User Finds Starbucks in Buenos Aires Wifi Hotspots Hijack Customer Devices to Mine Monero

starbucks mining monero

A Starbucks in Buenos Aires, Argentina was mining Monero (XMR) on customer’s devices without their permission. Twitter user Noah Dinkin noticed that a Starbucks location in Buenos Aires was utilizing their WiFi captive sign-in portal to force a 10-second delay when users first connected to the wifi in order to mine Monero. The user originally assumed that the Starbucks WiFi was attempting to mine Bitcoin, but it was in fact mining Monero. XMR is currently trading at $286.27 according to the Block Explorer Monero Price Index

Starbucks has not responded to the outcry on social media about their use of Coinhive

Coinhive is in-browser software that allows users to mine Monero in-browser with JavaScript using their ‘extra’ CPU power. Coinhive usage has been increasing and expected to increase both legitimately and illegitimately.

The Palo Alto Networks Research Center has stated that they have seen 36,842 instances of Coinhive being implemented. Out of these 36,842 instances, they claim that a large quantity of these fall into the category of ‘compromised’, likely being the result of malicious script injection into vulnerable servers. In some cases, multiple copies have been injected and use up 100% of the user’s available resources. One specific payee identity alone is tied to over 35,000 of these instances.

 

Edit: Since the time of writing, Starbucks issued the following statement:

As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our third-party support provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely.