Posts Tagged ‘cryptocurrency’

Who And What Is Coinhive?

Saturday, May 5th, 2018

With the value of cryptocurrencies skyrocketing, hackers are continuously seeking means to exploit web services owned by businesses. In this brouhaha, no one is spared. Government-owned websites and cloud service providers like Amazon and even yours could be hijacked by a cryptocurrency miner to mine currencies for free. There are many ways hackers are going about the cryptocurrency gold mine, but coinhive will be the primary focus of this piece.

What is Coinhive?

Coinhive is a JavaScript cryptocurrency miner that has been continuously abused by hackers. Hackers exploit a vulnerability in a website such that every time someone views the site, it anonymously mines cryptocurrency by stealing the processing power of the web visitors. The cryptocurrency miner itself is a legitimate software but has unfortunately been abused by hackers who are looking to earn a living to the detriment of unknown persons.

The JavaScript cryptocurrency mining service depends on a small chunk of computer code, created to be installed on websites. It works by using the power generated from any browser visited, propelling the machine to mine Monero cryptocurrency. The general idea of this software release was a means for Web site owners to make a living without running into intrusive adverts. However, shortly after its official release, Coinhive has been ranked as a top malware threat.

What Happened?

Thousands of websites were hijacked by a cryptocurrency miner, making web visitors a tool to mine digital currencies. It was discovered that Coinhive was at the center of this misdemeanor. Mining cryptocurrencies consume a lot of power; so why absorb so much and pile your bills when you can have numerous people do the work for you? This was the case. The plugin allows websites to anonymously use visitor’s computing power, while they mine for the cryptocurrency. In this case, they mined monero and not bitcoin.

Why Monero, and not bitcoin, the King of cryptocurrencies?

Although bitcoin is the most sought after cryptocurrency, hackers prefer to mine Monero because transactions are virtually untraceable. Monero was created with the same purpose as Bitcoin where transactions occur without a central authority involved. Many people hold a common misconception or belief that bitcoin is an anonymous currency. This is the case. Balances and transactions are connected to the users’ wallet address. As such, operations can be traced to wallet addresses, making it easy to track down hackers or criminals.

It is the contrary case with monero. This cryptocurrency has a more significant anonymity signature. Unlike blockchain wallets, monero wallets are protected by viewkeys. It implies that only the owners have access to their transactions, making it a safer and more discreet option for hackers. There is no way a third-party can intercept transactions between two people.

Hacking Implications

This version of coinhive runs without your knowledge, draining your system’s battery. It works in the background without notifications or permissions from whoever. Aside from wasting your system’s battery, what other implications are there for it? As earlier stated, mining digital currencies consume a lot of power and so can put your system in harm’s way without you detecting the cause of the problem. Some of the implications include:

  • Affecting your machine’s performance, making it run slower than expected. When the fans are kicking, and hardware is working more than usual with the CPU operating more intensively than usual, the machine is bound to fail.
  • Damaging your device. Running at full speed all the time is not ideal for a machine, so you should be careful.
  • Outrageous power consumption, which will make your electricity bill to skyrocket. This, in fact, is the principal reason hackers install these plugins to mine their digital currencies for them.

Worst of all, you don’t get to see the money because the hackers are diverting the currencies. In other words, you are an anonymous making machine for some unknown persons. They use your system and your power and still take the proceeds, leaving you with more bills to pay.

Is there a permanent Solution?

Hackers rely on loopholes in the system to perpetrate mayhem. The reason why government own websites were hacked is that they noticed a vulnerability or inadequacies in the system. A lot of people do not bother to protect their sites from internet fraudsters. It’s a wakeup call for website owners. The easiest way out is to install antivirus software or antimalware programs.

Regardless of how tech-savvy you are, you must ensure your system is equipped with a suitable antivirus software to protect you from hackers. Remember they use the backdoor to install the JavaScript plugin, working in the background, so you don’t notice. An excellent antivirus tool will detect the spyware, notify you with popups so you can proceed to block them from accessing your computer system.

