An unknown hacker has hijacked Coinhive’s DNS server and modified the legitimate Coinhive JavaScript in-browser miner with a malicious one that mined Monero currency for the hacker’s wallet.
Many users were frustrated that The Pirate Bay had combined the Javascript-based Monero cryptocurrency miner without their approval. But, it didn’t take long for users to see the possible benefits, with many other sites that have added the miner in the hope of creating extra revenue.
Coinhive said that on Monday night its DNS records maintained at Cloudflare were accessed by an unknown hacker, providing the hacker to redirect user mining traffic to a server they controlled.
Acccording to Coinhive:
“Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.”
The company said that no user account data was leaked and that the website and the database servers were uncompromised.
Coinhive is a web service that started in mid-September and enables website owners to load a JavaScript file on their websites and mine Monero coin using the users’ CPU.