"Crypto, crypto everywhere, but not a single coin to spend."

This line perhaps captures the best essence of the entire  crypto world, or at least for someone who missed a good ride. Virtual currencies are now commonly owned as assets, commodities, and as a  method of payment. However, they still have a long way to go where the regulatory authorities and the crypto community need to land up on the  same page with mutual understanding for sustainable growth. For the  moment, it's just the trading of cryptocurrencies that is pulling a big  chunk of newbies into the ecosystem. However, people are now realizing  the true potential of this Blockchain Technology and are intelligently  implementing it to create new endless possibilities.

At the same time, just like how every REAL coin has 2 sides (literally),  even the blockchain technology or for that matter the cryptocurrencies  are now causing a matter of grave concern for many people. No, it's not  the scams and the serious hacks on the exchanges, but something more  fishy that hasn't come out in the public but is digging deep into our  pockets. No matter how wicked and unethical it is, the moment I found  out its existence, I was awestruck by the beauty of how diverse the  blockchain technology can get. So the threat that I am going to talk about is 'Cryptojacking'. Let's get into it.

Proof of work is a  well-defined mechanism which is difficult to produce but easy to verify. It is a part of first-generation Blockchain Technology 1.0. In order to  verify many cryptocurrencies transactions, proof of work is required  that is in turn done by 'mining'. People who mine cryptocurrencies are  then rewarded with a fraction of newly generated cryptocurrencies as  well.

It has been observed that as the network traffic and  usage of coins increases, the output of mining decreases along with a  higher need for processing power. And that is the reason why GPUs are  being preferred over the normal CPUs. There are indeed some people who  own 100s of GPUs in their garage and are making pretty good daily income  by mining cryptocurrencies. However, GPUs are not that affordable, they  are costly. Also, mining from a single GPU isn't going to benefit them a  lot. Proof of work concept needs computation power (a chunk of it and  not just 1 GPU). Owning 100s of GPUs needs heavy capital investment. The  only way to make a profit through mining without making any heavy  investment is by using the technique - Cryptojacking.

Cryptojacking is basically a simple javascript embedded in a website  that secretly runs and uses a visitor's device's computing power to mine  cryptocurrencies. Explaining this process in a single sentence may not  make it look that dangerous, but if we take a closer look, it is  actually costing us a lot of money as well as our device's life.

Yes,  some of your devices can handle high computation programs but what good  is it for if you are not being rewarded for that. In fact, it is the  owner of that website, who placed the 'malicious' javascript, earning  the mined cryptocurrencies by using your device's power. Here are some  of the ill-effects that you are likely to observe when you will be hit  by this attack.

  1. As soon as it starts, it scoops a large portion of your processor's power and makes your device horribly slow. Repeated lags and freezing of your system will be observed.
  2. Your battery will drain at a much faster rate. Hence, making your electricity consumption more. Who is going to pay for that?
  3. A repeated and prolonged period of such high-intensity computation task  in a device that isn't meant for that can shorten your device's life. Thus making you buy another device, which is likely to face the same  fate since you aren't even aware of the REAL PROBLEM, yet.

One such company that has been offering such 'customized' javascripts is 'Coinhive'. However, it is just associated with 'Monero coin', making  people suspect that the website is being run by the Monero admins only. It is quite easy to create an account over there and after a brisk walk  through the website, I happened to implement the javascript on my demo website. Here are the results.

My Sample Space

  • The  demo website doesn't receive much traffic and most of the visitors use  mobile devices. On a daily account, there are roughly 250 people landing  up on the website out of which hardly 20-25 people use computers and  laptops.
  • It has been found that the script doesn't seem to work  on mobile devices but just on computers and laptops. An average Core i3  Processor offers a hashrate of 8-11 hashrate per second.
  • A user generally spends around 45-56 seconds on the website.

The network difficulty is getting higher and higher as more number of  people are joining the Monero community. However, it still offers the  best bet when it comes to mining using the cryptojacking technique.

In  a way, we can say that cryptojacking isn't beneficial for a website  with less traffic. The way network difficulty is increasing,  cryptojacking seems to work for websites with only a high number of  visitors, roughly 100,000+. There are many websites which have been  accused of using such 'unethical' ways to earn money by compromising its  user's experience. One such website is 'Piratebay',  a torrent download website. According to the admins, they were using  this technology for just 'research purpose'. However, even today, they  are still mining cryptocurrencies by running such malicious javascripts  on their website without informing anything about it to their users.

For  people who are now in a state of confusion and fear of who to trust and otherwise, a nobel group of software developers has created a Chrome  Browser extension called 'No Coin' that scrolls through the source code of the website you visit and finds  out whether it is safe for you to browse or not. Once it detects any  kind of cryptojacking javascript, it gives you a red alert and the rest  of decision is left up to you - either visit the website and slow down  your system or bail out of it.

It is interesting to look  at the word 'cryptojacking' through a website owner's eye. The way advertisement industry is taking a hit by the growing popularity of  'adblockers', the only way to sustain the website, it's content creators and hosting charges is by taking an alternate route which happens to offer a good 'reading experience' to its users. No wonder it freezes your screen for a while. Keep reading till then.

However, apart  from that, I don't see any other reason close enough to justify such acts of using your user's computing power for your own good.

It's  not a big surprise that the industry is bound to change. No matter how  big you are, the rules are going to change and people will try to choose  the alternate path to survive in the industry. Yes, Google Adsense policies aren't that publisher friendly and neither are the users humble enough to disable their ad blockers. The digital media industry  players are not just running in a competition, but are also squabbling  among themselves in a fighting pit. In the end, it's all about 'survival of fittest',  something that is primarily giving rise to cryptojacking due to market limitations. So the question is - Do they really have a choice? What do you think about it? Let us know about your views in the comment section below.

written by Devashish