Mixed martial arts has become the latest victim of a malicious cryptocurrency mining attempt, after adverse code was discovered in a streaming site owned by Ultimate Fighting Championship.
The controversy surrounds code that was injected into the site, which is designed to harvest browser resources for cryptocurrency mining. According to initial reports on social media, the bug was flagged by numerous site users, who identified the presence of a script developed by Coinhive within the UFC platform.
The script is used by miners for monero, and is designed to be embedded directly into web pages as part of its browser-based mining approach. It remains unclear how the code made its way onto the site, but UFC representatives were quick to assure site users of their investigation.
“Immediately upon learning of the reported issue, Neulion, UFC’s over-the-top digital service provider, reviewed the UFC.TV/FIGHTPASS site code and did not find any reference to the mentioned Coinhive java script. We are continuing to review the available information and feel confident that there are no coding issues across the site at this time.”
Yet despite these assurances, users on Reddit continued to identify the presence of the code within the site. While the script now appears to have been completely removed, questions will now be asked as to how the script came to be found on the UFC streaming site, and how other websites can protect against malicious attempts to mine through their web platforms.
Coinhive have publicly responded to the controversy, distancing themselves from anyone who attempts to use their technology maliciously.
“For what it’s worth, we didn’t notice any new ‘top user’ in our internal site wide dashboard. So the miner was either removed quickly again or didn’t affect a lot of end users…Just for the record, we have a strict policy against using our service on ‘hacked’ sites and will terminate accounts that violate our terms of service, as soon as we’re notified of them.”
This is not the first time scripts from Coinhive have been deployed by hackers, with a website from streaming platform Showtime a previous high profile target.
Meanwhile, online security firms like Cloudflare is amongst those developing mechanisms for blocking similar attacks in future.