simply inserted the mining code without disclosing the fact that Monero mining is taking place.

Currently, Coinhive is highly associated with malicious cryptojacking activities, and its termination will most likely reduce the illegal coin mining of Monero on various websites.

Coinhive did not actively try to stop malicious actors

The Coinhive service first launched in 2017 and initially thought to be a brilliant alternative to intrusive banner ads that most users hate. Website developers could load a JavaScript file (coinhive.js), and, as soon as the visitor enters the page, the crypto mining of Monero virtual currency begins. Prolonged exposure to the site would grant increased profits to the developers, financing their efforts to keep the site alive and publish more content.

However, the service did not pick up all that well, and instead became a tool for criminal gangs to inject the code into hacked sites unlawfully. Government sites, ad networks, gaming sites, popular sites and even YouTube ads^[3] were affected by the Illegal mining of Monero. The lucrative business paid off not only for bad actors but also for Coinhive developers, as they kept 30% of all profits, even if crypto was mined illegally.

When it came to reports about the abuse, Coinhive developers only responded to those reported by website authors, but not the visitors themselves. The course of action was to invalidate the cryptographic key that was used for illegal activity. However, this did nothing to stop cybercriminals from mining on the site further.

Cybersecurity analysts like Brian Kerbs^[4] were concerned about such behavior and contacted the firm in hopes of stopping the shady practices. Coinhive did indeed make changes to the code, which also prevented the company from profiting from the illegal activity.

Ultimately, Coinhive's popularity among criminals declined. Antivirus engines and ad-blockers started to block the activities of the miner. Additionally, 30% cut seemed way too much for website authors.

Monero's value decline greatly impacted the service closure

Back in 2018, Moneros value reached almost $342 per coin, which currently dropped to something around $50 – that is a decline of 85%. As Coinhive developers mentioned, the decrease in Monero's value was one of the major factors in its closure.

Coinhive was responsible for a lot of cryptojacking activities, so stopping them should reduce the rate of illegal practices. The hopes of researchers are high, however, as they think that cryptojacking is about to die off in the near future:^[5]

There are still a lot of hacked sites with Coinhive code, but I have a feeling these are mostly remnants from past hacks. Most of what I see these days is CoinIMP [a Coinhive competitor] and it's been active again with Drupal hacks recently. But overall, I think the trend is nearing out.