‘Attack Or Business Opportunity?’: Academics Question Ethics Of Coinhive Cryptojacking

A recently released academic report from Concordia University looks into the ethics behind browser-based cryptocurrency mining, focusing on the case of Coinhive.
A recently released academic report from Concordia University looks into the ethics behind browser-based cryptocurrency mining, focusing on the case of Coinhive.

An academic reportA first look at browser-based Cryptojacking”, debating the history and ethical framework of cryptojacking, was released March 7 by researchers from Concordia University. The report focuses on Coinhive, a JavaScript browser miner for Monero, due to its early launch and widespread use.

Published for the IEEE Security & Privacy on the Blockchain workshop at University College London (UCL) by researchers Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark, the report seeks to answer the ethical question of whether cryptojacking should be considered an “attack or business opportunity.”

The researchers write that the world has recently seen a “rejuvenation of browser-based mining.” The practice had initially been replaced by mining with ASIC chips as Bitcoin (BTC) mining became increasingly energy-intensive and thus expensive, but has made a comeback after the emergence of “ASIC-resistant” cryptocurrencies.

Coinhive, which was launched in 2017 to mine for the “ASIC-resistant” altcoin Monero, initially did not require consent before running its mining code, leading it to be used “maliciously”,  and as a result it was added to malware lists.

Using the search engine PublicWWW, the report found that over 30,000 websites currently use the Coinhive script, representing 92% of all websites running JavaScript cryptocurrency mining scripts.

The report considers crypto browser mining initiated by a webmaster that doesn’t ask for user consent as “invisible abuse.”  Showtime exemplified this in September of last year when it was secretly running Coinhive on two of their associated websites. In the aftermath of the discovery, Coinhive promised to ask users for consent before mining with their processing power.

Pic

In response to companies blocking the Coinhive script due to its link to “malicious” use, Coinhive added a service called Authedmine, which requires a user to consent to mining via their browser.

According to the report, ethical problems remain even when a user voluntarily consents to their CPU being used for mining, as the user might not fully understand that to which they are signing. While they might benefit from a lack of ads or higher quality video streaming on the site, they could also be stuck with “higher energy bills, along with accelerated device degradation, slower system performance, and a poor web experience.

Most recently, Coinhive was tied to Telecom Egypt, which was reportedly secretly manipulating Egyptian users’ internet traffic to redirect them to sites with crypto mining scripts.