Other than income from clicking ads, some porn site operators in China have found new ways for their wallets. Recently, a report from Tencent exposed that many websites in China have embedded JavaScript to mine crytpocurrency, or XMR to be more specific. Coinhive service is employed without notifying visitors.

Once visitors access websites that are embedded with mining scripts, they will need to wait a while for loading the pages, little do they know that the auto execution of JavaScripts miner are consuming large portion of CPU usage for mining Monero, or XMR featuring anonymous transaction. Such websites are usually porn site, internet literature, webpage online game etc. As the slow loading of pages could be interpreted as bandwidth or connection problem, it’s difficult for users to detect the mining script, which helps the spread of such behavior.

Analysis of mining behavior is conducted through a porn site:

1. Loading of front page of a porn site takes a while



2. Task manager reveals that the CPU usage is up instantly and always at 100% working load once the site is loaded



3. JS miner is spotted in its source code



4. The JS miner is the service provided by Coinhive, which adopts cryptonight algorithm for mining Monero. Coinhive will adjust XMR payout in real-time every few hours. At press time, the payout was 0.00015579XMR/MH, or 0.0825687RMB/MH. Coinhive will take 30% of the payout and the website claim the other 70%.

Payout is divided among Coinhive and website operators

5. Ironically, Coinhive specifically mentions on its documentation that the service shall not be employed without notifying the users.



“ it’s your responsibility to tell your users what’s going on and to provide stats on mined hashes.”

However, the reality is that the service has already been abused.

6. Another new feature is that the API provided by Coinhive allows website operators to control CPU usage so that it’s even harder to detect the mining operation. The zigzag chart below shows how the CPU usage is manipulated.

So far hundreds of websites have adopted Coinhive JS miner, most of which are porn site.

List of websites that embeds Javascript miner

PV of JS miner spiked in late September and the trending is still upward, which means more victims could be expected.

Previously Pirate Bay, the most popular bittorrent site, has been found using the same script to mine Monero.

Tencent owns the most popular socializing tool in China and has great media influence. The exposure links cryptocurrency with porn sites and may inspire more interest on both subjects.