In BriefAn increasing number of websites are turning the computers of unsuspecting visitors into cryptocurrency miners. Aside from slowing down CPU performance, these tools violate the privacy of users.
Last month, visitors of BitTorrent search engine/piracy website The Pirate Bay noticed their central processing unit (CPU) usage spike. However, the problem wasn’t related to the illegal downloading taking place on the site (that’s another issue entirely). This same kind of increased CPU usage was experienced by users of the entirely legal online streaming service Showtime some days later.
Ultimately, users realized that both The Pirate Bay and Showtime had employed cryptocurrency mining malware to turn visitors’ computers into satellite cryptocurrency miners. Showtime has since said that they’ve removed the errant code, but they didn’t clarify whether it was implemented on purpose or if the site was hacked. The Pirate Bay, on the other hand, admitted that the addition of this code was part of a 24-hour test and said they’ve removed it.
The above are just two examples of what is becoming a growing trend amongst websites. Instead of relying on ad placements — the most common revenue source for non-subscription-based websites — sites are turning to cryptocurrency mining. In fact, a company called Coinhive released a tool specifically for use by website owners looking to earn money without displaying ads.
The problem is that Coinhive has also become popular with malware developers, who have embedded it in Chrome extensions, hacked sites, and various other corners of the internet. These tools mine less-popular cryptos, such as Monero and zCash, which have features that make their transactions untraceable by authorities.
Indeed, the act of secretly turning other peoples’ computers into personal crypto miners is now rampant. From January to August of this year, cryptocurrency mining attacks that target enterprise websites have grown sixfold, according to IBM X-Force’s security team. Cybersecurity advisor Kaspersky Lab reported a similar trend amongst their users. Some 1.6 million of their clients had their computers infected by cryptocurrency mining malware this year, and the problem has apparently been growing since last year.
Obviously, this raises concerns that might spell trouble for the blockchain and cryptocurrency community. Cryptocurrency mining is an integral part of blockchain technology — it’s how hosts are rewarded for keeping tabs on the transactions in their respective networks, which can be costly in terms of hardware and electricity needs.
The key to a blockchain’s security is that no single individual handles all of the ledger’s transactions. Instead, they’re scattered across numerous CPUs owned by miners. While legitimate miners use their own PCs, though, those employing crypto-mining malware are taking advantage of other peoples’ computers and essentially compromising them.
Clearly, such a setup would have some appeal as an alternative source of income for website owners. However, infecting unsuspecting users with cryptocurrency mining malware is a violation of their privacy and safety — not to mention a nuisance that slows down their computers. Thankfully, a standard ad blocker is currently enough to prevent the embedding of these mining tools.
If website owners were to inform users beforehand that such a tool exists when they visit a website, perhaps this could become a legitimate source of revenue. That’s one of the many issues nations should consider as they develop regulations to govern blockchain and cryptocurrencies.
Disclosure: Several members of the Futurism team, including the editors of this piece, are personal investors in a number of cryptocurrency markets. Their personal investment perspectives have no impact on editorial content.