Cryptocurrency mining program Coinhive sparks controversy

Coinhive, a Javascript application that uses website visitors’ computing power to mine cryptocurrency, launched on September 14. Since, the program has generated controversy, as website owners and hackers alike insert it into a number of high-profile websites.

Coinhive markets itself as a legitimate way for websites to make money, but does not endorse the use of the script without user consent.

On September 16, The Pirate Bay, a popular torrent-downloading website, began using the program to mine Monero, a cryptocurrency similar to Bitcoin. Visitors to the site noticed spikes in their CPU usage and complained.

Later that day, The Pirate Bay issued a statement explaining that it was testing the program as an alternative to advertisements on the site.

“This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running,” reads the statement.

Though all content on The Pirate Bay is free, the site needs to generate revenue to cover operating costs. Many of the ads that run on Pirate Bay are unseemly and/or contain malware.

The Pirate Bay’s statement says Coinhive “can be blocked by a normal ad-blocker”—AdBlock Plus and AdGuard now combat Coinhive, BleepingComputer notes. A typo in the embedded code originally caused the program to use more of visitors’ processing power than intended.

The Pirate Bay invited users to comment as to whether they would prefer advertisements or mining programs like Coinhive.

The majority of users who responded accepted mining as a viable way for the site to generate revenue, but many took issue with the site’s failure to inform users of the change.

“I think this is an interesting idea,” one user responded. “Keeping users informed is essential though. Giving registered users possibility of choosing between ads and mining might be also viable (though most of them probably block ads). Having more options how to contribute is a great idea! I will gladly contribute by providing part of my CPU when visiting TPB (as opposed to ads, I don’t like these especially due to privacy concerns).”

Other respondents acknowledged that those who downloaded free content had to pay in some way or another.

The Pirate Bay has removed the mining program from its site and has yet to say whether it plans to employ Coinhive in the future.

BleepingComputer reported Monday that it had detected the program in websites run by Showtime, a media company owned by CBS. Showtime’s main site, showtime.com, as well as its streaming domain, showtimeanytime.com, contained the Coinhive script.

It is not known whether a hacker implemented the script on the Showtime sites, or whether the company itself was testing the program. But BleepingComputer notes that the script had been set to “remain dormant” for 97 percent of the time. A hacker, that publication points out, would likely set the script to run far more often, so as to co-opt much processing power as possible before his scam was discovered.

Showtime declined to comment on the matter. The script disappeared from the sites early Monday afternoon.

Using victims’ CPU processing power to mine for cryptocurrency has long been a common practice amongst malware designers, but prior to the inception of programs like Coinhive, hackers had to download an application onto a victim’s hard drive in order to use his computer. Now, hackers can seize the processing power of any user running a Javascript-enabled browser (most browsers enable Javascript by default).

Malware developers have already embraced Coinhive. One embedded it in a Google Chrome extension, so that it ran in the background of the browser. Others have breached WordPress and Magneto sites and inserted the code there.

Some have registered commonly mistyped URLs, such as “twitter.com.com,” as domains, and run Coinhive on those sites. The program only runs until the user realizes he has input the wrong URL and leaves the page, but with enough traffic and enough domains, the engineers of the scam could generate a considerable profit.

EITest, one of the world’s most prominent malware operations, has also employed Coinhive for nefarious purposes.

Coinhive is not the first program of its kind. In 2013, Vice reports, MIT researchers developed a similar script called TidBit. But a court order shut the project down, ruling that using a person’s CPU processing power without his consent was unlawful.

Featured image via Wikimedia Commons

ASUS Developing Cryptocurrency Mining Graphics Card

With most graphics cards designed to cater to PC gamers and artificial intelligence programmers, graphics card designer ASUS is innovating a new use for graphics cards: mining cryptocurrency. Mining digital currencies including Bitcoin requires a lot of computing power, meaning that powerful graphics cards are beneficial for miners. Seeing an opportunity in a niche market, ASUS hopes to capitalize on providing currency miners with the highest powered and affordable costing graphics card.

ASUS is planning to sell a version of its AMD- and Nvidia- based cards designed to cater specifically to the needs of cryptocurrency miners. While no pricing or availability information has been provided yet, the Asus Mining P106 and the Asus Mining RX 470 have shown up on the company’s website this week. While no cost has been given, ASUS strives to provide a low-cost but relatively powerful graphics card to be used in computers serving as clearinghouses for transactions.

ASUS has designed their cards to be durable, allowing for 24/7 uninterrupted coin production operations. The RX 470 has an AMD Radeon RX470 and 4GB of dedicated RAM, meaning that it will not be powerful enough to maximize graphics settings when playing a game at 4K resolution. Instead, the card is better designed to suit currency miners, with a combination of price and power that should remain appealing. The Nvidia-powered P106 increases dedicated RAM to 6GB, though most other specs match the RX 470.

NVIDIA and AMD are the major players in the GPU market, making dedicated chips capable of the graphics and parallel processing power needed for high-end gaming and mining amongst other capabilities. The main reason for why other graphics cards designers have not yet developed a similar graphics cards is due to how multiple GPUs can be connected to a single motherboard, which is the ideal situation for a currency miner. ASUS is a third party vendor that uses chips from Nvidia and AMD and mounts them on custom PCBs to be marketed as high-end graphics cards.

This new direction allows graphics card designers to explore a new market, creating cards that remain low-costing and incrementally increasing the power capabilities, instead of the usual goal of providing the most powerful graphics card for a competitive price.

Currency miners typically make a small amount of money by serving as a verification service for transactions using digital currency. Each day, miners record transactions to a ledger and receive the equivalent bitcoins for each block they record. While it was once possible for individual miners to make large sums of money, with the discovery of new currencies becoming more and more difficult, the sums of money miners make has also reduced. Hence why price is an important consideration, and a moderately priced but powerful GPU could attract miners who realize the long projected time frame required for them to break even on their hardware investments.

With the resurgence of cryptocurrency mining markets comes a demand for graphics cards designed to meet the demands of currency mining, Asus, AMD, and Nvidia’s development of qualifying graphics cards capitalize on a rising market that can be expected to bring them great returns on their investment.

It will be interesting to see how the market for graphics cards designed for currency markets develop, considering the potentially limited scope once the required processing power combined with the cheapest cost has been achieved. Furthermore, it will it be interesting to see how a supply cater to currency miners may affect the currency mining market, and whether there will be an increase in individual miners.

Featured Image via Flickr/Sean MacEntee