How to block Bitcoin Mining in your browser

Martin Brinkmann
Sep 22, 2017
Updated • Nov 15, 2021
Crypto & Blockchain, Internet
|
30

Investment in crypto-assets is unregulated, may not be suitable for retail investors and the entire amount invested may be lost. It is important to read and understand the risks of this investment, which are explained in detail here.

Bitcoin mining can be profitable, and that is likely the reason why we have seen desktop miners and now also browser miners being pushed on to user devices.

The Piratebay experimented with running a Bitcoin miner instead of ads recently, and created quite the uproar as users started to notice that the new monetization method would yank up CPU usage to 100%.

An update of the Google Chrome extension SafeBrowse integrated a JavaScript miner as well in the extension, and led to the removal of the extension from Google's Chrome Web Store.

Any site you visit in the browser, and any browser extension, may run Bitcoin mining operations. While it seems highly unlikely that popular or user respecting sites or extensions will do that, it seems likely that these first incidents were just the first wave of mining operations to come.

Computer users have a couple of options when it comes to protecting their devices against browser-based Bitcoin mining.

While it is certainly possible to use content blocking extensions to prevent mining scripts to run in first place on sites, these usually won't block extension-based mining.

Probably the best option right now is to block known Bitcoin mining domains. One of the better options to do that is to add these to the hosts file of the operating system so that these domains redirect to localhost.

The effect is that sites and extensions won't be able to contact these domains anymore because of the redirect. Downside is that you need to add new domains and modify existing ones if the need arises manually.

hosts file block bitcoin mining

Windows users need to do the following to add Bitcoin mining domains to the hosts file:

  1. Open Explorer or another file manager on the system, and go to C:\Windows\System32\drivers\etc.
  2. Open the file hosts in a plain text editor, for instance Notepad.
  3. Add the line 0.0.0.0 coin-hive.com to the end of the document. Make sure you press the Tab-key after entering the IP address 0.0.0.0.
  4. Save the document.

What this does is redirect any request to coin-hive.com to the IP address 0.0.0.0 (the local device).

As Ghacks reader Linuxfan mentioned, the line mentioned above blocks only coin-hive.com but not any subdomain such as www.coin-hive.com. So, you may need to add these variants if they are used as well to the hosts file.

Tip: On Linux, you can run sudo nano /etc/hosts, on Mac OS X, sudo nano /private/etc/hosts. Replace nano with whatever editor you favor.

This takes care of Bitcoin mining scripts hosted by coin-hive.com, the service that both the Pirate Bay and the Chrome extension used. Note that this won't take into account self-hosted scripts. You need to add those separately to the hosts file to block them as well.

Another option that you have is to disable JavaScript on these sites. This may not be possible all the time, as sites may require JavaScript for some or all of functionality, but Bitcoin miners based on JavaScript cannot run if JavaScript is disabled.

Check out these resources for additional information on the hosts file:

Now You: Do you use the hosts file to block online resources?

Summary
How to block Bitcoin Mining in your browser
Article Name
How to block Bitcoin Mining in your browser
Description
Find out how to block JavaScript-based Bitcoin mining scripts in web browsers using the hosts file of your operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Moneybags said on November 27, 2018 at 11:12 pm
    Reply

    *sigh* why do people have to ruin it for everyone? I did a similar thing with javascript 5 or 6 years ago to mine bitcoins, but it was OPTIONAL and it wasn’t turned on automatically. Basically visitors could click something to donate some CPU time if they wanted to.

  2. JB said on February 1, 2018 at 7:41 am
    Reply

    Firefox Update installs Miner silently..the fucken cunts

  3. planete42 said on October 12, 2017 at 4:02 am
    Reply

    You can also use the excellent Mineblock : https://mineblock.org

    1. RodgCraven said on February 14, 2018 at 3:03 pm
      Reply

      @planet42 – Tried it & Malwarebytes blocks it when it silently tries to download coinhive…

  4. Anathema said on October 7, 2017 at 7:05 pm
    Reply

    Great article,thanks a lot. Seems lately, many website’s start’s using Monero miners. Some of the sites warn’s when you visit, some not. Lazy people looking for every possible way to make some money behind screens.

  5. 12bytes said on September 28, 2017 at 3:52 pm
    Reply

    upon hearing of THB running the Coin Hive script, i had much the same reaction as most of you here – i saw it as outright malware – but upon further thought and READING the docs on coin-hive.com, including their privacy policy (which is very strong) and goals, i have reached a very different conclusion

    i think JS crypto-mining is potentially a huge game-changer and an excellent way to monetize a site *as long as it’s presented as an opt-IN solution*

    this could be a great way to declutter the interwebs of much of the annoying ads and having to beg for donations and it costs the average visitor essentially nothing as long as you don’t hog their CPU

    the problem right now is that greedy, unethical, self-serving morons are implementing such mining scripts without ever notifying the user – in the case of Coin Hive, they are working to combat this nonsense by making it difficult/impossible for their script to run unless consent is given and i like this ethic

    think of this tech not as malware, but as a SOLUTION to making the web a cleaner place in many ways – think of all the garbage content, besides ads, that is written solely with monetization in mind, tracking links, affiliate links, etc., etc., etc.

