opinion

CoinHive: Advertising Alternative or Exploit

CoinHive: Advertising Alternative or Exploit

About two months ago I read about CoinHive and it sounded interesting. CoinHive provides software that will execute a mining program for the Monero crypocurrency.

It allows you to use the CPU resources of your computer to mine for this crypocurrency, just like how people have been operating Bitcoin rigs for years. The company also provides a handy “ReCAPTCHA”-style anti-hitbot script.

This solution has a long way to go before it could even come close to replacing advertising revenue for publishers.

At the time of this writing, one Monero was worth $100.60.

The controversy is that people are not using their own computers to execute this script, and it’s not their own personal CPU resources being utilized.

You see, CoinHive provides this script to be placed on your website. If it were a script that operated on your hosting server, that may pose an issue on a shared hosting environment, causing some problems for your hosting company. But that’s also not what is going on.

The controversy is that as a piece of JavaScript, CoinHive executes on the website visitor’s computer (client-side). This directly taps into the CPU of anyone visiting that website and thereby spikes CPU usage and reduces computer performance.

Ultimately this can result in a bad website experience as well.

In early November, Ultimate Fighting Championship’s website was accused of running the cryptominer. Similarly, a small handful of top-ranking websites were using the script and have been exposed for exploitation of visitors who had not been informed.

It was only a matter of time until someone would attempt to get this past our anti-malware detections here at JuicyAds.

When the domain ZettaStomp.com registered to someone in Mexico alerted us that it was running the CoinHive script, I decided it was time to find out if it really does cause a poor surfing experience and if it was truly a threat.

The ZettaStomp.com landing page, comprised of just an iTunes button (and the CoinHive code) did not set off any alerts in Avast antivirus or any firewalls. In fact, there was really no indication it was running at all on our test PC, running an Intel i5-6400 Quad-Core CPU.

The CPU load immediately shot upwards and processed consistently around 80 percent of maximum load. I found no significant impact at all in using the computer, so I got more aggressive. I started surfing the Internet, played some MP3s, and then fired up multiple YouTube videos.

The test PC started to lag and CPU usage bumped up over 90 percent, but nothing terribly annoying. It did not seem to have any issue whatsoever handling the “exploitation” of its CPU by the CoinHive Javascript.

When I ran the miner from CoinHive.com directly, it showed that with my machine mostly idle, it would process approximately 26-30 hashes per second with my CPU pegged at 90-100 percent.

When I started running more applications the hash rate dropped, bumping up the threads only lagged the computer until it was unresponsive. This coming in the age of ad blockers, which have disrupted decades of the advertising-supported internet. These users are obliviously running around the internet advertising-free and not paying for anything (but still consuming resources).

They will ultimately be responsible for the end of free internet, surely to be replaced by subscription-based monetization models. This is running free website publishers into a corner where things like CoinHive become attractive, and it represents what may very well be a solution to the problem of the “free Internet” by providing a pseudo “free pay-to-play” model.

Direct consumers could provide their CPU resources for an amount of time that equally correlates with the amount of resources or costs to use the website, and would allow the publisher to profit from each user, but it’s just not that simple.

Ironically, the response from ad-blocking companies has been to block CoinHive script, choking this source of potential cash for publishers from the growing group of freeloading leechers. Likewise, this is not something you will find on an advertising network like JuicyAds.

Even though our Test PC did not flag using Avast, our anti-malware detection alerted us immediately. JuicyAds has a history of helping to criminally prosecute illegal malware distribution, and similarly in this case, the campaign was immediately disabled and advertiser sent packing.

As you can imagine, the anti-virus and anti-malware companies has similarly labelled CoinHive as a threat. According to TheRegister.co.uk, Malwarebytes alone has received over 130 million requests from users to block CoinHive, but even the director of Malwarebytes Labs provided a moderate statement regarding the technology:

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea. The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Coin Hive’s response appeared equally genuine and understanding regarding the ban-hammer coming down on them, reportedly saying, “We can’t blame them.”

In fact, CoinHive has already announced the alternative “AuthedMine” which requires implicit user consent for the coin miner to operate. Their website requests the support of ad-blocking and antivirus companies to allow the software to operate uninhibited. When I tested this solution, the CPU usage increased to approximately 40 percent.

Even if we assume that it’s both ethical and moral to basically hijack someone’s CPU for profit without their knowledge or consent, is it legal? I had no idea, so I enlisted the help of Corey Silverstein from Silverstein Legal to answer that:

“Mining cryptocurrency isn’t per se illegal. Things to consider here in terms of legal issues will involve the terms of service and privacy policy on the website where the mining operations are taking place. ‘Browser wrapped’ agreements (where the terms are just at the bottom of the page) have been deemed unbinding by different courts, because the user does not know they are there or what they include. Websites should be implementing a methodology for its users to agree to their legal documents via a check-box or some other type of e-signature,” Silverstein said.

“This practice could ultimately be something the FTC may look at; the FTC is no stranger to utilizing its powers to go after those who engage in fraudulent or deceptive trade practices and this type of hijacking could fit right into the FTC’s jurisdiction. Additionally, failure to inform website visitors or get consent to use their computing resources could start a chain of individual or class action lawsuits. Regardless, of when and how these type of website operators get in legal trouble, the idea of utilizing someone’s CPU resources without warning or consent is a recipe for disaster and eventually there will be consequences.”

According to an article from Pixalate, nearly 62 percent of the websites it found running CoinHive did not have a posted Terms and Conditions at all, and even more did not have a Privacy Policy (although, its unclear whether privacy is a relevant issue here).

So all of the legality aside, is the juice worth the squeeze? Probably not.

Simply running the miner on your computer with an average 30 per second hashrate, for a total of 10 hours per day, with the CoinHive miner would earn you approximately $0.49 per month. That isn’t even worth the amount of power the computer uses while its operating.

If you set up the miner on your website and say you had 1 million visitors per month to your website, with a 30-per-second hash rate, an average time on website of five minutes, with the CoinHive miner that pays out0.00015 Monero (XMR) per million hashes, you would expect to earn (drumroll) 1.35 Monero, or approximately $135 per month.

But what if Monero was worth as much as Bitcoin, surging recently to $10,000? Then it would make sense, right? Yes and no. While its true this math is a whole lot more attractive at $10,000 rather than the $100 current value of Monero, crypocurrencies work in a closed system with a finite amount of coin. This controls the value by how much of it is in circulation, and how much is available to be mined. The problem is strictly mathematics.

As the popularity of Monero grows and more and more websites mine the cryptocurrency, the number of available coins (and payments to the miners or publishers) will drop over time. Therefore, the cryptocurrency advertising solution for publishers has a limited lifespan built in, and over time will yield less and less revenue for the same amount of CPU work. That does not take into account any change in trading price of the Monero (speculators cause bubbles, and bubbles always burst). Things rarely (if ever) go up indefinitely.

After over a month of testing, my account is up to a whopping 0.00349 Monero, or $0.35.

CoinHive has suggested this technology is meant to replace advertising but with the rampant abuse, the auto-mining solution blocked by the same ad blocker and an opt-in model likely to produce significantly less revenue, this solution has a long way to go before it could even come close to replacing advertising revenue for publishers.

Juicy Jay is CEO and founder of JuicyAds. Readers can follow Jay on Twitter, @juicyads, visit JuicyAds.com, or like on Facebook.com/juicyads.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More