The Pirate Bay made headlines earlier this year when they were discovered to have implemented a silent mining scripts which used users’ resources to mine cryptocurrencies for their profit. Since this incident, more and more websites have been looking towards cryptocurrency mining as an alternative means to generate funds as opposed to advertising.
Since then, the administrators of The Pirate Bay admitted that the mining script was purely experimental. However, it did encourage a slew of websites to execute covert mining scripts. While the majority of websites who have taken these measures host mostly questionable content, several reputable sites have also started implementing the mining code.
The latest website to be joining the ranks of those implementing Monero mining scripts is the sports platform Ultimate Fighting Championship’s (UFC) video streaming service, Fight Pass. UFC is a well-known, and popular sports platform with a focus on mixed martial arts.
The video streaming service was quickly ousted by the platform’s fans and followers via social media. In addition to venting their disdain for the move, which did not notify the user, or asks for consent, users also contacted the UFC to state their complaints. What users found particularly troubling was that the mining script was implemented on a service which already required a subscription fee from its users.
Users retaliated by sharing screenshots via social media which made it clear that a mining script was active, although for a limited time. Since its discovery, the mining code has been removed, which caused many to speculate that the Fight Pass service must have been hacked. Since UFC already makes enough profit from the subscription service, it seems implausible that the company would have to resort to implanting a relatively unprofitable mining script.
Coinhive has also joined the conversation and confirmed that since the shared screenshots did not include the site key, they were unable to give estimates of how much Monero had been mine at UFC users’ expense. Also, Coinhive stated that considering the circumstances of the event, it is likely that the party responsible for the mining code did not reap any noteworthy profits, and that it was possible that only a small number of users were affected.
Coinhive administrators also added that the firm employs a strict policy when it comes to users looking to exploit compromised sites with mining scripts. In such an event, Coinhive immediately terminates the user’s account. The company stated that they are currently creating a mining script which will notify users and ask for consent before the script is used on their devices.