Reading Time: ~2 min.
In late February, the notorious cryptojacking script engine called Coinhive abruptly announced the impending end to its service. The stated reason: it was no longer economically viable to run.
I honestly did not see this happening, but I do understand. It is
reasonable to think that Coinhive didn’t intend for their creation to be abused
by criminals. However, they have still kept 30 percent of ALL the earnings
generated by their script, one that was often found running illegally on hijacked
sites. Most of that profit came from illicit mining, which has earned Coinhive a
lot of negative press.
Additionally, 2018 was a terrible year in terms of the US-dollar value
of Monero (XMR), which means their service is significantly less profitable now,
relative to what it once was. Combined with the fact that the XMR development
team hard-forked the coin and changed the difficulty of the hashrate, this
means Coinhive is making very little money from legitimate miners.
Coinhive created this service so legitimate domain owners could host their script and generate enough revenue to replace ads. Ads are annoying and I believe this innovation was aimed at attempting to fix that problem. But the ultimate result was a bunch of criminals breaking into other people’s domains and injecting them with Coinhive scripts that essentially stole from visitors to that domain. Without consent, millions of victims’ computers were subject to maximum hardware stress for extended periods of time, all so some criminals could make a few pennies worth of cryptocurrency per computer.
Would you continue to operate a startup business in which most of the money you earned was a cut of criminal activity—stealing from victims in the form of an increased power bill? Maybe a year ago, when the hashing difficulty was easier (you earned more XMR) and XMR was worth 10 times what it’s worth now, it might have been easier to “sleep at night” but now it probably just isn’t worth it.
Even before this news, there were plenty of other copy cats—Cryptoloot, JSEcoin, Deepminer, and others—so criminals have plenty of similar services to choose from. At the time of its shutdown, Coinhive had about around 60% share of all cryptojacking campaigns, though we saw this market dominance reach as high as 80% last year. I anticipate these other services stand to take larger shares of cryptojacking revenue now that the largest player has left. We might even see a new competitor service emerge to challenge for cryptojacking dominance.
Stay tuned to the Webroot blog for future developments in cryptojacking.