There has been much in the news lately about cryptomining hacks – that is, a small program being launched that leeches the power of your own CPU in order to mine cryptocurrency for another company – usually the company that installed the program onto your computer in the first place.
PirateBay
In recent weeks, well-known torrent search engine PirateBay began to run a cryptomining program through its website, meaning that for as long as you kept a window open with PirateBay running in it, the program would be quietly using a bit of your computer’s processing power to mine cryptocurrency for PirateBay.
How
Cryptomining code is embedded into the website code of a particular website. When you visit the site, you may be asked to allow the site use of your CPU… then again, you might not. Either way, the result is likely the same – a string of code being run through your browser in order to harvest some of the processing power of your CPU to help mine cryptocoins. Cryptocurrency needs a lot of power as it runs complex hashing algorithms in order to locate a unique string of number and letters, and you can get a handsome reward if you crack that particular code. Of course, the processing weight required to find that unique string costs more than the reward for discovering it (in terms of the cost to run the laptop or PC doing the processing in the first place), which is where cryptomining comes in. A single computer might spend more than it makes in trying to find one of those elusive strings, but a small piece of code can syphon a bit of CPU power off a million different computers, increasing the chance exponentially. Moreover, the person installing the code isn’t paying the electric bill for all those millions of users, so they get all the reward for none of the effort.
Why
When questioned, PirateBay admitted to implementing code from CoinHive in its website footer, which enabled the site to steal the CPU power of visitors in order to cryptomine. The reason they gave was that it was a way to remove the need for advertising on the website.
How to stop it
At the moment, there are three ways to prevent your CPU power from being stolen and used to mine cryptocurrency on someone else’s behalf.
1. Disable JavaScript
The script that PirateBay employed to absorb your CPU power is run through JavaScript, so turning off JavaScript in your browser of choice will solve the problem. It might be considered a bit of a sledgehammer-to-crack-a-walnut solution, since it also means that you will not be able to use Java-based features on other websites or programs, but it is certainly effective.
2. Use ad-blocking software
As cryptomining takes off, the developers of advert blocking software are being quick to respond. Since the process used to mine your CPU power is fundamentally the same as that used to generate unwanted adverts during your browsing experience, it is a simple task for the companies to react to these changes as and when they occur. AdBlock has already developed a list of instructions to block CoinHive in particular. This solution is useful, as it doesn’t matter what browser you use, as long as it recognises your ad-blocking software.
3. Use No-Coin
For Chrome users, this is the best solution. A Chrome plug-in, it was put together by Rafael Keramidas specifically to deal with the CoinHive, so may not have the versatility or robustness of the other options, but it works well preventing this particular method of mining. With sufficient support and interest, it seems likely that Keramidas would expand the concept to block other cryptomining code in the future.
