Finder makes money from featured partners, but editorial opinions are our own.

Thousands of Internet cafe computers “poisoned” with Siacoin miners

shutterstock bitcoin crypto burning 450x250

Sell mining malware to computer maintenance companies and share the profits. What could go wrong?

Details of a unique cryptojacking scheme have emerged following the recent arrest of ringleaders in China. The scheme is believed to have only infected some 100,000 computers, but it got very good use out of them at a very auspicious time.

The scheme centred on infecting Internet cafe computers to mine Siacoin throughout last year, right before it shot up in price. All up, it's believed to have pulled in about US$800,000 worth of Siacoin over the months, Hangzhou News reports.

An entry point

The scheme is believed to have been masterminded by the network technician of an Internet cafe software company JinHua. He created the mining program which was then packaged as a product for Internet cafe maintenance companies.

The maintenance companies would then install the software on Internet cafe computers and share the profits from the machines they infected. It's thought that about 100,000 computers across 30 cities were infected this way over a few months.

They got some very good use too. Unlike most cryptojacking malware, JinHua's creation didn't hold back and focused on consuming as much power as possible as quickly as it could.

It was immediately apparent to victims that something was wrong. Programs would grind to a halt, and their energy bills skyrocketed. They then turned to their usual maintenance providers who, unsurprisingly, managed to not find anything wrong.

"So many computers collectively poisoned, and every month electricity bills go up. This business simply can't be done," said one Internet cafe owner.

As the problem started spreading, it soon became apparent that something was very wrong, and the Internet cafe owners collectively complained to local police. The arrests started in October 2017, and 16 people have been taken into custody so far. The investigation continues though, and it's thought that the practice has spread among maintenance firms and that the malware may still be making its way around the country.

Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and NANO.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Get started with crypto

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and 6. Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site