Digit Geek
Digit Geek > Recent Articles > Technology > How to build client-side cryptominers

How to build client-side cryptominers

Could this be the key to an ad-free internet?

If you are connected to the internet then its most likely that you have already heard about crypto-currencies like Bitcoin, Ethereum and Ripple. With many Governments and banks across the world legalizing, regulating and accepting multiple Crypto-currencies, the day is not far that these become common knowledge. The Government of India, with its high enthusiasm for Digitalization of Banking Services, is considering regulating some of these crypto-currencies in the Indian market and the RBI is also considering rolling out its own cryptocurrency unofficially codenamed “Lakshmi”. In the wake of these current events, it’s quite necessary for developers to stay up to date with the emerging trends in the field of cryptocurrency and their respective mining techniques. Although countries like China have banned some cryptocurrencies like Bitcoin yet they have their own cryptocurrencies like Neo. Therefore, based on the current trends it’s safe to predict that cryptocurrencies are here to stay for quite some time. So, we will try and find out more about their functioning and explore an innovative way of mining our own share of cryptocurrencies.

For an extensive yet compact guide to the world of cryptocurrencies pay a visit to Luno’s official website.

What is browser-based crypto-mining?

People invest in physical hardware and dedicated systems to maintain transactions through distributed computing and a decentralized ledger system backed by complex cryptography. In doing so they make use of substantial amounts of electricity and in return, they get a certain number of cryptocurrencies or shares per block or per group of computations.

If you are interested in mining on dedicated hardware then a good place to start is this guide.

However, you could also distribute this mining across smaller web-capable devices like a laptop or a mobile device if you happen to own a website that is capable of executing JavaScript on the browsers of your clients’ devices. However, make sure you inform your visitors and take their explicit consent for mining on their devices.

Example of the opt-in screen

For our demonstration, we shall be mining the cryptocurrency known as Monero using the JavaScript APIs of Coinhive. Coinhive provides a 70:30 ratio as a fair payout to their users, i.e. the user receives 70% while Coinhive receives 30%. Another alternative that has gained popularity due to its high payout rate is CryptoLoot which gives out a payout 88% of mined commissions, at specific minimum intervals of 0.3 XMR (Monero).

The visitors to your website can run the miner directly in their web browser and mine XMR for you in exchange for an ad-free experience, in-game currency or whatever incentives you can come up with. Get innovative, and do away with those intrusive ads. Most users won’t mind letting you use their CPU for short durations in exchange for an ad-free website or some added freebies. Your users can “pay” you with just their CPU power. The best part? They can do that without registering an account anywhere or without installing a browser extension or without being bombarded by ads.

Getting Started With Coinhive

Shortly after the launch of CoinHive, multiple anti-viruses and adblockers started blocking JavaScript from CoinHive’s domain due to misuse by some irresponsible parties. Therefore, Coinhive started serving the JavaScripts from a different domain where it made the user’s explicit consent compulsory at all times when the script is involved.

How the miner will look on your page

Thus, the starting point is very simple. Just like most other JavaScript based libraries go ahead and include it in your page somewhere (ideally at the bottom of the page, just before the start of the ending body tag) like shown here. Once you’ve done that, you’re ready to move onto the next step.

Adding a Monero account to receive Payments

Now create an account on the Coinhive website and go to the settings tab after that is done. Go to the sub-section of Payments and add your Monero wallet address and save it.  If you do not have a Monero wallet then head over to their official site or read this first to get step by step guidelines on how to create one. After receiving the payout in XMR you can head over here for conversion to most popular cryptocurrencies or normal currencies as well.

Adding your site and getting your keys

Again, head over to the settings tab and navigate to the section mentioning “Sites & API Keys” and

  • Add the name of your Site
  • Copy the Site-Key and the Secret key in someplace safe
  • Save your settings

Repeat the process if you want to add another site or have multiple analytics for different pages/sections etc. of your site. You can also change your secret key here in case you wish to do so. Now use this site key and secret key wherever mentioned in this article or in the official documentation. Congratulations, now you are all set to go!

JavaScript API Opt-In Overlay

When loaded through authedmine.com the JavaScript API will ask the user for consent as soon as miner.start() is called. This is done in a popover window directly on your page. You will not be able to start the miner if the user cancels the opt-in.

