On 27 September 2017, it came to light that popular Kenyan entertainment blog, Nairobi Wire was using their visitor’s computers to mine cryptocurrency via Coin-Hive. Coin-Hive is a service that allows one to input JavaScript code within a website code and mine Monero coins through a visitor’s computer.
It is not the first time that a popular website has been caught in such an act. Around 10 days ago, Pirate Bay was caught injecting the same JavaScript code into their website to mine cryptocurrency through their visitors. Immediately after the news broke, Pirate Bay released a statement saying that it was only a test and that they were looking at it as a way to generate revenue and get rid of ads from the website.
On the same day, September 18, Memeburn, a website that focuses on everything digital in the emerging markets, was caught up in the same fiasco. Memeburn went ahead to take down their website and released a statement via their Facebook page claiming that they “found that a mining tool dubbed Coin Hive was using the website to mine cryptocurrency”, alleging that they did not know about it.
Just the other day, September 25, CBS’ ShowTime website was caught doing the same thing. ShowTime is a video on demand service and despite charging users to access such content. The working theory is that ShowTime must have been hacked, although the company refused to issue a comment on the same when they were contacted by The Register.
Since the discovery of the Coin-Hive code on Nairobi Wire’s website, more users have come out to verify these claims, with some giving a testimony that they have been experiencing the “issue” as far as three days prior to the discovery. At the time of publishing, it seems that Nairobi Wire had already removed the code in question from their website, however, this was not before some users had taken screenshots of the code:
The big issue here is that none of the websites mentioned above, including Nairobi Wire, requested for the user’s permission to use their CPU power to mine cryptocurrency. If requested, I am sure there is quite a good number of people who would give up a small percentage of their CPU power to get an ad-free experience on a website.
We have reached out to Nairobi Wire for a comment, when they finally respond, we will let you know what they say.
UPDATE 1: Business Daily Africa as well?
We have also been informed that Business Daily Africa was also a culprit of mining cryptocurrency via Coin-Hive, through the Techweez Forums. However, our inspection reveals that the code has already been removed from the website but thanks to the power of the internet, here’s a screenshot of the code on Business Daily Africa:
UPDATE 2: Nairobi Wire Responds
Nairobi Wire finally responded to us via Twitter. Here’s the full statement:
In response to your story, we had already stated on Wednesday that the script was unauthorized. We pulled it down immediately we learned of it. i.e. Tuesday night. We have confirmed that no other mining script is currently running. Between Tuesday and Thursday last week, we had outsourced some maintenance work to an outside developer. It has been our tradition to outsource a big chunk of our design/maintenance work. This means giving outsiders -sometimes foreigners access. We have thus concluded that the said script was installed sometime last week, by our external developer. Nairobi Wire never benefited in any way, and we have now cut links with that particular developer. Out policy of NOT having non-obstructive ads, like pop-up/under remains. This is designed to provide a smooth experience throughout. The mining script falls under ‘obstructive’ ads since it greatly slows down computers and/or can even be damaging to the CPU. We have no plans to use mining scripts now or in the future. If that changes, our readers will be informed and given an option to opt out.