The incident was discovered on the 23rd of this month and was fixed later by. After that Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.
This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.
Coinhive says that the root cause of the hack was the leaked database of Kickstarter back in 2014. Attackers have gained access to the Coinhive CloudFront account that was leaked in the Kickstarter data breach.
This is another example of not changing passwords and following best practices.
"We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account."
"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate," Coinhive added.