If the user gives consent, an opt-in token is stored in a cookie on your website. As long as the token does not expire, the miner can start again without a further explicit opt-in. To prevent misuse, the text in the opt-in screen cannot be altered. Translations for the content on this page into different languages will be available in the near future.

data-key Your public Site-Key
data-user Optional. The username to which the hashes will be credited to. Just leave this empty if you are unsure.
data-autostart Optional. Whether to automatically start mining (true|false). The default is false. The miner will only autostart on subsequent page loads after the user has initially started the miner once himself.
data-whitelabel Optional. Whether to hide the Powered by Coinhive text (true|false). The default is false.
data-background Optional. The background colour of the UI as 3 or 6 digit HEX colour code.
data-text Optional. The text colour for the UI as 3 or 6 digit HEX colour code.
data-action Optional. The action colour for the UI as 3 or 6 digit HEX colour code
data-graph Optional. The graph colour for the UI as 3 or 6 digit HEX colour code.
 data-threads Optional. The number of threads the miner should start with.
 data-throttle Optional. The throttle value the miner should start with.

The simple UI, as well as the JavaScript API, keep the opt-in given by the user as valid for their current browser session or at most 24h. The response to the opt-in is stored in a session cookie. Coinhive claims that it can not be altered as it includes a timestamp and a cryptographic token. The cookie is first checked in the browser on the client side in JavaScript and (if not expired) is validated again when you connect to their pool servers. CoinHive’s servers refuse a connection from an invalid or expired opt-in token and show the opt-in screen again.

To prevent one opt-in token to be used with multiple clients, the token incorporates the user’s current IP address. If the IP address changes, the user has to provide consent via opt-in again. The token also incorporates your site key so that it is only valid for one website at a time. Coinhive also claims that the opt-in token itself is stateless and that they do not store the token on their servers in any form at all.

Simple Events and APIs

You can also retrieve the number of hashes solved by a user by making a direct call to Coinhive’s API via curl or similar utilities, which in turn will return JSON responses. An example call would be:

curl “https://api.coinhive.com/user/balance?name=your-name&secret=<secret-key>”

# {success: true, name: ” your-name ” balance: 1024}

You can also listen to events, write your handlers, etc. Check out a detailed example here. Full documentation can be found at this link.

Embedding The Simple UI

To embed the Coinhive Miner UI, you have to load the simple-ui.min.js anywhere on your page and create a <div> with the coinhive-miner class where you want the miner to be displayed on the client side. A sample snippet of the same can be found here. The UI for the same can be easily customized by providing the size as style and other data-attributes. Only the data-key attribute is mandatory. All other attributes are optional.

If the user has already configured the number of threads and throttles to use, the miner will remember their choices. The data-threads and data-throttle attributes only provide a default for the first run of the miner. For a complete example, in the blue colour scheme, check out the code at this link.

Other interesting applications of the same concept by Coinhive

Proof of Work Captcha

CoinHive provides a captcha-like service where users need to solve a number of hashes (adjustable by you) in order to submit a form. This method is already in use. Chances are that if you have signed up on CoinHive then you have already seen it in action at the sign-up page’s form. Here’s how it looks in action:

An alternative for Google’s reCaptcha

This prevents spam at an inconvenience that is comparable to a classic captcha. All with the added benefit of earning you money.

Proof of Work Shortlinks

If you have an URL you’d like to forward your users to, you can create a cnhv.co short link to it. The user has to solve a number of hashes (adjustable by you) and is automatically forwarded to the target URL afterwards. For example: cnhv.co/71un  (Find out where it takes you!). You can create short links directly in your control panel or through CoinHive’s API via the endpoint “/link/create”

Http API Documentation

A full-fledged HTTP API exists for multiple functionalities. Full Http API documentation is available here and an example can be found here.

Conclusion

If ethical practices are enforced, then this looks like a promising new way by which websites with high numbers of visitors or websites where users tend to stay on for longer time periods may choose to serve ad-free content and yet make profits out of their websites. However, small websites or low visit count blogs may not be able to sustain even their minimal operating costs from the proceeds of browser-based client-side mining. And even if it doesn’t turn out to be significant, it will reduce the burden on ads alone to generate revenue for a website.

Nevertheless, it’s an interesting development and can find innovative applications in the wide world of the internet. It is suggested that before implementing such solutions check the legal aspects related to these in accordance with the laws of the land where you reside and operate from. Also, keep your users in good faith and they will appreciate the gesture and praise you for sticking to an ethical code. Just be upfront about any mining activity on your website.

Read about RBIs cryptocurrency policy and the legal aspects of cryptocurrencies in India here:

[Disclaimer: The author or the publication assumes or undertakes NO LIABILITY for any loss or damage suffered as a result of the use, misuse or reliance on the information and content on this article. This article is for informational purposes only and should be used as such at your own responsibility.]

Kousatav Ray