WTF is cryptojacking?

  • Cryptojacking: when a user’s browser is leveraged to mine cryptocurrency
  • Theoretically, publishers could allow users to opt into letting their devices be used for cryptocurrency mining

Email a Friend

WTF is cryptojacking?
Fraudsters are constantly coming up with new tactics to siphon money from legitimate sites. The latest tactic in this never-ending arms race is called cryptojacking. Since techies have become obsessed with cryptocurrencies like bitcoin, it was only a matter of time before fraudsters would exploit the complexity of distributed ledgers. Here’s an explainer on how cryptojacking works. WTF is cryptojacking? Hackers engage in cryptojacking when they use a user's browser to harvest cryptocurrency like bitcoin. Cryptocurrencies operate through a distributed ledger where computers are used to verify and add to the ledger. Each addition to the ledger creates more of the currency, so having access to computing power is essential for anyone trying to make a lot of money from cryptocurrencies. Instead of filling warehouses with powerful and expensive servers, some cryptocurrency enthusiasts are turning to users' browsers to do their cyber mining. What’s so bad about that? Theoretically, publishers could allow users to opt into letting their devices be used for cryptocurrency mining. If that were the case, then cryptojacking could be viewed as another experiential revenue source for publishers. But in reality, cryptojacking is happening without the user’s consent, and it's not being carried out by traditional publishers. Instead, fraudsters are hijacking users' devices and all the user notices is a slowdown in their processing speed. The user is likely to blame the website they’re visiting for the problem, but the website that the cryptojacking is occurring on is usually a victim, too, said Jerome Dangu, CTO at Confiant, a tech firm that specializes in blocking bad ads from publishers’ webpages. The most infamous examples of cryptojacking occurred this fall when hackers injected their mining code into the websites of publishers like Showtime and PolitiFact without the publishers' knowledge. When this happened, the publishers got docked for having a poor user experience even though they didn't make any money out of the deal. How is cryptojacking used? Hackers can get their mining code onto people’s computers by tampering with Wi-Fi sources. Last week, customers of a Starbucks store in Buenos Aires found this out the hard way. Starbucks patrons had to wait 10 seconds to connect to the store's Wi-Fi and the processing speed of their devices slowed down because hackers tampered with the store's connection so that they could use customers' laptops to mine cryptocurrency. Hackers can also hide their code in an ad and resell the ad through multiple programmatic platforms until someone fails to catch the malware and serves it to a user, Dangu said. Another tactic hackers rely on to find users who can mine cryptocurrency for them is called “domain squatting.” For example, a hacker will buy the domain Twitter is a popular domain, so there’s bound to be traffic from people who mistype the name of its website. When users visit, they’re sent to a site that offers little in the way of content but makes money by harnessing the user’s CPU in the background for cryptocurrency mining. Who is doing this hacking? Dom Fortin, chief information officer at programmatic platform District M, said the practitioners of cryptojacking are already engaged in other types of fraud. Cryptojacking just helps them add a little more cheddar to their pillage. For instance, someone making money by arbitraging the difference between display and video CPMs can add cryptojacking to the mix and get a few more cents out of each user. If a scam is being applied on thousands or millions of users, the money quickly adds up. Why has this tactic become popular recently? Tools like Coinhive, which let users mine cryptocurrency directly in the browsers, came out in the fall. Several cryptocurrencies' prices have also significantly risen over the past year, increasing the incentive for mining these coins for nefarious purposes. Photograph: golibo/Getty Images/iStockphoto

0 comments on “WTF is cryptojacking?”


Zeitgeist 2022: Tearsheet’s guide to the financial terms nobody understands

  • There were a lot of disappointments last year. What never failed us, though, was the financial space's ability to invent new words.
  • We've updated our Termsheet for 2022 to help you sound like you know what we're all talking about.
Rebecca Cohen | January 27, 2022
Member Exclusive, WTF

WTF is social commerce?

  • Social commerce is the buying and selling of products on social networking websites and apps.
  • The global social commerce industry is expected to balloon to $604.5 billion by 2027.
Shehzil Zahid | August 05, 2021
Member Exclusive, WTF

WTF is a banking desert?

  • Bank deserts exist in areas without banks.
  • Access to financial services has a sociological and financial impact on people.
Minahil Shahab | June 30, 2021
Blockchain and Crypto, Member Exclusive, WTF

WTF is stablecoin?

  • Stablecoin is a kind of cryptocurrency that’s tied to a reserve asset that helps stabilize its market value.
  • Here’s everything you need to know about stablecoin.
Shehzil Zahid | June 09, 2021
Member Exclusive, WTF

WTF is a SPAC?

  • Special Purpose Acquisition Companies go public and use the funds to acquire a company after.
  • More investors are becoming fluent in SPAC-speak.
Rivka Abramson | April 30, 2021
More Articles