Cryptojacking, also known as malicious cryptomining, is a cyber threat where an attacker embeds code into a computer or mobile device to hijack its resources for mining cryptocurrency. This process provides free revenue for the attacker at the expense of your device and network health. When hackers compromise a device, they leverage its computing power to solve complex mathematical problems. The reward for solving these problems is cryptocurrency, which can be traded for other digital assets or traditional fiat currency.
Cryptojacking has been in the news for some time, but it has gained popularity recently due to several factors in the cryptocurrency space. First, digital currencies are becoming more widely accepted by vendors and institutions. This is partly due to the growth of decentralized finance (DeFi), which allows cryptocurrency holders and investors to participate in lending and earn profits by contributing their assets to liquidity pools.
Even if cryptojackers do not intend to spend the cryptocurrency they "earn," they can simply place it in liquidity pools and generate income that way. As DeFi continues to expand, cryptojacking has become an increasingly prevalent threat.
Understanding Cryptocurrency
Cryptocurrency is a form of digital currency with no physical representation. It is generated by solving mathematical problems known as hashes. Individuals earn cryptocurrency by using their computers to solve or verify the solutions to these mathematical problems.
There are hundreds of cryptocurrencies, each with its own coin or token. Each cryptocurrency was invented to address a specific problem that its creators believed other currencies did not adequately solve. One way to simplify the vast array of cryptocurrencies is to focus on the platforms used to create them.
Bitcoin, the most popular digital asset, is mined on the Bitcoin blockchain. A blockchain refers to a series of mathematical problems organized into sequentially solved blocks. When a hash block is solved, it is added to the "chain" of blocks. Blockchains are open-source, meaning anyone can view, copy, or even use the code to create their own cryptocurrency. Additionally, all transactions on a blockchain are public, although the identities of the participants remain hidden.
The Bitcoin blockchain requires a relatively long time to solve hashes, making it inefficient for many purposes. This inefficiency led to the development of another blockchain—the Ethereum network.
The Ethereum network also involves solving mathematical problems but requires less computational power. As a result, transactions designed for the Ethereum blockchain typically occur faster. You can also create applications on the Ethereum network, known as decentralized applications or dapps.
Cryptocurrencies and dApps
dApps enable trustless transactions without intermediaries. Like all cryptocurrency transactions, these involve peer-to-peer interactions. This is fundamentally different from using a credit card, writing a check, or making a payment where a third party, such as a bank, is entrusted to hold and transfer funds.
With dApps, you can use smart contracts customized to complete transactions without third-party involvement. Smart contracts are automated plans that perform all the functions a bank or other intermediary would handle, and more. For example, they verify that the funds used in a transaction have legitimate value, are delivered only when certain conditions are met, and that the correct amounts are allocated.
Many protocols on the Ethereum network have their own tokens or cryptocurrencies. In most cases, users can employ these tokens to vote on how a platform should operate in the future. Some platform-specific cryptocurrencies are solely for governance purposes. However, this does not prevent people from trading these coins, which gives them value.
The value of cryptocurrencies, even those never directly used to purchase goods and services, is at the core of the cryptojacking problem. Some tokens require so little computational power that even relatively weak devices, once compromised, can become useful money-making tools. Moreover, because those who solve problems are rewarded not only for generating new blocks but also for verifying transactions, even a slow computer can earn hackers revenue—as long as they aren’t paying the electricity bill. When your device is compromised, you are essentially providing the hacker with free computing power and electricity.
What Is Cryptocurrency Mining?
Cryptocurrency mining involves solving hashes to generate blocks added to a blockchain or verifying transactions between blockchain users. The "mining" process is performed by computers, which essentially attempt to crack encryption codes. For example, if a computer is tasked with guessing a laptop password, it must try enough combinations of numbers or letters until it succeeds.
However, most people's passwords are relatively short sequences of letters and numbers. With cryptocurrency, the "passwords" are long and random. During mining, a computer’s resources are dedicated to figuring out the encryption. Once the encryption is solved, other users on the network must verify it. If the solution is validated, it is certified as legitimate by the system, and the solver is rewarded with cryptocurrency. Those who verify the solution’s validity are also rewarded for their efforts.
All that is needed to start mining cryptocurrency is a computer. For Bitcoin mining, the computer must be very powerful to compete with other devices attempting to solve blockchain problems. However, for certain currencies, solving problems requires less power, and normal smartphones, tablets, desktops, laptops, or servers may be sufficient. If hackers can compromise devices on your network, they can make you fund and facilitate their cryptocurrency mining.
