By Guest Author
On December 2nd, Noah Dinkin observed an unusual activity with his wifi connection in a Buenos Aires Starbucks coffee shop. As per his tweet to Starbucks, he experienced a 10-seconds delay before he obtained a connection at the coffee shop. Upon closer inspection, he found (what he thought) was a bitcoin miner code, injected into his laptop without his consent. After more than a week, on December 11th, Starbucks acknowledged and confirmed that the issue has been fixed after working with their service provider responsible for the internet connection. Starbucks further clarified that the Wi-Fi is not owned or controlled by them, the onus of fixing the issue was on the service provider, and the issue was localized.
The miner code was not for bitcoin, it was for Monero, another cryptocurrency competing with bitcoin. Aside from that trivia, Noah has voiced a concern now shared by many. Injecting resource-intensive cryptocurrency miner into the computer of unsuspecting user is now very frequent.
As cryptocurrency gains more momentum, hackers are finding their way to mine cryptocurrency in variety of ways. This unsavoury incident experienced by Noah has prompted a great observation from him, however not all users are tech savvy enough to identify such issues. The malicious intruder unknowingly infected the user machine using the Starbucks wifi without user consent.
The term “Miner” is interchangeably used, to refer to software and hardware resources, as well as their users, engaged in the process of “Mining” or “Minting” cryptocurrency. Cryptocurrency mining is essentially a very heavy number crunching operation, done at very high speed, to create new cryptocurrency coin. In return, the person doing the mining work gets a small fraction of the currency. The software is very resource intensive, hence, the hardware also needs to be very powerful. Also, by the very nature of the cryptocurrency mining, the early-adopters are rewarded more, because when they entered, the field was still a niche. The early miners of bitcoin, for example, made money. As time wears on, the competition is intense, and returns are diminishing. Efficiency is of prime importance in cryptocurrency mining. When you take into factor the cap of maximum permissible number of coins, for e.g. 21 million for bitcoin, you have an outlook of further diminishing return even when compared with the current state of low ROI. The low return for cryptocurrency miners is now a settled fact, notwithstanding the skyrocketing value of some cryptocurrency, for e.g. bitcoin recently scaling US $ 16,000 mark in December 2017.
Given the economics, it is unsurprising that some people with questionable ethics want to grab computing resources owned by others, even if without their consent, to mine cryptocurrency. After all, they can then run multiple instances of heavy-duty number crunching operations simultaneously, and not depend entirely on their own computer. The miner code is very resource-intensive, slows down the computer very significantly, and can even damage the hardware. For unsuspecting users then, having such code in their system is irritating in the least, and potentially very costly. There have been numerous reports of cryptocurrency miners being injected through online games and websites.
People and companies in the larger internet ecosystem are responding to this unethical practice of surreptitious cryptocurrency mining. Epic Games is suing a player who distributed bitcoin mining code to unsuspecting users playing the popular online game Fortnite. Google is looking at ways of stopping in-browser cryptocurrency miners.
CoinHive, the service responsible for the miner code injected into Noah’s laptop in Buenos Aires Starbucks, distributes miner code that one can deploy on his or her website using JavaScript. The unfortunate website visitors will have the miner code running on their systems, unknowingly. Good news is that Malwarebytes has now blocked this service.