Share this article
'Cryptojacking' Software Attack Hits Hundreds of Websites
The latest cryptojacking attack affects outdated versions of a major content management system.
By David Floyd
Updated Sep 13, 2021, 7:55 a.m. Published May 8, 2018, 2:05 a.m.
Hackers have injected hundreds of websites running the Drupal content management system with malicious software used to mine the cryptocurrency monero.
This latest incident was uncovered by Troy Mursch, the security researcher behind the website Bad Packets Report. He wrote Saturday that more than 300 sites had been compromised by hackers who installed the browser mining software Coinhive, which mines the cryptocurrency monero, by exploiting a vulnerability in an outdated version of the Drupal content management system (CMS).
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
"Cryptojacking," as similar attacks are called, has become a common problem in recent months. Whereas hackers used to favor ransom attacks – in which they would scramble victims' data and demand ransoms in bitcoin or another cryptocurrency in order to decrypt it – they now increasingly infect websites with software that harnesses visitors' computers to mine cryptocurrency on the attackers' behalf.
Mursch told CoinDesk that while cryptojacking is not as overt as ransomware, it "continues to be a problem - especially for website operators."
He explained:
"This is because Coinhive and other cryptojacking services (malware) are simply done with JavaScript. Every modern browser and device can run JavaScript, so as such, everybody can mine cryptocurrency and unfortunately Coinhive has been used and abused time and time again. [In] this particular case, Drupal users need to update [as soon as possible]."
Affected sites include the San Diego Zoo, the National Labor Relations Board, the City of Marion, Ohio, the University of Aleppo, the Ringling College of Art and Design and the government of Chihuahua, Mexico. A full list of affected sites is available on this spreadsheet.
Visitors to affected websites may not even notice that their computers are running the cryptographic functions used to generate monero for hackers. The attacks slow users computers down, however, and can cause wear and tear on computers' processors.
Not all Coinhive users are malicious, however. Salon, a news outlet, and UNICEF use the software to raise funds, but only run it with visitors' permission.
Hacker image via Shutterstock.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
IMF Flags Stablecoins as Source of Risk to Emerging Markets, Experts Say We Aren't There Yet
The IMF warns that USD-pegged stablecoins could undermine local currencies in emerging markets by facilitating currency substitution and capital outflows.
What to know:
- The IMF warns that USD-pegged stablecoins could undermine local currencies in emerging markets by facilitating currency substitution and capital outflows.
- Despite concerns, experts argue that the stablecoin market is still too small to have a significant macroeconomic impact.
- Stablecoins are primarily used for crypto trading, and their market size remains small compared to global currency flows.
Top Stories