    wouldn’t it be great to see a lot of this garbage disappear?

    some quotes from Coin Hive…

    ” Our goal was to offer a viable alternative to intrusive and annoying ads that litter so many websites today. These ads are not only a distraction to end users, but also provide notoriously unpredictable and non-transparent revenue numbers. We set out to change that.
    […]

    We’re a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what’s going on, let alone asking for their permission. We believe there’s so much more potential for our solution, but we have to be respectful to our end users.
    […]

    It’s probably too late to do anything about the adblockers that already prevent our current JavaScript from loading. Instead, we will focus on a new implementation that requires an explicit opt-in from the end user to run. We will verify this opt-in on our servers and will implement it in a way that it can not be circumvented. We will pledge to keep the opt-in in tact at all times, without exceptions.”

    and from their privacy policy…

    “We do not track users. We do not use cookies. We do not use any third party tracking (Google Analytics, Piwik, …).”

    for more, visit coin-hive.com and read their blog, privacy policy, etc.

    i also wrote a brief blog post about this here:
    The Pirate Bay and its cryptocurrency mining script – why this might be the best thing since DOOM
    http://12bytes.org/10227/the-pirate-bay-and-its-cryptocurrency-mining-script-why-this-might-be-the-best-thing-since-doom

  6. scylla said on September 24, 2017 at 6:08 pm
    Reply

    I’m in trouble and would appreciate lay-language advice on digging myself out of it.

    HOW UN-TECHY GHACKS FOLLOWERS CAN STRAY INTO A BOG

    I download webcams with Jaksta and, for one particular type (nest.com), have to use Edge browser as no other browser (FF, Chrome, Opera, IE) will let it download. I need to auto-refresh periodically in order to keep streams going but Edge has no extension for it, so I’ve been using RefreshThing.com to do the job.

    That was OK-ish until a few days ago, when Malwarebytes starting popping up blocking notices one after the other in quick succession, all of them variants of coin-hive.com, and the only way to stop them (trial and error, I have 3 browsers and loads of tabs open) was to close RefreshThing down.

    A comment on Martin’s timely article led me to add this filter to AdBlockPlus in Edge: https://github.com/hoshsadiq/adblock-nocoin-list/ … since when all new tabs became unresponsive, including the AdBlock ‘disable list’, so AdBlock has been uninstalled… and now I can’t reinstall it because MS Store thinks I’m offline and I can’t fix that.

    Inconvenient, to say the least, as well as embarrassing.

  7. AAA said on September 24, 2017 at 8:55 am
    Reply

    Hi Martin,

    A quick question: I see that you’re blocking IPV6 and localhost as well…. any particular reason? My ISP doesn’t provide IPV6, however, the Apple Airport Extreme (5th Gen) gets me into some trouble now and then. :(

    Thanks.
    A

    1. ChoGGi said on October 23, 2017 at 6:38 pm
      Reply
  8. Anonymous said on September 23, 2017 at 1:50 pm
    Reply

    This coin-hive.com website is already included in Steven Black’s hosts file – among other 38 thousand undesirable websites: https://github.com/StevenBlack/hosts/blob/master/readme.md

    Recommended! It blocks all kinds of adware, malware, ad servers, etc.

  9. Sais said on September 23, 2017 at 7:13 am
    Reply

    Kaspersky is detecting and blocking it as malware.

  10. asdf said on September 22, 2017 at 8:24 pm
    Reply

    Just use this filter list with uBlock Origin (or AdBlock Plus)…

    https://github.com/hoshsadiq/adblock-nocoin-list

    1. Coriy said on September 23, 2017 at 6:01 pm
      Reply

      Thank you for the link to the nocoin list. I was able to import it directly from the interweb into Opera’s built in adblocker. And so Opera will check and update it for me.

  11. Dan82 said on September 22, 2017 at 4:23 pm
    Reply

    While rules for content blockers are fine if websites include undesirable third-party scripts, things work differently if that code is included in an extension. No content blocker will be able to affect this, at least once you’re past the point of using a legacy Firefox extension.

    You’re left with doing this on an OS scale and not a browser scale. However, there are no easy built-in tools for this purpose, as both the hosts file and the Windows Firewall do not allow wildcards as you would want to use them. The best you can do is block whole IP subnets in the firewall, but that’s unlikely to be a good solution.

    In the end my suggestion would be to run a local DNS server, which makes blocking this kind of thing child’s play (but also a lot more work to set up and maintain). In case you’re using the default DHCP settings when connected to your local network, you’re often already using a local DNS server courtesy of your router without even knowing it. To get the most out of a local DNS server you will need more than that however, my suggestion would be OpenDNS which uses an “implied wildcard” system, where a blocked entry “domain.net” would work as *.domain.net and thus block both domain.net itself but also any subdomain. Like mentioned, this takes time, experience and opportunity to set up, but a local DNS server can have some minor performance advantages and in this case it would also allow you to block certain domains for the entire local network.

