Blog » Security Incident - DNS Breach

Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server. This third party server hosted a modified version of the JavaScript file with a hardcoded site key. This essentially let the attacker "steal" hashes from our users.

No account information was leaked. Our web and database servers have not been accessed.

The root cause for this incident was an insecure password for our Cloudflare account that was probably leaked with the Kickstarter data breach back in 2014. We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account.

We're deeply sorry about this severe oversight.

We're looking for ways to reimburse our users for the lost revenue tonight. Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate. Please give us a few hours to roll this out.

posted on October 24, 2017, the Coinhive Team

© 2019 coinhive
Legal Information Documentation