From MarketsWiki
Jump to navigation Jump to search

Cryptojacking is the colloquial term for a type of hacking attack related to cryptocurrency mining.[1]

Cryptojacking is the process by which a hacker gains unauthorized access to another user's computer, tablet, mobile phone, or similar device in order to install and run software to mine cryptocurrency, such as bitcoin or Monero.[2][3][4] When a digital currency is successfully mined this way, the resulting digital token is transferred to the wallet of the hacker, rather than the owner of the device. These attacks can happen through malicious emails, phishing tactics, or malicious ads on websites, which conduct cryptojacking operations using the victim's browser.[5]

Since the massive price spike for bitcoin in late 2017, cryptocurrency mining increased by about 34,000 percent of rates from previous years. This increase in the profitability of mining and the resulting increase of mining rates were followed immediately by cryptojacking attacks increasing 8500 percent, according to an Internet security threat report published by the Symantec Corporation.[6][7] In 2018, cryptojacking attacks had increased 459 percent by September. According to a report published by the Cyber Threat Alliance in September 2018, the most cryptocurrency most commonly mined in these attacks is Monero.[8][9]

Cryptojacking attacks on Indian government websites[edit]

In September 2018, the Indian government discovered the presence of cryptojacking software embedded in official government websites, including municipal websites for the Indian state of Andhra Pradesh. The operators of the websites allegedly became aware of the cryptojacking JavaScript codes on September 10, but continued to operate the sites as of September 16.[10] To date, 119 Indian websites, including many government websites, have been found to contain the cryptojacking malware Coinhive.[11][12]

NSA technology used for cryptojacking[edit]

In 2017, an NSA-developed hacking tool called EternalBlue was stolen and published online. This hacking software is designed to break into almost any Windows machine in the world. The U.S. government has traced many of these attacks to individuals in Russia and North Korea.[13][14][15]

Monero Malware Response Workgroup[edit]

In September 2018, Monero announced the formation of the Monero Malware Response Workgroup. The workgroup created a website dedicated to educating not just Monero users, but the general public on how to remove cryptojacking malware from their devices and prevent them from future infection. The site also offers detailed explanations of the basics of Monero mining.

The announcement was written by Justin Ehrenhofer, head of the new workgroup. In the announcement, Ehrenhofer explained that the two primary reasons why hackers tend to prefer to use Monero in their attacks are its anonymity, and the proof of work model used by its blockchain, which is particularly advantageous for hackers. He also made a point of openly condemning the practice on behalf of the greater Monero community: "The Monero community condemns this malicious, non-consensual use of equipment to mine. Unfortunately, the Monero network itself actually benefits by having a wide set of stakeholders mine, since the network's security is afforded through a distributed set of users."[16][17]

Microsoft App Store[edit]

On February 15, 2019, Symantec reported in a blog post that a month earlier it had discovered Coinhive embedded in eight apps that were available on the Microsoft Store. Symantec said that the apps had been removed from the website. The apps were published between April and December 2018, with most of them published toward the end of the year. Symantec noted, however, that the apps may have been downloaded numerous times before they were removed from the store.[18]

Attacks against coronavirus research supercomputers[edit]

In May 2020, a string of cryptojacking attacks targeted supercomputers in several European countries. Some of the supercomputers - like the U.K.'s ARCHER supercomputer located in Edinburgh - were researching the coronavirus by running tests that took enormous amounts of processing power. The hackers gained access to these supercomputers by stealing SSH credentials (a cryptographic cybersecurity protocol) from people authorized to operate the machines.[19]


  1. How Bitcoin Mining Works. Coindesk.
  2. Cryptojackers are hacking websites to mine cryptocurrencies. CNN Tech.
  3. Cryptojacking Scripts Found on Local Indian Government Sites. Coindesk.
  4. Japan: 16 Arrested in Monero Cryptojacking Case, Local Media Report. Cointelegraph.
  5. What is cryptojacking? How it works and how to help prevent it. Symantec Corporation.
  6. ISTR 23: Insights into the Cyber Security Threat Landscape. Symantec Corporation.
  7. Cryptojacking rates increased by 85 times in Q4 2017 as bitcoin prices spiked: report. The Verge.
  8. Illicit Crypto Mining Jumps 459% This Year, in Part Thanks to Leaked NSA Tool. Cryptovest.
  9. Hackers Are Targeting Bitcoin With a Leaked NSA Software Tip, Report Says. Yahoo Finance.
  10. Cryptojacking Scripts Found on Local Indian Government Sites. Coindesk.
  11. Hackers mined a fortune from Indian websites. Economic Times India.
  12. Government Websites in India Hacked for Crypto Mining. Live Bitcoin News.
  13. Crypto Mining Jumps 459% This Year, in Part Thanks to Leaked NSA Tool. Cryptovest.
  14. Hackers Are Targeting Bitcoin With a Leaked NSA Software Tip, Report Says. Yahoo Finance.
  15. Cryptocurrency mining attacks using leaked NSA hacking tools are still highly active a year later. Tech Crunch.
  16. Monero Launches Initiative to Combat Cryptocurrency Mining Malware. CCN.
  17. Introducing the Monero Malware Response Workgroup Website. Monero.
  18. Several Cryptojacking Apps Found on Microsoft Store. Symantec Corporation.
  19. Cyberattackers Targeting Supercomputers - British Supercomputer ARCHER Exploited. Cyberware.