2 min read

The Evolution of Cryptojacking: From Coinhive to a Cybersecurity Plague


December 29, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
The Evolution of Cryptojacking: From Coinhive to a Cybersecurity Plague

The Rise of Coinhive

Coinhive marked a pivotal moment in the history of cryptojacking. Introduced in September 2017, it was initially presented as a legitimate tool for website owners to monetize their sites.

Instead of relying on ads, webmasters could integrate the Coinhive script, which would use a fraction of the visitor's CPU power to mine Monero cryptocurrency. This approach seemed like a win-win: users would enjoy ad-free browsing, while website owners earned revenue.

However, the seemingly benign nature of Coinhive quickly took a darker turn. Its ease of use and profitability didn't escape the notice of cybercriminals. They saw an opportunity to exploit this technology by embedding the Coinhive script into websites without the knowledge of site owners or visitors.

Thus began the era of cryptojacking, where countless devices were co-opted into mining cryptocurrency, unbeknownst to their users.

The Proliferation of Unauthorized Mining

As Coinhive’s effectiveness became apparent, copycat scripts and methods proliferated. Cybercriminals began embedding these scripts not just in compromised websites but also in popular browser extensions and online ads.

They grew more sophisticated, with scripts designed to throttle CPU usage to avoid detection and stay active on the user's device longer.

The most alarming evolution was the shift from targeting individual consumers to larger-scale operations. Threat actors started infiltrating business networks, cloud infrastructures, and even critical servers.

The impact was far-reaching, from slowing down corporate systems to significant financial costs due to increased power usage and disrupted operations.

Innovations in Evasion Techniques

As awareness of cryptojacking grew, so did efforts to detect and prevent it. In response, cybercriminals refined their methods even further.

Perpetrators began employing fileless mining techniques, where the mining script resides in the memory rather than on the hard drive, making it harder to detect. They also started to rely on obfuscation techniques to conceal the malicious nature of their scripts and evade antivirus software.

Another notable evolution was so-called 'drive-by mining,' where users visiting a website would unknowingly mine cryptocurrency as long as the site was open in their browser. This approach required no code stored on the user's computer, making it even more insidious.

Decline of Coinhive and the Legacy of Cryptojacking

Coinhive ceased operations in March 2019, primarily due to the declining profitability of Monero mining and the negative reputation it garnered.

However, the legacy of Coinhive lives on; the very concept it birthed opened a Pandora's box in cybercrime, paving the way for a myriad of cryptojacking attacks that continue to evolve and plague the digital world.


The story of Coinhive and the subsequent rise of cryptojacking is a testament to the ingenuity and adaptability of cybercriminals.

It serves as a cautionary tale about the unintended consequences of technological innovations and the continuous arms race between cybercriminals and cybersecurity professionals.

As we move forward, the lessons learned from this saga remain crucial in the ongoing battle against digital threats in the ever-changing cybersecurity landscape.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like