Cryptocurrencies, like Bitcoin and Monero, have rapidly grown in popularity due to their security and value. But investors and consumers aren’t the only ones interested in them. Hackers are using malicious tactics to steal cryptocurrency - and they’re doing it with your computer.

What is Cryptojacking?

Cryptocurrencies are created by using computing energy to solve complex math problems. When a problem is solved, a new piece of currency is made. This is called mining. Currencies can be mined legitimately, but the problem with the mining of cryptocurrency like bitcoin is the amount of computing energy that goes into obtaining it. This has lead to a drastic increase in ‘cryptojacking’ - a process in which attackers covertly take over web browsers, phones and servers through malware.

 Photo by  Andre Francois

Cryptojacking was originally confined to the victim unknowingly installing a program that secretly mines cryptocurrency. But, in-browser cryptojacking doesn’t need a program to be installed. In-browser cryptojacking uses JavaScript on a web page to mine for cryptocurrencies. JavaScript runs on just about every website, so the JavaScript code responsible for in-browser mining doesn’t need to be installed on the device.

Unlike most malware, cryptojacking software won’t compromise your data. Instead, it hijacks your hardware’s processing power, decreasing performance while increasing your power and cooling bills. For individual users, slower computer performance might be just an annoyance. However, for larger organizations with many cryptojacked systems it can incur significant costs.

Why is Cryptojacking on the Rise?

It’s difficult to tell how much hackers are making with cryptojacking, but there’s no question that the practice is rampant. In February, The Bad Packet Report found 34,474 sites running Coinhive, the most popular JavaScript miner that is also used for legitimate crypto mining.

Cryptojacking doesn’t even require significant technical skills. For as little as $30, anyone can purchase a cryptojacking kit from the dark web to force other computers to generate Bitcoin or Monero for them.

Cryptojacking is becoming a popular scheme is because it’s a low-risk, high-reward attack compare to ransomware. Rather extorting money directly from a target, hackers can secretly generate digital currencies without the victim knowing.

If detected, it’s also very hard to track down who initiated the attack. And since nothing was actually “stolen” (other than computing power), victims have little incentive to waste time and resources tracking the attacker.

How to Protect against Cryptojacking

For the Business Owner

  • Incorporate the cryptojacking threat into your security awareness training. Teach your employees to practice extra caution with unsolicited emails and suspicious links.

  • Using ad-blocker or anti-cryptomining extensions on web browsers is also a great way to stay protected. Extensions like No Coin and MinerBlock, which are designed to detect and block cryptomining scripts.

  • Maintain browser extensions. Some attackers are using malicious browser extensions or poisoning legitimate extensions to execute crypto mining scripts.

  • Keep your web filtering tools up to date. If you identify a web page that is delivering cryptojacking scripts, make sure your users are blocked from accessing it again.

For the Consumer

  • Always protect your computer with an antivirus. But antivirus, alone, may not be enough! Modern malware can sneak past it. An anti-malware solution can help to catch the threats before they reach your PC.

  • Use an adblocker on any browser, both on desktop and mobile. Only disable it if you trust a website completely.

  • Always update your software. Most cryptojacking takes place due to unpatched vulnerabilities.

  • Always use strong passwords or a secure password manager. In the event of an attack, your personal information will not be compromised.

While cryptojacking may seem like a small threat, it can incur real financial and performance costs for consumers and businesses alike. Always maintaining a strong security posture is your best defense against attacks like this.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.