On Monday a reddit user named gambledub posted on the MMA subreddit r/mma the following message: “Fight Pass is Shady! YSK UFC Fight Pass is using your PC to crypto mine. Your CPU is being used to mine, without your knowledge on a service you already pay!”
gambledub’s allegation came with a screen shot of Fight Pass’s web script revealing the line “//coinhive.com/lid/coinhive.min.js”.
According to Coindesk.com the code shown in that image was, “a monero mining script that can be embedded in a web page” developed by the company Coinhive. Monero, like Bitcoin, is a cryptocurrency.
Cryptocurrency is earned — or mined — through solving mathematical problems. Individuals use computers to automatically solve these problems. The more frequently problems get solved within a network, the harder problems become. The harder the problems become, the more computing power is needed to solve them and thus earn the bitcoin, monero, or any other cryptocurrency being offered.
Coinhive’s mining program is used by website owners to harness the computing power of people who visit their website. Those user’s computers give the website owner a better chance at solving the problems needed to mine — in this case -- monero.
Coindesk reports that, after a Fight Pass user contacted the UFC about the issue, the company’s customer support staff responded, “We take these matters very seriously, and will review this.”
According to Coindesk the UFC then issued a statement further discussing the alleged crypto mining. That statement read:
“Immediately upon learning of the reported issue, Neulion, UFC’s over-the-top digital service provider, reviewed the UFC.TV/FIGHTPASS site code and did not find any reference to the mentioned Coinhive java script. We are continuing to review the available information and feel confident that there are no coding issues across the site at this time.”
Shortly after the original reddit post was submitted a user named TheGamingSupportGuy reported that the coinhive code was no longer visible on the Fight Pass website.
When reporting on this matter Bitcoinist.com pondered whether the Coinhive script placement was a “hack or inside job?” That site concluded that it was a “logical assumption” that a hacker had dropped the Coinhive code into Fight Pass because “one would think that the UFC makes enough money through their streaming fees and other endeavors to not risk the ire of their paying customers by infecting malware on them.”
After reviewing the screenshots, Coinhive emailed Coindesk to state that, since the images did not include a ‘site key’, they wouldn’t be able to provide any information regarding how much cryptocurrency was mined on Fight Pass.
“For what it’s worth, we didn’t notice any new ‘top user’ in our internal site wide dashboard. So the miner was either removed quickly again or didn’t affect a lot of endusers. Just for the record, we have a strict policy against using our service on ‘hacked’ sites and will terminate accounts that violate our terms of service, as soon as we’re notified of them.”
Bloody Elbow contacted the UFC to ask whether or not the Coinhive script was placed on UFC Fight Pass deliberately by the UFC. As of this time of writing, the UFC has not responded.