Lurking behind the legitimate crypocurrency mining community is another group of individuals and organizations that try to mine for crypto using illicit methods. (See also: How Do Cryptocurrency Mining Pools Work?)

Most cryptocurrencies are generated through the process known as “mining.” Much like traditional mining operations, these procedures require the use of energy and resources to complete a process which yields a financial reward. In the case of cryptocurrency mining, the energy required is electricity and computing power.

As cryptocurrencies have become increasingly popular around the world, so too has cryptocurrency mining. (See also: GPU Usage in Cryptocurrency Mining.) The demand for hardware used in the process has driven up prices of graphics processors and caused shortages for different pieces of equipment. (See also: Nvidia's Stock Signals Techs Near Bubble-Like 2000.)

Malware Applications

The most common form of illicit cryptocurrency mining makes use of malware. Malware is clandestine software which can be secretly run on an individual’s computer without his or her knowledge.

In the case of cryptocurrency mining malware, the program harnesses processing power from the computer in order to complete the complicated algorithmic processes necessary to finish the mining procedure. All of this is done without the computer’s user being aware of anything. The controller of the malware, not the computer itself, reaps the cryptocurrency rewards.

Coinhive JavaScript

One of the predecessors of illicit cryptocurrency mining malware was a legitimate piece of software called Coinhive. Coinhive was a JavaScript miner which was developed in late 2017 and which enabled the mining of Monero directly within a web browser. While the intention of this project may have been to allow users to run mining operations within their own computers, the technology was quickly co-opted by cyber criminals.

According to a report by Computer Weekly, some of the earliest illicit mining “drew millions of users to pages that immediately started to mine for Monero under the pretense of recouping server costs.” The process was automatic and difficult to detect, and it forced visitors to a particular website to mine for cryptocurrency without being aware of what was going on.

Once the illicit mining technology had been developed and adopted for this use, it was not long before it spread. Malvertising was a popular means of transmitting illicit mining software to a broader audience. In some cases, hackers utilized third-party scripts which had been compromised and retooled to facilitate illicit mining software.

This was part of the reason why illicit mining victims have ranged from individuals who happen to visit particular websites up to entire areas of governments around the world. Some highly-trafficked sites have made headlines for participating in this process; whether or not the developers of these sites were aware of the illicit cryptocurrency mining which took place may be difficult to determine.

Perhaps unsurprisingly, the ideal target for an illicit cryptomining attack is a large server network. The reason for this is that server networks wield the greatest degree of computing power, and the more computing power which is available, the faster the mining process can be completed.

cryptocurrency mining shutterstock


A large portion of the surreptitious mining described above has been done using Monero, a cryptocurrency which has become a favorite among criminal enterprises because of its strong emphasis on anonymity and security.

Windows, Android, and IoT Devices Most Vulnerable

While all platforms may be subjected to illicit cryptocurrency mining activity, Windows servers, Android devices, and IoT-connected devices may be the most likely to experience attacks.

A hack named EternalBlue was developed in 2017 and allowed hackers to achieve access to computers running Microsoft Windows. The tendency for hackers to shift their focus from ransomware and other older hacking methods to this secretive mining may have something to do with the long-term profitability.

According to a report by Coinwire, Palo Alto Networks Intelligence Director Ryan Olson said “the value of a computer that has just a regular old CPU might be more just leaving it quietly running some cryptocurrency miner rather than infecting it with ransomware or some other software that might steal data.” So long as the mining doesn’t noticeably impact the computer’s performance, the thinking goes, the computer’s user may never know that it’s happening.

However, illicit cryptocurrency mining is not a victimless crime. Indeed, it’s possible for the attack to overwhelm a computer’s processing power and shut down the system. For that reason, security companies focused on technology are working to combat the increase in these types of attacks.

Unfortunately, given the ease with which hackers can put illicit cryptocurrency mining software to use, as well as the potential for long-term profitability, there is great incentive on their part to continue to develop new means to achieve this goal. Accordingly, the fight between hackers and individual computer users on the other side of the equation will probably continue to rage on.

Investing in cryptocurrencies and Initial Coin Offerings ("ICOs") is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein. As of the date this article was written, the author owns bitcoin and ripple.