What Is Cryptojacking?

Cryptojacking is a type of cyberattack in which a hacker co-opts a target's computing power to illicitly mine cryptocurrency on the hacker's behalf. Cryptojacking can target individual consumers, massive institutions, and even industrial control systems. 

The malware variants involved in cryptojacking slow down infected computers, as the mining process takes priority over other legitimate activities.

Key Takeaways

  • Cryptojacking is a type of cyberattack in which a hacker co-opts a target's computing power to illicitly mine cryptocurrency on the hacker's behalf.
  • Cryptojacking can target individual consumers, massive institutions, and even industrial control systems.
  • Cryptojacking has become an increasingly popular way for fraudsters and criminals to extract money from their targets in the form of cryptocurrency.
  • The lines between cryptojacking and the "legitimate" practice of browser mining are not always clear.

Understanding Cryptojacking

Cryptojacking has become an increasingly popular way for fraudsters and criminals to extract money from their targets in the form of cryptocurrency. One widely publicized hack, the WannaCry worm hack, affected systems on several continents in May 2017. In this instance of cryptojacking, fraudsters encrypted victims' files and demanded cryptocurrency ransoms in the form of bitcoin in order to decrypt them.

Cryptojacking harnesses victims' machines to mine, or perform the computations necessary to update cryptocurrencies' blockchains, thereby creating new tokens and generating fees in the process. These new tokens and fees are deposited to wallets owned by the attacker, while the costs of mining—including electricity and wear and tear to computers—are borne by the victim.

Examples of Cryptojacking 

In February 2018, a Spanish cybersecurity firm, Panda Security, announced that a cryptojacking script, known by its nickname "WannaMine", had spread to computers around the world. The new malware variant was being used to mine the cryptocurrency monero.

Monero is a digital currency that offers a high level of anonymity for users and their transactions. WannaMine was originally discovered by Panda Security in October 2017. Because it is particularly hard to detect and block, it was responsible for a number of high-profile infections in 2018. After WannaMine has silently infected a victim’s computer, it uses the machine's operating power to run an algorithm called CryptoNight over and over again, with the intention of finding a hash meeting certain criteria before any other miners do. When that happens, a new block is mined, which creates a chunk of new monero and depositing the windfall to the attacker's wallet.

Later the same month, governments in Britain, the U.S., and Canada were impacted by a cryptojacking attack that took advantage of a vulnerability in a text-to-speech software embedded in the websites of governments for these respective nations. Attackers inserted Coinhive script into the software, allowing them to mine monero using visitors' browsers. 

In February 2018, it was discovered that Tesla Inc. had been the victim of cryptojacking. Reportedly, the company's Amazon Web Services cloud infrastructure was running mining malware. In this case, the data exposure was discovered to be minimal, although, in general, cryptojacking poses a broad security threat for a company (in addition to accruing up a large electric bill).

Browser Mining vs. Cryptojacking

The lines between cryptojacking and the "legitimate" practice of browser mining are not always clear. Browser mining is becoming an increasingly common practice. For example, Coinhive, the cryptocurrency mining service, is often described as malware as a result of the tendency of the computer code of the program to be used on hacked websites to steal the processing power of its visitors’ devices. However, Coinhive's developers present it as a legitimate way to monetize traffic.

In 2018, the publication Salon partnered with Coinhive's developers to mine monero using visitors' browsers (with their permission) as a way of monetizing the outlet's content when faced with adblockers.

Some experts have cited the potential of browser mining as an alternative to ad-based monetization. In 2018, Lucas Nuzzi, a senior analyst at Digital Asset Research, said that "Browser-based miners like Coinhive are the best implementation of useful PoW [proof of work] in existence. For the first time in internet's history, websites have a way of monetizing content without having to bombard users with ads."

Browser mining is, in essence, a legitimized form of cryptojacking. Such proposals are extremely controversial, given the potential costs to users in terms of power consumption and damage to their hardware.