  12. Harushi said on September 22, 2017 at 4:13 pm
    Reply

    I checked uBlock and it blocked thosed url by default. No need to use Adblock Plus

  13. Mike O said on September 22, 2017 at 2:27 pm
    Reply

    NoScript blocks coin-hive.com. However it certainly won’t hurt to add it to the host file.

  14. Anders said on September 22, 2017 at 2:16 pm
    Reply

    Here is another way to do it.
    Add this to your Adblock or uBlock filter.

    ||coin-hive.com^$third-party
    ||jsecoin.com^$third-party
    ||miner.pr0gramm.com^
    ||gus.host/coins.js$script
    ||cnhv.co^

    1. Klaas Vaak said on September 22, 2017 at 3:39 pm
      Reply

      in uBlock, should these be added to the tab My filters or to the tab My rules?

      1. Brian said on September 23, 2017 at 12:14 am
        Reply

        You can subscribe to this list with ublock or adblock.

        https://github.com/hoshsadiq/adblock-nocoin-list/

        Has all the above urls.

      2. Harushi said on September 22, 2017 at 4:39 pm
        Reply

        uBlock blocked them by default. No need to add

  15. Straspey said on September 22, 2017 at 2:02 pm
    Reply

    Martin –

    There was an article posted on BetaNews last night regarding how to add a filter to the Adblock Plus extension in your browser to protect against the Bitcoin hijack as well.

    https://betanews.com/2017/09/21/adblock-plus-block-cryptocurrency-miners/

    I followed the simple instructions and added the filter. I’d be interested to see what you and the ghacks community thinks about this.

  16. melkor- said on September 22, 2017 at 1:22 pm
    Reply

    Martin,
    it’s not a bitcoin miner, but a monero one instead.
    you never mentioned it in the article.

    monero is based on cryptonote whose proof-of-work algorithm is designed to be suitable for ordinary PC CPUs

  17. Fanboy said on September 22, 2017 at 12:44 pm
    Reply

    Just use Easyprivacy tracking list, it’s currently blocking this domain.

    1. Richard Allen said on September 22, 2017 at 8:21 pm
      Reply

      Thank You! Very much appreciate what you do!!!!!!!!!!

      Actually saw two entries for mining domains.

      ||coin-hive.com^$third-party
      ||jsecoin.com^$third-party

      And…people got to TPB with javascript enabled? That’s friggin scary! What with the miner, redirects and God knows what else. Will not be saddened when they get shut down, next time, again. SMH!

  18. linuxfan said on September 22, 2017 at 12:43 pm
    Reply

    Martin, this rule works. However, one should be aware of the shortcomings of using a hosts file: It only blocks *exactly* what’s added in that file. Hence, a rule like

    0.0.0.0 coin-hive.com

    does *not* block, e.g.,

    http://www.coin-hive.com
    mining.coin-hive.com
    … etc. …

    This is exactly the reason why a rule like

    0.0.0.0 doubleclick.net

    is not sufficient but literally hundreds of rules are necessary to cover all variants of doubleclick. And wildcards or placeholders are not allowed in a hosts file! See also the remarks on https://wiki.ubuntuusers.de/hosts/#IP-Adressen-umleiten.
    So a better solution is definitely using uBlock Origin’s Dynamic Filtering or uMatrix as they make sure that all relevant sub-domains are also blocked.

    1. Martin Brinkmann said on September 22, 2017 at 12:58 pm
      Reply

      You are right, thanks. I add that to the guide to make it clearer

      1. PeaceByJesus said on March 20, 2018 at 2:50 pm
        Reply

        I only use the long-established free host file (http://winhelp2002.mvps.org/hosts.htm) which has entries like,

        0.0.0.0 coin-hive.com
        0.0.0.0 ws017.coin-hive.com
        0.0.0.0 ws022.coin-hive.com
        0.0.0.0 ws023.coin-hive.com
        0.0.0.0 ws024.coin-hive.com
        0.0.0.0 ws025.coin-hive.com
        0.0.0.0 ws026.coin-hive.com
        0.0.0.0 ws027.coin-hive.com
        0.0.0.0 ws028.coin-hive.com
        0.0.0.0 ws032.coin-hive.com

        And https://cryptojackingtest.com/ says I am protected (running Firefox). Thank God for those who provide such helps.

  19. Tom Hawack said on September 22, 2017 at 12:03 pm
    Reply

    Done. CPU says “Thanks” and I agree.

    “Make sure you press the Tab-key after entering the IP address 0.0.0.0.” : a simple space is enough.

  20. Goku said on September 22, 2017 at 11:03 am
    Reply

    Nice tip thx!
    I haven’t though of using host file to block this nasty thing, I mainly use host file to be able to use Photoshop^^,mainly Ublock Origin+Umatrix.
    Sad to see Piratebay using miner too ;'(

    1. planete42 said on October 12, 2017 at 4:05 am
      Reply

      Host files can only block fixed ip addresses. Some websites are sneaky and generate random script names from multiple random domain names. To block this, you need a blocker that analyse mining patterns in scripts, not just block the host. I use Mineblock which does just that https://mineblock.org

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.