Cloudflare Is Cracking Down on Websites Using Visitor’s CPUs to Mine Monero

Content delivery network and internet domain provider Cloudflare recently banned a torrent website for using a cryptocurrency miner that used visitor’s CPUs to mine Monero (XMR) in an attempt to monetize the platform, making it clear the company is now cracking down on websites who use cryptocurrency miners without giving users a choice.

Cryptocurrency miners are now being used thanks to the code provided by Coinhive, as an alternative to displaying ads or asking for bitcoin donations. The Pirate Bay quietly added the JavaScript code to its main site, which turned out to be a controversial move as some users would appreciate being warned about it.

News about Cloudflare’s crackdown on websites using the miner came to light recently, as the admin of torrent site ProxyBunker told TorrentFreak that the company had removed all its relevant domains due to the use of a hidden Monero miner in its code.

ProxyBunker is a site that links to several domains that offer proxy services for piracy-related websites, such as The Pirate Bay, KickassTorrents, Torrentz2, and more. It initially tested the Monero miner for four days without anything happening, and then officially it on October 1. Two days later, Cloudflare abruptly ended the experiment by deleting the site’s domains.

“Late last night, all our domains got deleted off Cloudflare without warning so I emailed Cloudflare to ask what was going on,” ProxyBunker’s admin explained.

Cloudflare cited possible terms of service violation to ban the domains, without pointing out the actual violation. ProxyBunker’s admin wasn’t happy with the explanation and contacted Cloudflare about the ban. Justin Paine, the head of trust and safety at the CDN provider, replied and explained that, given that users didn’t have a choice, it was considered malware:

“Multiple domains in your account were injecting Coinhive mining code without notifying users. … We consider this to be malware, and as such, the account was suspended, and all domains removed from Cloudflare.”

ProxyBunker’s admin attempted to explain users could opt out but Cloudflare maintained its position until the torrent site’s admin agreed to remove the miner in order to be reinstated. He was, however, warned that if a similar activity is discovered on his account again, it will be permanently blocked.

Other mining schemes using Coinhive’s code have been recently reported. Notably, CBS-owned Showtime websites briefly ran a Monero miner, in what is believed to have been a “malvertising” attack. More recently, hackers managed to make $63,000 in the cryptocurrency by exploiting unpatched Windows servers.