A first look at browser-based Cryptojacking

TL;DR

This paper investigates the rise of in-browser cryptocurrency mining, especially Monero, analyzing its prevalence, profitability, ethical considerations, and proposing detection and mitigation strategies for non-consenting users.

Contribution

It provides the first comprehensive survey and measurement of browser-based cryptojacking, along with ethical analysis and practical recommendations for detection and prevention.

Findings

Browser-based cryptojacking is increasingly prevalent and profitable.

Monero is the preferred cryptocurrency due to its privacy features.

Proposed detection and mitigation techniques can reduce non-consensual mining.

Abstract

In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.