Download!Download Point responsive WP Theme for FREE!

UFC Fightpass using subscribers to mine cryptocurrency without permission.

Add one more company to the list of jerks who use your CPU and drive up your electricity bill without your knowledge. This one sticks out a little more than previous offenders, as before most of the time I’ve seen this happen it has been in conjunction with some free service or software like Utorrent.  This time it’s being done by the UFC as part of their Fight Pass subscription service. Some folks over at reddit found the malicious code lurking in some JavaScript that loads when you log in and start watching videos. The site begins using your CPU to mine cryptocurrencies, the most common of which being bitcoin. This particular script that was running was actually mining Monero, a newer cryptocurrency that has recently become popular on the dark web due to its complete anonymity from both sender and receiver of the currency. This extra layer of obfuscation, along with being new to the table makes it more secure and easier to mine. There’s quite a debate going on right now as the legality of the whole mess.

Essentially, they’re using your computer, and by extension your electricity to mine this currency. It may not seem like a big deal, as your computer is already on and running, but there is a significant difference in power consumption of modern processors that scale to the task at hand. If you know anything about mining currency, and more specifically, building an entire rig specifically for mining, then you are aware that there is a significant amount of the revenue from mining lost due to increased power bills. Although a lot of mining rigs rake in good money, they pay a lot of that revenue generated in power consumption and hardware costs, even for top end rigs. With your average desktop computer, you can mine bitcoin as well but you would never break even and able to make a profit from mining, due to the average desktop not being optimized for mining. The only way this set up would be profitable would be for some douche bag company to run low level mining across a huge network of computers that they don’t pay the power bills for.

So to break down the UFC Fightpass relationship: You pay UFC for access to exclusive videos and their library of past fights. Every time you log in and consume a product you are paying for, they are using your hardware and running up your electricity bill for them to make a profit, all without notifying you or even asking your permission. The script has already been removed from their site and was done shortly after this news broke on reddit. Still no word if this was top down or just some software engineer that injected this into the site, which from some reading can be fairly simple to do with internal access. Many find it hard to believe that the UFC would risk something like this. As a long time UFC fan, knowing how poorly they pay and treat their talent for their work compared the money they’re raking in, I wouldn’t put it past the UFC brass.

Have any of you been mining currency for the UFC unknowingly?