Cryptomining and Cryptojacking - What Are They?
Cryptomining and Cryptojacking - What Are They?
Cryptocurrency is digital money with no physical representation generated by solving math problems called hashes. People "earn" cryptocurrency by using their computers to either solve or verify solutions to math problems. While there are hundreds of cryptocurrencies, Bitcoin, the most popular, is mined on the Bitcoin blockchain. A blockchain refers to a series of math problems organized in blocks that get solved in sequence. When a block of hashes is solved, it is added to the "chain" of blocks. The blockchain is open-source, meaning anyone can see its code, copy it, and even use it to make their own cryptocurrency. Transactions on the blockchain are public, but the identities of those involved are hidden.
Bitcoins (BTC) and other cryptocurrencies are created by people around the world trying to solve the same mathematical puzzle using computers. When someone solves a puzzle, they are rewarded with some bitcoins. Then a new puzzle is generated, and the process begins again. The time taken to produce a bitcoin may stay about the same, but the computing power used to produce it does not. As more people join in trying to mine bitcoins, the puzzles become harder, and more computing power and electricity are used for each bitcoin produced. The computer-based miners that create bitcoins use increasingly large quantities of computing and electrical power in the process.
On the Bitcoin blockchain, there will only be 21 million BTC created through a given mining process. The processing time for these transactions varies from 10 minutes through to hours or days, depending on several factors. Determining the exact time, it takes to successfully mine 1 bitcoin depends on computing power, the type of equipment used, and the competition. In the best-case scenario with the ideal computational power and equipment, it should take about 10 minutes to process 1 BTC. This may not seem like much, but this is for an ideal situation, something that often is not possible for a lot of miners. It takes a large setup nearly 30 days to mine 1 BTC. After deducting the electricity cost and the overall hardware and software cost, there will be 0.1 BTC of profit per month at best. With most setups, the electricity cost, and manpower, it would cost about $73,000 to process 1 bitcoin per month. As of February 12, 2021, 1 bitcoin was worth $47,506.00.
Mining companies claim they use one watt of power for every gigahash per second of computing performed. If so, the Bitcoin network in 2020 consumed about 120 gigawatts (GW) per second or nearly 63 terawatt-hours for the year—63 trillion watt-hours. That number equates to the equivalent of 156 million horsepower at 1.3 million per GW, or 49,440 wind turbines at 412 turbines per GW, generating full power at peak production each second 24/7/365.
These power and computing requirements have created incentives for malicious actors to find less costly ways to mine coins that have increasing value. Hackers have begun to employ malicious cryptomining called "cryptojacking." Cryptojacking is the process of embedding malware within a computer or mobile device and then using that device's resources to mine cryptocurrency. Thus, when a hacker cryptojacks a device, the device's computing ability to solve the complicated math problems that generate coins is being exploited. Cryptojacking essentially gives the attacker free money—at the expense of the infected device and the overall health of its network.
Cryptojacking has recently increased in popularity. Digital currencies have grown in popularity and are being accepted by more and more vendors and institutions, in part due to the growth of decentralized financing or DeFi. DeFi enables holders of digital currencies to lend and borrow, as well as make a profit from putting their currency in liquidity pools, where people can borrow cryptocurrencies. If a cryptojacker does not plan to spend the cryptocurrency "earned" by using the hacked device's resources, they can simply put them in a liquidity pool and earn that way. With the growth of DeFi, cryptojacking is increasingly a threat. A cryptocurrency password is long and random. During the mining process, a computer's processing is devoted to figuring out the encryption. Once the encryption has been solved, it must be verified by other users on the network. If it checks out, it is certified by the system as legitimate, and whoever solved and those who verified the validity of the solution are rewarded with cryptocurrency.
The recent Verizon Data Breach Intel Report of May 19, 2020, states that cryptojacking is declining in popularity. However, the intensity of cryptojacking activity relates to the price of cryptocurrencies, especially Bitcoin. While the price of Bitcoin has fluctuated greatly from $12,000 in July 2019 to lows of around $5,000 in March 2020, Bitcoin has substantially grown in value since then. With cryptocurrency rates going up, it would be no surprise to see mining activities, legal and illegal, increase.
Hackers can get into a victim's computer to mine cryptocurrencies by tricking victims into loading cryptomining code onto their computers through phishing-like tactics or to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims' computers. Either way, the cryptomining code operates in the background as victims use their computers normally. The only sign they might notice is slower performance or lags in execution.
Cryptojacking is a serious global problem, with cybercriminals gaining unauthorized entry to computer systems, the hackers reduce their own costs at the victim's expense to literally make money with minimal risk and effort. They are coming up with new ways to steal computer resources and mine for cryptocurrencies. Cryptojacking is on the rise.