| Honestly I would never ever execute any code from this guy. He is the inventor/founder behind the coinhive crypto mining network. [1] This guy made billions illegally [2], and maintained the biggest ransomware crypto coin network for years, by offering the tools and SDKs to fund dozens of cyber war involved agencies across the planet. [3] I have no idea how he got away with it, because his name keeps appearing in lots of crypto trading companies and trade registries. (Not gonna post them, but you can google his name to find this evidence) He even organized a doxxing campaign against brian krebs at the time called "krebsistscheisse" via his pr0gramm platform [4] [5] [6], to somehow defend the idea that abusing user's computers for personal enrichment is a legit way of making money if you donate some low percentage to cancer research with it?!? Sorry, but I would never trust this guy's code again. You should be careful, and audit any code he writes before you execute it. [1] https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive... [2] 30% fee of monero/XMR went to coinhive: https://coinmarketcap.com/currencies/monero/ [2b] Schuerfstatistik on pr0gramm, where it all started: https://web.archive.org/web/20231005033135/https://pr0gramm.... [2c] Troyhunt analysis after he snatched away the coinhive TLD: https://web.archive.org/web/20240804081830/https://www.troyh... [3] https://www.trendmicro.com/vinfo/us/security/news/cybercrime... [3] https://krebsonsecurity.com/tag/dominic-szablewski/ [4] https://krebsonsecurity.com/2019/03/annual-protest-raises-25... [5] (German) https://www.t-online.de/digital/aktuelles/id_83466874/tausen... [6] https://www.heise.de/news/krebsistscheisse-Spendenwelle-an-K... (Lots of other articles about it, and that dominic szlablewski was the guy behind coinhive, and the original owner of pr0gramm, while still doing development work for the company that owns the imageboard officially nowadays) |
I've been meaning to write a proper post-morten about all that, now that the dust has settled. But in the meantime, just quickly:
- I did not make billions. You're off by quite a few orders of magnitude. After taxes it was well below $500k.
- Nothing I did was illegal; that's how I got away with it.
- Coinhive was not ransomware. It did not encode/hide/steal data. In fact, it did not collect any data. Coinhive was a JavaScript library that you could put on your website to mine Monero.
- I did not operate it for "years". I was responsible for Coinhive for a total of 6 month.
- I did not organize a doxing campaign. There was no doxing of Brian Krebs. I had nothing to do with the response on the image board. They were angry, because Brian Krebs doxed all the wrong people and their response was kindness: donating to cancer research. In German Krebs = cancer, hence the slogan “Krebs ist scheiße” - “cancer is shit”.
- Troy Hunt did not "snatch away" the coinhive domain. I offered it to him.
In conclusion: I was naive. I had the best intentions with Coinhive. I saw it as a privacy preserving alternative for ads.
People in the beta phase (on that image board) loved the idea to leave their browser window open for a few hours to gain access to premium features that you would have to buy otherwise. The miner was implemented on a separate page that clearly explained what's happening. The Coinhive API was expressly written with that purpose: attributing mined hashes to user IDs on your site. HN was very positive about it, too[1]
The whole thing fell apart when website owners put the miner on their page without telling users. And further, when the script kiddies installed it on websites that they did not own. I utterly failed to prevent embedding on hacked websites and educating legitimate website owners on “the right way” to use it.
[1] https://news.ycombinator.com/item?id=15246145