Social media has been abuzz after Sachin Petrucci Thakuri, Security Engineer at ThreatNix, published a post on his Facebook wall that OnlineKhabar was mining Monero, a cryptocurrency similar to Bitcoin, through its website using its readers’ computer resources.
According to ThreatNix, OnlineKhabar had a script on its website that was mining Monero currency. The script was using a mining operation called CPU mining. Cryptocurrency mining requires a processor to perform calculations called hashes. These calculations can be performed by a regular general purpose Central Processing Unit(CPU) of the kind that can be found in any computer. But it requires a huge amount of processing.
Monero is a secure, private and untraceable currency system. It uses a special kind of cryptography to ensure that all of its transactions remain 100% unlinkable and untraceable. To mine Monero, you have to calculate hashes with an algorithm called Cryptonight. This algorithm is a very compute heavy and – while overall pretty slow – is designed to run well on consumer CPUs.
While CPU mining does not harm the user, it can lead the users’ device to slow down or crash completely. If this claim by Thakuri is true, then this is an issue of misuse of blind trust placed by the users on the website. Moreover, Bitcoin mining is illegal in Nepal, and there have been cases of Bitcoin miners being caught in Nepal.
Thakuri posted a picture of the CPU usage while using OnlineKhabar.
Here is the screenshot of the script being used by OnlineKhabar.
The official site of Monero confirms the script.
Here is a link to the archive from the Google web cache at the time of learning: http://archive.is/naeoa.
Thakuri found out about this script while he was using OnlineKhabar in the afternoon yesterday.
He says, “I found out about it yesterday at around 4 pm. But it seems the script of Coinhive was present on their website since 27th of November. I found it when I was browsing one of their news, and suddenly my browser and laptop started to act differently. Then I checked my system resources. My laptop was slow and it was taking forever to load. My laptop started making noises as well, as if it was using a high amount of my resources.”
He further added, “OnlineKhabar kept on loading even after all its contents were delivered. The browser looked like that it was still running some codes in there.”
Thakuri then checked the network section in the browser where he saw the Coinhive script. Thakuri further said that he had been contacted by OnlineKhabar after his first Facebook post that informed people about this mining script. At first, OnlineKhabar told him that there were no such scripts on its website. Then after he posted his proofs online, a technical team member from the portal said that the script indeed being used on their website but they had no knowledge of it.
However, Dharmaraj Bhusal from OnlineKhabar via its official Facebook page has commented on Thakuri’s post denying that the page used such a script. It said that its technical team did not find any problem in the website script and that the script shown in the screenshot has not been used on the website.
OnlineKhabar is the 5th viewed website in Nepal. It reportedly removed the miner from its website after the news spread in the social media. We have reached out to OnlineKhabar for more details on this issue. We are yet to hear from them.
Update: OnlineKhabar has released the following statement.