Is Your Computer Secretly Mining Bitcoin Alternatives? A Guide to “Cryptojacking”

Some web sites and apps that don’t charge you for their services have found a new way to make money from you: using your computer to generate virtual currencies

By Bill Buchanan & The Conversation US

Join Our Community of Science Lovers!

The following essay is reprinted with permission from The Conversation, an online publication covering the latest research.

Nothing comes for free, especially online. Websites and apps that don’t charge you for their services are often collecting your data or bombarding you with advertising. Now some sites have found a new way to make money from you: using your computer to generate virtual currencies.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Several video streaming sites and the popular file sharing network The Pirate Bay have allegedly been “cryptojacking” their users’ computers in this way, as has the free wifi provider in a Starbucks cafe in Argentina. Users may object to this, especially if it slows down their computers. But given how hard it is for most companies to make money from online advertising, it might be something we have to get used to – unless we want to start paying more for things.

Units of cryptocurrencies such as bitcoin aren’t created by a central bank like regular money but are generated or “mined” by computers solving complex equations. Cryptojacking involves using someone’s computer without their knowledge, perhaps for just seconds at a time, to mine a cryptocurrency.

In the case of bitcoin, mining requires specialised hardware and consumes masses of energy. For example, each bitcoin transaction takes enough energy to boil around 36,000 kettles filled with water. In a year, the whole bitcoin mining network consumes more energy than Ireland.

But bitcoin is not the only show in town and there are many competing cryptocurrences. One of the most successful is Monero, which builds a degree of privacy into transactions (something bitcoin doesn’t do). Currently it requires no specialised hardware for mining, so anyone with computing power to spare can mine it.

Mining usually takes the form of a competition. Whichever computer solves the equation the fastest is rewarded with the money. With Moreno and other similar cryptocurrencies, a pool of computers can work together and share the reward if they win the competition. This allows individual computers to work on a just small part of the mining task. The larger the pool, the more chance there is of winning the reward.

When a computer is cryptojacked, it is added to a pool for to work on the task. This is often done using a commercially available piece of software, such as Coinhive, which can written into what looks like an ad using the common website language JavaScript. As the ad runs in the background, the computer is added to a pool.

This means the website or internet provider doing the cryptojacking can mine cryptocurrency with little cost to themselves. One estimate is that 220 of the top 1,000 websites in the world are conducting cryptojacking, making a total of US$43,000 over a three week period. This might not be very much but file-sharing sites in particular have been searching for new businesses models in order to support their operations and cryptojacking could grow into a new income source.

The problem for the computer’s owner is that this takes up processor power, making other operations take much longer. Pirate Bay users have complained that their processors have been using up to 85% of their capacity compared with less than 10% for normal operations. This can be accompanied by a large battery drain. The Pirate Bay has since said this high processor usage was a bug and the system should normally use between 20% and 30% of processing power.

How do you avoid being cryptojacked?

Coinhive strongly advises the websites that deploy it that they should inform users they are being cryptojacked. But it’s common for the code to run without users realising and without a way to opt out of it. If you want to prevent your computer from being cryptojacked you need a software tool which checks the code as it runs such as an ad-blocker.

But you might feel that allowing a site to use a little bit of your computer’s processing power is a better alternative to being bombarded with advertising. Whatever you do, you’ll likely end up paying for “free” services somehow.

This article was originally published on The Conversation. Read the original article.

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American