Some YouTube ads in certain countries were hijacked by hackers to mine cryptocurrency by using the processing power of video viewers' computers without their knowledge, according to new reports. The cryptocurrency mining code was apparently embedded in JavaScript in the YouTube ads, which mined CoinHive's Monero digital currency. This issue was identified when antivirus software of users' desktops detected the said covert mining when YouTube was played.
According to a report by technology website Ars Technica, the antivirus red flags continued to appear after users changed the browsers to watch YouTube. The issue only came up when a YouTube video was played. Cyber-security research firm Trend Micro published a blog post on Sunday, saying it detected a 285 percent increase in the number of CoinHive miners on Wednesday, January 24. A deeper look into the problem showed five malicious domains had enjoyed a five-fold increase in traffic since January 18, with Google DoubleClick ads turning out to be the source of traffic.
CoinHive is considered controversial as it allows website administrators to use the resources of visitors' computers to mine Monero cryptocurrency. In the case of YouTube ads, 90 percent of the cases involve publicly-available CoinHive JavaScript, while the remaining 10 percent involves a private mining JavaScript that allows the hackers to save on the 30 percent fee CoinHive charges. In both cases, 80 percent of the resources of the affected computer are used to mine the cryptocurrency, meaning that the computer is left with barely enough resources to operate.
Among the countries affected by this hack include Japan, France, Taiwan, Italy, and Spain. One of the ways to protect computers from this issue is to disable auto-running JavaScripts in browsers. YouTube is an obvious target for such an attack as it is the most popular video streaming website in the world, with over 1.5 billion users worldwide.
In a statement to Ars Technica, Google said, "Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms." It is not apparent which ads were blocked within two hours.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.