Will Coinhive’s end lead to the end of browser-based cryptomining and cryptojacking?
Cryptojacking stole the limelight away from ransomware at the end of 2017, becoming a major cyberthreat that continued into 2018. On March 8, 2019 Coinhive, the service that enables websites around the world to use browser CPUs to mine Monero, will shut down. Will Coinhive’s end also end browser-based cryptomining and jacking?
Mining cryptocurrency is a legit business, but to do this on a large scale, strong computing power is required. There are miners who run huge server farms to earn money with Bitcoin mining or mining of other cryptocurrencies. Running these server farms requires a high financial investment both for the infrastructure and electricity. For this reason, web-based cryptomining became popular; it doesn’t require the miner to install extra software and can be injected into websites.
Like most lucrative online activities, cryptomining became an attractive business model for cybercriminals. Cybercriminals began using other people’s computers and browsers to mine cryptocurrencies, without their permission, known as cryptojacking.
In terms of cybersecurity, cryptojacking landed in a bit of a gray zone. While the effects of cryptojacking, especially browser-based cryptojacking which mainly includes slowing down the browser, are bothersome, they aren’t devastating and often users are unaware their browser is mining. Not all browser-based cryptomining is malicious. There is a legitimate use of the cryptocurrency miners where websites give users the option to mine, to in return avoid seeing ads, or in the case of UNICEF to raise money for a charitable cause. We at Avast reached a point, however, where we needed to decide whether or not we should block all browser-based miners to protect our user base from cryptojacking.
We decided to create a set of strict rules, and miners that adhere to the rules and request to be whitelisted are not blocked, but those that do not are blocked by our antivirus. We consider mining on webpages to be ethical when users are explicitly asked permission, before the mining begins, and are educated on the process.
Security companies blocking web-based cryptojacking might be one of many reasons why cryptojacking is on a decline. In their blog post about discontinuing Coinhive, the Coinhive team mentioned the drop in the hash rate after the Monero fork and the crash of the cryptocurrency market, along with the upcoming fork and algorithm update of Monero, which will cause the hashrate to drop.
The number of browser cryptojacking attempts we blocked during Monero’s peak followed the trends in the value of Monero, as can be seen in the charts below. Bitcoin and the cryptocurrency market as a whole had a similar trend line. Coinhive’s decision to discontinue their service may not come as a surprise, given the drop in the value of cryptocurrencies and the fact that the service was often used by bad actors for cryptojacking without asking the users’ permission, resulting in the cryptominer being blocked by security companies.
It’s difficult to predict whether or not browser-based cryptojacking will ever rise again after Coinhive discontinues its service or if another mining service will fill Coinhive’s void. According to Bad Packets Report, Coinhive had a 62% share of website miners in August 2018. Even if another service decides to fill the gap Coinhive will leave, it may not be as successful as Coinhive once was, if it doesn’t allow cybercriminals to mine for their own financial gain.
The steady drop in Monero’s and other crypto currencies’ value might also be forcing cybercriminals to focus their attention on other, more profitable, activities. A possible rise in Monero’s value could cause cybercriminals to mine more again, but they would likely do this using PCs, if they care to make the extra effort.
Ultimately, Coinhive going out of business is a good thing for security, privacy, and transparency. Their business model relied upon taking 30% of all the coins mined on their service, and reportedly 100% of the money from coin that was mined on accounts that had been shut down for abuse. Its flaws were clear. With the value of Monero dropping significantly over the course of 2018, the hard forks and AV on their tail, it was impossible for Coinhive to maintain profit. Pushed by the AV companies, Coinhive has launched a service with explicit opt-in, so that will show us the true size of the legitimate market and if cryptomining can indeed be an alternative to advertising.
Johns Hopkins University cryptographers used publicly available documentation from Apple and Google and discovered that if you have the right tools, Android and iOS encryption may not be as robust as you think.
After a FaceTime bug was uncovered in 2019, Google researchers have discovered the same bug in other group chat apps including Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.