It seems that CoinHive has a habit of making headlines about hackers and other mischief makers.

That isn’t a coincidence. The prospect of a script that silently mines Monero from another person’s CPU with a simple JavaScript snippet is very attractive to cybercriminals.

Noah Dinkin, the CEO of stensul — an email marketing company — discovered that a Starbucks store in Buenos Aires, Argentina was not allowing its customers to connect to its in-store Wi-Fi until forcing them to mine Monero for ten seconds.

He brought this to the attention of the famous coffee chain in a Tweet, mentioning both the chain’s principal account and its Argentinian one.

“Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer’s laptop? Feels a little off-brand..,” he wrote.

He then presented this screenshot of the source’s traffic, with CoinHive’s code injected:

We have cut the bottom half of his screenshot to show only the most relevant parts of the code. 

He is right about what this code means, but wrong about the cryptocurrency. CoinHive specifically deals with Monero, not Bitcoin.

Starbucks has since responded to the incident yesterday, in another tweet:

“As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely,” they wrote.

The tone that the company used in its tweet seems to indicate that the incident was just another case of “coinjacking” and not a deliberate attempt by Starbucks’ management to make a profit from their customers’ Wi-Fi use in the form of cryptocurrency.

Last month, we spoke with security expert Willem de Groot about this phenomenon. He discovered that hackers injected CoinHive code into 2,496 unsuspecting e-commerce websites, mining Monero using the CPUs of all of their visitors.

The fact that we are seeing this happening in stores only a month later demonstrates that hackers are starting to use more sophisticated methods to profit from the cryptocurrency craze.