Why this accusation against KRNL is fake.

Hi, someone sent me this screenshot earlier today and I decided to do some searching.

https://media.discordapp.net/attachments/1090293683888332831/1103045742295273512/iZouKpz.png

First of all lets check the KRNL version, the console window says the user is running 2.0.15t. If you go to KRNL's latest version on their website you can see this is also the latest version.

https://media.discordapp.net/attachments/1090293683888332831/1103057991479087104/image.png

You may be wondering now, is KRNL a bitcoin miner? How long have they been doing it?

I decided to look into this a little closer and found some crucial info which can debunk this screenshot easily.

In the screenshot you can see that the JS code apparently connects to a service hosted on coinhive.com using their API and since the two version numbers (one of user and one on website) match it shows that the screenshot was recent, right? Well one google search reveals that coinhive stopped their service in 2019.

https://media.discordapp.net/attachments/1090293683888332831/1103057917529292912/image.png

But! There's more evidence this screenshot is fake, if view the source of where the API script is being loaded from you can see that someone bought the domain and uploaded a script that does the exact opposite, warn the user that a miner tried to initialize on their browser.

https://media.discordapp.net/attachments/1090293683888332831/1103059426597929050/image.png

In the screenshot you can also see that they're using the API key "oiKAGEslcNfjfgxTMrxKGMJvh436ypIM", one quick google search reveals that this API key is flagged because it was being used to hijack MikroTik-devices.

https://media.discordapp.net/attachments/1090293683888332831/1103059961765965865/image.png

Even right now, if you go to the URL (https:/coinhive.com) you can see that the person who bought the domain is fighting those cyrpto mining in browser scams.

https://media.discordapp.net/attachments/1090293683888332831/1103060460074438677/image.png

I even found the original screenshot which the person who made the fake screenshot based it off. Like bro, using quotes in a <title> in html? As well as using the same throttle settings?

https://media.discordapp.net/attachments/1090293683888332831/1103060851503681698/image.png

In conclusion: this screenshot is faked and there are more arguments proving it's fake than proving it's real.