Does Coinhive Benefit from The Hack?

This JavaScript cryptocurrency miner appears to benefit from the hack. It takes a 30% share off whatever amount that is mined using its code. Although It was not intended to be exploited, coinhive automatically takes a percentage every time an amount is mined regardless of whether the site gave its authorization or not.  The code has a unique cryptographic key that indicates the user to receive the other 70%. Little wonder why coinhive has been reportedly slow to act.

What Measures Have Been Taken?

Coinhive accepts complaints reporting abuse from but ignores grievances that do not come hacked websites owners. However, they respond to abuse complaints by nullifying the key tied to the abuse, and this does not issue a lasting solution. Instead, it begins to keep 100% of the digital currency linked to that account. The only person losing out is the hacker and you. According to Mursch, invalidating a key does not automatically disrupt the mining process. The code keeps running in the background and coinhive takes it all, leaving the hacker with nothing. In simpler terms, the problem remains the same- your system is still running at risk, and you still have a pile of electricity bills to pay.

As the case may be, coinhive claims that the organization is working to fix the current situation. It stated in an email that a user cannot delete a site key and that they were currently working on a mechanism to disseminate the invalidation of a key to their WebSocket servers. In response to the criticism, it released a code called “AuthedMine” which will prompt miners to seek authorization from website owners before running the cryptocurrency mining script.

Shadowcash – The new private cryptocurrency

Tuesday, September 6th, 2016


Shadow Project aims to provide a platform for complete privacy. We believe that privacy is a right for everyone, and that everyone should be able to access it easily.

UMBRA is designed to include the largest range of features, from communication to commerce. The platform is based on Shadow network, and use it for its private and untreacable currency. The platform also include an anonymous chat system, based on shadowchat, and later both, chat and currency, will be coupled to add an in-app decentralized market.

UMBRA has been made with a focus and an extreme care about User Experience.

It is designed to make certain actions that many thought too advanced for them as easy to access and use as possible, while still offering the same sophisticated features for the most tech-savy users. A special attention was paid to the setup process, and will soon be able to easily get you set up and connected to Tor or I2P.

UMBRA uses ShadowCash as its underlying currency. It goes beyond other digital currencies to make transactions invisible to the public eye, but still nearly seamless for users, who can conduct their business privately anywhere in the world.

ShadowCash makes use of dual-key stealth address and ring signatures enabling easy and secure transactions. The blockchain is secure by a Proof-of-Stake protocol, users earn an annual 2% income on their SDC holdings when staking.


Public Balance
Pseudo-anonymous balance, this will be your staking balance.
Private Balance
ShadowSend protected balance.

Balance Transfer allows you to send funds between your Public and Private account.

If you are sending from your Public Balance, expect the same level of privacy and anonymity as Bitcoin. However, if you use the Private Balance, you will get the full benefits available to the UMBRA platform.

Our secure messaging operates on a decentralized network, anyone can send and receive messages without revealing a drop of metadata. Most messengers have one flaw in common: it exposes your IP address to centralized servers. In our system every nodes relays every message to their peers removing the IP address from it such the sender or receiver can’t be identified. Extra layers of protection such as Tor and I2P can be applied to hide your presence on the network itself.

UMBRA’s encrypted messaging system, provides a viable alternative by simplifying the process dramatically, while being every bit as secure. The sending or receiving of funds and encrypted messages can all be done from within the UMBRA client. Encryption and decryption of messages is performed seamlessly in the background without any manual user interaction. All you need to get a conversation going is to share an address and its corresponding public key. If the address has been used to send a transaction on the blockchain then the public key is retrieved from it. UMBRA has implemented a P2P Encrypted Instant Messaging system utilising state-of-the-art technology to keep your communications private!

Organize your team conversations in open channels. Make a channel for a project, a topic, a team, or anything—everyone has a transparent view of all that’s going on.

For sensitive information, create private channels and invite a few team members. No one else can see or join your private channels.

Get it here!