Crypto Mining Scripts
Crypto mining scripts are a function that is placed on a website and makes use of a website visitor’s central processing unit (CPU) to mine cryptocurrency. Those operating the script are rewarded with cryptocurrency when a block is validated. Mining starts as soon as a user accesses a website running a crypto mining script, there is no need to infect a user’s computer, or to exploit any vulnerabilities, all that is required for mining is that a browser have JavaScript activated. Because crypto mining scripts utilizes a user’s CPU, a machine’s overall performance is likely to slow down as a result of being on a website that uses these scripts.
Use of crypto mining scripts for websites have steadily been increasing. According to the Cyren Security Lab, based on a sample of 500,000 websites, there has been a 725% increase in the number of domains running crypto mining scripts on one or more pages from September of 2017 to January of 2018.
Source: Cyren Security Lab
The crypto mining script function was first introduced by Coinhive, a service that allows website owners to make use of their website visitors’ CPU to mine the Monero cryptocurrency. Coinhive introduced the crypto mining script as an alternative to placing ads on a website. Monetizing a website by placing ads can be an unprofitable exercise, because the majority of users on the internet have ad block. A crypto mining script gives a website owner an alternative means of monetizing their website, by making use of their visitors’ CPU to mine cryptocurrency, or in the case of Coinhive, the Monero cryptocurrency. Monero is often the cryptocurrency of choice to run crypto mining scripts because of its CPU-friendly hashing algorithm CryptoNight, and also for its anonymous and secure nature. Monero employs various technologies that make it virtually impossible to track transactional data on the Monero blockchain. These technologies include:
Ring Signatures
Monero ring signatures are designed to protect holders of the Monero currency on the input side of a transaction. This is done by merging a group of users on the Monero network to produce a distinctive digital signature that is capable of authorizing a transaction on the network. This setup makes it difficult for a third party to identify the exact individual that authorized the transaction.
Ring Confidential Transactions (RingCT)
RingCT protects users on the Monero blockchain by obfuscating the value of the funds that are being transacted. This is done by use of a cryptographic proof, which shows that the input of a transaction is equal to the output of a transaction, all without needing to reveal the actual value of the transaction itself.
Stealth Addresses
This feature of Monero increases user privacy on the network. With stealth addresses, a sender must create one-time addresses for every transaction on behalf of the recipient. This will then make it extremely difficult for a third party to link any authorized transactions to the recipient’s actual address.
Whilst Monero is often the cryptocurrency of choice, other cryptocurrencies can be used as part of a crypto mining script.
Criticism of Crypto Mining
The practice of script mining has faced considerable criticism due to the lack of transparency from website owners regarding the use of visitors' CPUs for cryptocurrency mining. A notable instance of this occurred on the torrent website Pirate Bay, where certain pages were found to run a JavaScript-based cryptocurrency miner without informing users. This raises concerns about the potential impact on users' browsing experiences, as having multiple tabs open while browsing the internet could significantly diminish a computer's processing power if more websites adopt crypto mining scripts.
To address crypto mining scripts, you can typically resolve the issue by closing any browser windows suspected of hosting such scripts. However, when dealing with pop-ups, simply closing the browser may not suffice to stop the mining script. In such cases, you will need to access the Task Manager on a Windows PC or the Activity Monitor on a Mac to completely terminate the browser and the mining script. If you observe a notable decrease in CPU usage after closing the browser, it indicates that your computer was likely impacted by a crypto mining script.
Crypto mining script blocker applications, similar to adblock, are now increasingly being introduced in order to combat the practice of crypto mining scripts. For example, web browser extensions such as No Coin, can automatically block crypto mining scripts, and is also updated to combat new mining scripts as they come out.
Crypto Mining Scripts and Bitcoin
It must be noted that Bitcoin cannot be mined using crypto mining scripts, because the process of mining Bitcoin requires far too much computational power. Instead, specialized mining hardware known as application-specific integrated circuits (ASICs) are needed to mine Bitcoin.