Crypto Mining Scripts
Last Updated: 1st November 2018
Crypto mining scripts are a function that is placed on a website and makes use of a website visitor’s central processing unit (CPU) to mine cryptocurrency. Those operating the script are rewarded with cryptocurrency when a block is validated. Mining starts as soon as a user accesses a website running a crypto mining script, there is no need to infect a user’s computer, or to exploit any vulnerabilities, all that is required for mining is that a browser have JavaScript activated. Because crypto mining scripts utilizes a user’s CPU, a machine’s overall performance is likely to slow down as a result of being on a website that uses these scripts.
Use of crypto mining scripts for websites have steadily been increasing. According to the Cyren Security Lab, based on a sample of 500,000 websites, there has been a 725% increase in the number of domains running crypto mining scripts on one or more pages from September of 2017 to January of 2018.
Source: Cyren Security Lab
The crypto mining script function was first introduced by Coinhive, a service that allows website owners to make use of their website visitors’ CPU to mine the Monero cryptocurrency. Coinhive introduced the crypto mining script as an alternative to placing ads on a website. Monetizing a website by placing ads can be an unprofitable exercise, because the majority of users on the internet have ad block. A crypto mining script gives a website owner an alternative means of monetizing their website, by making use of their visitors’ CPU to mine cryptocurrency, or in the case of Coinhive, the Monero cryptocurrency. Monero is often the cryptocurrency of choice to run crypto mining scripts because of its CPU-friendly hashing algorithm CryptoNight, and also for its anonymous and secure nature. Monero employs various technologies that make it virtually impossible to track transactional data on the Monero blockchain. These technologies include:
1. Ring Signatures: Monero ring signatures are designed to protect holders of the Monero currency on the input side of a transaction. This is done by merging a group of users on the Monero network to produce a distinctive digital signature that is capable of authorizing a transaction on the network. This setup makes it difficult for a third party to identify the exact individual that authorized the transaction.
2. Ring Confidential Transactions (RingCT): RingCT protects users on the Monero blockchain by obfuscating the value of the funds that are being transacted. This is done by use of a cryptographic proof, which shows that the input of a transaction is equal to the output of a transaction, all without needing to reveal the actual value of the transaction itself.
3. Stealth Addresses: This feature of Monero increases user privacy on the network. With stealth addresses, a sender must create one-time addresses for every transaction on behalf of the recipient. This will then make it extremely difficult for a third party to link any authorized transactions to the recipient’s actual address.
Whilst Monero is often the cryptocurrency of choice, other cryptocurrencies can be used as part of a crypto mining script.
There have been significant backlash towards the practice of script mining, because some website owners do not make it aware to their visitors that their CPU is being used to mine cryptocurrency. One example of this was torrent website Pirate Bay, were some pages on the website were identified as having run a JavaScript-based cryptocurrency miner. There is concern that if more websites begin using crypto mining scripts, having multiple tabs open while browsing the internet would quickly degrade a computer’s processing power.
Crypto mining scripts can usually be dealt with by closing any browser windows that you suspect are housing a mining script. However, with pop-ups, closing the browser will not stop the mining script. In this case, you will have to bring up the Task Manager (if it’s a Windows PC) and the Activity Monitor (if it’s a Mac) to completely end the browser and the mining script. If there is a significant drop in CPU usage after closing a browser, then it is likely that your computer had been affected by a crypto mining script.
Crypto mining script blocker applications, similar to adblock, are now increasingly being introduced in order to combat the practice of crypto mining scripts. For example, web browser extensions such as No Coin, can automatically block crypto mining scripts, and is also updated to combat new mining scripts as they come out.
It must be noted that Bitcoin cannot be mined using crypto mining scripts, because the process of mining Bitcoin requires far too much computational power. Instead, specialized mining hardware known as application-specific integrated circuits (ASICs) are needed to mine Bitcoin.