Cryptojacking : How Hackers Are Mining Cryptocurrencies Without Your Knowledge

Cryptojacking

Attention! This is important for all those experiencing a system slowdown after browsing for a while! You might be Cryptojacked!

Even if you are not, you should read this article to understand what Cryptojacking is and how you can protect yourself against it.

As the cyberspace is becoming more entangled, new ways of attacking cyber entities are emerging.

Sometimes these are open attacks like exit scams or Bitcoin ransomware attacks while some are attacks like DDOS and specter meltdowns.

These attacks will only increase with time as everything is going digital and we have to learn and evolve from them.

On similar lines, attacks in the cryptocurrency space will also keep rising and will take a while before we become mature enough to handle them. It is so because this space is new and in its nascent stages.

One such attack very few may have heard about is happening every now and then on our personal computers and laptops. This attack is too quiet for an average joe to know. This attack is called Cryptojacking. Had you heard about it?

If your answer is a resounding no, you should know about it because you might be a victim of this new form of attack which usually happens on personal computers and laptops.

What Is Cryptojacking?

Cryptojacking simply means someone has secretly hijacked your personal device to mine cryptocurrencies that can be mined with CPU power.

It is basically stealing the computing power of devices without seeking prior permission from the owner of the device.

Drive-by-mining

This computing power in the cryptocurrency realm is called ‘Hash power‘ which is used to make complicated and educated mathematical guesses to solve equations so that one can get the block reward of cryptocurrency mining. Read more about hashes in our detailed guide here.

This form of hijacking happens only when you are browsing the internet and have landed on a website that is cryptojacking noob internet users. And the funny thing is, it even doesn’t require the user being attacked to download or click on anything. Instead, it just requires the user to browse the malicious website.

Here is a research from Malwarebytes on Cryptojacking and in the below image you can see how popular torrent website “PirateBay” is hacking innocent users to mine Monero (XMR) without their knowledge:

Piratebay-illegally-mining-Monero-using-users-browser

Unless the users are smart and protected, they will never know that they are being cryptojacked.

How Does Cryptojacking Happen?

In the early days of crypto, it happened only if someone installed malicious softwares on their devices but now cryptojacking has evolved.

It works by embedding a small JavaScript code in a website which then uses the processing power of the visiting device to mine CPU minable cryptocurrencies like Bytecoin, Monero etc.

I know some of you might ask what difference does one user being cryptojacked make! Now imagine millions of users being cryptojacked. This will result in a significant hashing power which can then be used to mine cryptocurrencies.

There are two ways in which cryptojacking is happening these days:

  • Hackers hacking websites with good traffic
  • Online businesses using cryptojacking tools deliberately

Malicious hackers are hacking websites with heavy traffic to put their mining scripts on those websites. Large online businesses are also using mining scripts to generate alternative monetization techniques for their businesses.

You can also check this website’s source code’s Coinhive’s script which is cryptojacking the users.

Coinhive-Code

How To Avoid Cryptojacking

It is still not clear whether cryptojacking is legal or illegal, but it surely is unethical as noob internet users are being robbed of their resources without any incentive.

Users who are cryptojacked usually will see their devices being drained out of battery quite fast, or your devices getting heated while some will see a sudden increase in their CPU power utilization.

See the screenshots below for example and see my CPU utilization increased from 13% to 95% when mining was OFF vs when mining was ON. You can also test this on your devices by going to Coinhive and start mining.

CPU-mining-on-Mac-When-Mining-OFF
Mining OFF
Mining ON

So you can check your CPU utilization to check if you are being cryptojacked.

Also, there are some tools, techniques and plugins that you can use to avoid this in-browser cryptojacking such as:

  • Turning off your JavaScript in the browser. For example, this way.
  • You can use mining blockers chrome extensions like No Coin or MinerBlock.

Block-Cryptocurrency-miners-on-web

  • You can use specific script blockers like NoScript or uBlock.
  • You can also consider moving to a more privacy-centric browser such as Brave.

 Conclusion & Thanks To Coinhive

Until now, millions of users have been cryptojacked and thousands of websites have been affected by it.

The interesting part, however, is that while many websites were hacked and placed with malicious mining scripts, on the other hand, a large number of websites did it on purpose to increase their revenues via Coinhive.

Coinhive is the company that makes these crypto mining scripts for browsers and sells it to businesses in innovative ways where they get a 30% cut. The rest is earned by the business hosting it.

Some of these innovative ways are:

  • Proof of work captcha like this.
  • Proof of work short links like this.
  • Flexible JavaScript APIs like this.

Now that you know that there is a company using the Cryptojacking model and selling it to online businesses, you should understand that it will not stop and will only increase with time.

The best thing you can do is educate yourself enough for you to identify such attacks and take wise decisions to protect yourself.

That’s all from my side in this article. It is your turn to share your thoughts on Cryptojacking. Have you ever been cryptojacked? How do you find this new idea of online business monetization? Let me know your thoughts in the comments section below!!

Like this post? Share it with your friends!

Some other hand-picked articles for you:

4 thoughts on “Cryptojacking : How Hackers Are Mining Cryptocurrencies Without Your Knowledge”

  1. Interesting. I remember a time when our Amazon AWS account was hacked and thousands of Amazon EC2 instances were created (apparently for this same purpose of mining bitcoins). We received a bill of around $15k that month. Fortunately, Amazon handled the situation quickly and effectively.

    In the article, when it says “There are two ways in which cryptojacking is happening these days:”, I would guess there is a 3rd possible option here, involving deceptive Ad networks. Nowadays, it is very common that any website is showing advertising on their pages, not only Adsense, DFP but also 3rd. party ad networks. Since most of these ad networks require you to add a Javascript that you don’t own, this could be an open door for execution of mining scripts, either from the ad network but also from advertisers (regardless of the advertising costs)

  2. Yes , i attacked with it as i have withdrawn my some BTC via BTC clicks it is not coming in my unocoin account . I send them 3 emails but i didn’t received any mail from them but i have not received any payment in this month.

  3. Cryptojacking is very very harmful. Thanks for sharing how to avoid cryptojacking. Its really gonna help me & many beginners. Keep posting!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Signup to our Newsletter

Join the community of subscribers & get exclusive Crypto tips & tricks

logo@2x
Howdy, Welcome to the popular cryptocurrency blog CoinSutra. Here at CoinSutra, we write about Bitcoin, wallet management, online security, making money from Bitcoin & various aspects of cryptocurrencies. You can read more about CoinSutra on the “About” page.
Scroll to Top