How Cryptojacking Works
Cryptojacking operates through malware or via drive-by cryptomining. When hackers use malware, part of your computer is taken over and controlled, similar to ransomware. However, unlike ransomware, this control remains invisible in the background while you continue using the device.
Here’s a step-by-step breakdown of how this process works:
- You click a malicious link in an email. The email and link may appear completely innocent.
- Clicking the link loads cryptomining code onto your computer, which places a mining script in the background. This script is designed to control your device.
- The script captures part or all of your device’s computing power and uses it to mine cryptocurrency.
- The cryptojacker monitors the mined cryptocurrency and collects it in their digital wallet.
Drive-by cryptomining originated from legitimate transactions. Websites would openly disclose that visitors’ computers would be used to mine cryptocurrency while they were on the site. Once they left, their devices would no longer be used for mining. This eventually evolved into drive-by cryptojacking, where visitors’ devices are used to mine crypto without their permission.
When unsuspecting users visit a compromised website, code is placed on their devices. Not only are users unaware that their devices are being used for mining, but the mining continues long after they leave the site.
Some cryptojacking malware operates like a virus. It moves through your network, infecting one device after another, enslaving them all, and consuming their resources in the process.
How to Detect and Prevent Cryptojacking
Cryptojacking can be difficult to detect after it occurs because the process is often hidden or appears as benign activity on the device. However, there are some signs to watch for:
- Your laptop or computer fan runs faster than usual. This is because the cryptojacking script or website is causing it to overheat, and the fan is running to prevent melting or fire.
- Your device feels much hotter than usual.
- Your battery drains faster than normal.
- Your device runs slowly, crashes, or performs unusually poorly.
To prevent cryptojacking while browsing, ensure every website you visit is on a carefully vetted whitelist. You can also blacklist sites known for cryptojacking, though this may still expose your device or network to new cryptojacking pages.
Another way to prevent cryptojacking while browsing is to block JavaScript, one of the tools used to access a device’s computing power. However, this may disable important functions on websites you want to access. You can also use programs designed to block mining while you browse. These are installed as extensions on some popular browsers.
A comprehensive cybersecurity plan, however, offers a more holistic solution. It acts as a critical layer of defense, providing threat detection even if hackers find workarounds for mining-blocking software. 👉 Explore advanced threat protection methods
Cryptojacking Examples: Real-World Cases
In February 2018, cryptojacking code was found hidden on the Los Angeles Times’ "Homicide Report" page. The code on the website was written by a legitimate cryptocurrency service called Coinhive. It was used to mine Monero, a popular privacy-focused cryptocurrency. When visitors landed on the page, their devices were used to mine Monero. The threat took a while to detect because the script used reduced computational power, making it hard for users to tell their devices had been compromised.
Early in 2018, a European water utility was also hacked by cryptojackers, marking a significant year for this type of attack. Security company Radiflow discovered crypto scripts using system resources to generate revenue. The attack reportedly had a "significant impact" on the water utility’s systems. Similar to the Los Angeles Times hack, the miners were generating Monero.
The fact-checking website PolitiFact was also victimized by cryptojackers in 2017. As with the Los Angeles Times case, Coinhive was used in the attack, but the code was programmed to launch eight simultaneous instances of the miner, devouring visitors’ resources.
Frequently Asked Questions
What is cryptojacking and how does it work?
Cryptojacking is when a computer is taken over by a cryptocurrency miner and used to generate cryptocurrency. It works by installing a script on your device that controls it, leveraging its processing power to mine crypto.
What is a cryptojacking blocker?
A cryptojacking blocker is a web extension designed to prevent your computer from being used to mine cryptocurrency while you visit websites.
What is a cryptojacking miner?
A cryptojacking miner is software that controls someone’s computer and uses it to mine cryptocurrency.
How long does it take to mine 1 Bitcoin?
It takes approximately 10 minutes to mine 1 Bitcoin. The Bitcoin blockchain is designed to produce only 1 Bitcoin every 10 minutes, regardless of how many miners are running simultaneously.
Can cryptojacking damage my device?
Yes, cryptojacking can cause hardware damage over time. The excessive use of computational resources leads to overheating, which may reduce the lifespan of your device’s components, particularly the CPU and cooling system.
How can I remove cryptojacking malware?
You can remove cryptojacking malware by using reputable antivirus or anti-malware software. Regularly updating your operating system and applications also helps close security vulnerabilities that attackers might exploit.