CIP Cyber

The Pirate Bay Exploits Users’ CPU to Mine Superanonymous Cryptocurrency – but Could This Actually Be a Good Thing?

Table of Contents

News broke last week that The Pirate Bay, the tremendously popular torrent site, was caught red-handed using users’ CPU to make profit by mining a cryptocurrency, creating a backlash among users. But many see this as yet another development that signals the many benefits of using cryptocurrencies – and maybe gives us a taste of how what the future will look like in an ad-free Web.

The Pirate Bay Deploys Cryptocurrency Miner that Exploits Users’ CPU

The story first broke on TorrentFreak, which reported on September 16th that a cryptocurrency miner was detected on the popular website – that was also notably among the first to support Bitcoin by adding an option for users to donate via the famous cryptocurrency. A lot of users started noticing that their CPU power decreased dramatically while they were browsing The Pirate Bay – most notably in the category listings and search results – and it was discovered that the site was actually hijacking the visitors’ CPU to mine a cryptocurrency known as Monero.

As was expected many users were not pleased (TPB supermoderator Sid included) and started circulating ways to block the miner, which are quite simple and range from disabling JavaScript to running an adblock. Although file-sharing websites, of which TPB is perhaps the most renowned, are not viewed by most as poster boys for a play-by-the-rules approach to things, there is still a code of honour among thieves that frowns upon exploiting your own visitors. The most crucial aspect of the whole story is that TPB added the miner in secret and this might lead to users being concerned about how secure their browsing experience on TPB is.

Are Superanonymous Cryptocurrencies like Monero Dangerous?

After all, cryptocurrencies are relatively new to the game and are still associated with security risks – and Monero is one of the less transparent representatives out there. While most prominent cryptocurrencies, like Bitcoin and Ethereum, support transparency in their blockchains, meaning that transactions are verifiable and traceable, Monero focuses on privacy and obfuscates both the addresses of the transacting parties and the amount exchanged. Privacy is of course not a bad thing, but according to an article published on Motherboard a year ago, Monero’s super anonymity has led to its association with the dark web’s black market, while it has also been accused of not taking security very seriously.

For example, Motherboard also reported in the same article that Monero was found vulnerable to CSRF or Cross Site Request Forgery, a OWASP Top 10 threat. CSRF is an attack vector that exploits a website’s trust in a user, instead of the opposite, and thus tricks a web browser into executing an unauthorized action in an application where the user is already logged in. This means that the user will be authenticated by the application and makes it impossible to discern a legitimate request from a forged one.


Is TPB Leading the Way to an Ad-Free Web?

In view of the outcry, TPB was quick to address the issue and stated that the miner was a test for a way to generate revenue in order to get rid of annoying ads while keeping the website afloat financially – and as the user comments to the statement demonstrate, the idea did fly surprisingly well among users. It seems that although unfortunate on how it went about it, TPB has opened up a debate on whether this could actually be a viable alternative for people to enjoy ad-free websites.

Could crypto-mining soon spread to other, more mainstream websites? It remains to be seen.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings