Cryptojacking: Everything to Know

By  Beluga Research July 29, 2023

Image for Cryptojacking: Everything to Know


  • Cryptojacking is a form of cyber attack that involves the covert use of a victim's computer or other computing devices to mine cryptocurrencies
  • It emerged as cryptocurrency mining became more resource-intensive and attackers sought to exploit the computing power of others
  • Cryptojacking can occur through in-browser scripts, malware installations and coordinated mining pools
  • Advantages of cryptojacking for attackers include passive income, anonymity, low risk of detection, wide target range and utilizing idle resources


Cryptojacking is a form of cyber attack that involves the covert use of a victim's computer or other computing devices to mine cryptocurrencies. Unlike traditional hacking methods that focus on stealing sensitive data or financial information, cryptojacking is primarily driven by the desire to mine cryptocurrencies, such as bitcoin (BTC), monero (XMR) or litecoin (LTC) The attackers exploit the processing power and resources of unsuspecting individuals or organizations to generate digital currencies for their own financial gain.

A Brief History

Cryptojacking may seem like a recent phenomenon, but its roots can be traced back to the early days of cryptocurrency mining a decade or more ago. In those early years, individuals could mine cryptocurrencies using their personal computers or basic hardware setups. As cryptocurrencies gained popularity and value skyrocketed, the mining process became more resource-intensive and less profitable for individual miners. This led to the emergence of specialized mining hardware and large-scale mining operations.

With the rise of cryptocurrency mining, cybercriminals saw an opportunity to exploit the computing power of others to mine cryptocurrencies without investing in expensive equipment or paying for electricity. The first instances of cryptojacking were observed around 2017 when attackers started injecting malicious code into websites, web browsers and even mobile apps to harness the processing power of visitors' devices for mining purposes. This marked the beginning of a new era in cybercrime, where cryptojacking became a lucrative alternative to traditional hacking methods.

What is Cryptojacking?

To understand cryptojacking comprehensively, it is essential to explore its various aspects.

  • In-browser cryptojacking. This involves the use of malicious JavaScript code embedded in websites or online advertisements. When a user visits an infected website or clicks on a compromised ad, the JavaScript code is executed in their browser, hijacking the device's processing power to mine cryptocurrencies. This method allows attackers to target a large number of potential victims without the need to infect their devices directly.
  • Malware-based cryptojacking. Malware-based cryptojacking involves the use of malicious software that is installed on victims' devices without knowledge or consent. This type of malware can be distributed through various channels, such as phishing emails, malicious downloads or compromised software. Once installed, the malware runs silently in the background, utilizing the device's resources to mine cryptocurrencies for the attackers.
  • Cryptojacking pools. These pools are collaborative networks where multiple attackers combine computing resources to mine cryptocurrencies more efficiently. By pooling resources, attackers can solve complex mathematical problems and earn cryptocurrency rewards more quickly. These pools often involve a command-and-control infrastructure that coordinates the mining activities of the compromised devices.
  • Impact on performance. Cryptojacking can significantly impact the performance of a victim's device. The excessive use of CPU or GPU resources for mining purposes can cause the device to slow down, freeze or crash. Users may notice a decrease in battery life on mobile devices or increased electricity consumption on desktop computers. These performance issues can be frustrating for victims, who may not initially realize a device has been compromised for cryptojacking.
  • Detection and prevention. Detecting cryptojacking can be challenging since it aims to remain hidden and use the victim's resources discreetly. However, there are signs indicating a potential cryptojacking incident, such as increased CPU usage, unexplained system slowdowns or unusually high electricity bills. To prevent cryptojacking, users should employ robust security measures, including keeping operating systems and antivirus software up to date, avoiding suspicious websites and downloads and using browser extensions or security tools specifically designed to block cryptojacking scripts.

Getting Started

To comprehend cryptojacking, it is crucial to first grasp the fundamental concept of cryptocurrency mining. Mining is the process by which new cryptocurrency coins are created and transactions are verified and added to the blockchain ledger. It requires substantial computational power and energy consumption. Traditionally, miners would use their own hardware resources to perform these calculations and earn rewards in the form of newly minted coins.

However, cryptojacking takes a different approach. Instead of utilizing their own hardware, cybercriminals exploit unsuspecting victims' devices to mine cryptocurrencies. This is achieved through various means, such as malware infections, compromised websites or even malicious browser extensions. Once a device is compromised, an attacker gains control over its computational resources, redirecting them towards mining cryptocurrencies.

Unique Aspects

Cryptojacking possesses several distinct characteristics that set it apart from other forms of cyber threats. Firstly, it is often a covert operation, designed to fly under the radar without arousing suspicion. Unlike ransomware or other types of malware that actively disrupt systems or demand ransom payments, cryptojacking operates silently in the background, making it challenging to detect.

Another unique aspect of cryptojacking is its ability to target a wide range of devices. From personal computers and laptops to smartphones and Internet of Things (IoT) devices, any device with computing power and an internet connection can be vulnerable. This broad scope increases the potential attack surface, making cryptojacking a pervasive threat.

Furthermore, cryptojacking attacks can occur through different vectors. Malicious actors may distribute malware through email attachments, compromised software downloads or even social engineering techniques. Additionally, attackers may inject malicious scripts into websites, taking advantage of visitors' browsers to mine cryptocurrencies. These diverse attack vectors make it challenging to defend against cryptojacking effectively.

The impact of cryptojacking extends beyond individual users. Organizations and businesses can also fall victim to cryptojacking attacks, which can have detrimental consequences. When multiple devices within a network are compromised, the collective computational power can be harnessed to mine cryptocurrencies on a large scale. This can lead to reduced system performance, increased energy consumption and additional costs for the affected organization.


  • Passive income. Cryptojacking allows attackers to generate passive income by utilizing the computing resources of other people. Attackers can then mine cryptocurrencies without investing in expensive hardware or consuming their own electricity.
  • Anonymity. Cryptocurrencies like bitcoin, monero and litecoin can offer a high level of anonymity with the right tools. This makes it difficult to trace the transactions and activities of cryptojackers. This anonymity provides a layer of protection for criminals involved in these activities.
  • Low risk of detection. Cryptojacking often goes unnoticed by victims for extended periods. Unlike ransomware attacks or data breaches that immediately grab attention, cryptojacking operates silently in the background. This minimizes the risk of detection by both individuals and security systems.
  • Wide target range . Almost anyone with an internet-connected device can become a victim of cryptojacking. Cybercriminals can target individuals, businesses or even entire networks, amplifying potential profits.
  • Exploiting idle resources. Cryptojacking takes advantage of idle computing resources. By utilizing the processing power of victims' devices, attackers can mine cryptocurrencies without significantly impacting overall performance of compromised systems.


  • Unauthorized resource consumption. Cryptojacking consumes substantial computing resources, resulting in increased electricity usage and reduced device performance for victims. This unauthorized usage can lead to higher electricity bills, slower system performance and even hardware damage in extreme cases.
  • Increased vulnerability. Cryptojacking often involves exploiting security vulnerabilities in software or web applications to gain unauthorized access to devices. By doing so, attackers not only engage in crypto mining but also expose victims to other potential risks, such as data breaches or further malware infections.
  • Diminished battery life. Mobile devices that fall victim to cryptojacking experience accelerated battery drain. The constant processing required for mining cryptocurrencies puts a significant strain on the device's battery, reducing its overall lifespan and necessitating more frequent charging.
  • Legal consequences. Engaging in cryptojacking activities is illegal in most jurisdictions. If caught, perpetrators can face severe legal consequences, including fines and imprisonment. The potential profitability of cryptojacking must be weighed against the risks associated with engaging in an illegal activity.
  • Damage to reputation. For businesses and organizations, falling victim to cryptojacking can result in reputational damage. Customers and clients may lose trust in an entity that fails to protect their devices or networks, potentially leading to financial losses and a decline in business opportunities.