The incidents was discovered on 23rd of this month and was fixed later by. After that Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.
This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.
Coinhive says that the root cause of the hack was the leaked database of the Kickstarter back in 2014. Attacker have gained access to Coinhive cloudfront account that was leaked in Kickstarter data breach.
This is another example of not changing password and following best practices.
"We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account."
"Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate," Coinhive added.