1 out of 500 of the one million most visited websites according to Alexa contains a web-based cryptominer that starts mining as soon as the website has been opened in the browser, researchers from the Braunschweig University of Technology have found.
Still, despite not being rare, web-based cryptojacking is not hugely lucrative.
“Based on the configuration of typical desktop computers and statistics about website visits, we estimate the revenue generated by individual miners in the Alexa ranking at a range of a few cents up to 340 USD per day under the current price of the respective cryptocurrencies,” they say.
The rise of cryptojacking
Memory-bound cryptocurrencies like Monero, Bytecoin and Electroneum don’t require dedicated mining rigs – they can be easily and profitably mined on regular computer systems.
But cryptojackers don’t want to use their own computers and pay for the tech and electricity and, since the advent of CoinHive and similar web-based cryptominers, they don’t have to.
These cryptominers work on all major browsers and the mining script can even be injected into web pages on the fly through compromised routers.
Is it worth it?
Revenue of a cryptojacking campaign depends on how aggressive the miner occupies the visitor’s CPU cores. But if the mining is too aggressive, users are bound to notice and put a stop to it (e.g., by leaving the website).
By taking as an example the 10 most profitable sites that hold mining code, the researchers estimated that they are able to generate between 0.53 and 1.51 Monero per day, i.e., between 119 to 340 USD (at the time).
While it’s not much, given that the revenue is achieved without any cost to the miner, this is still a notable profit.
“However, we conclude that current cryptojacking is not as profitable as one might expect and the overall revenue is moderate,” the researchers noted.
How to stop it?
The researchers found that existing blacklist-based approaches used by web browsers are trivial to evade and the actual lists outdate fast.
Instead of static blacklists, they leveraged a set of heuristic indicators for candidate selection and a dedicated performance measurement step for precise miner identification. But, however suitable this approach is, they pointed out that it likely works well only because today’s mining operators don’t anticipate it.
As the only reliable indicator of active mining is prolonged and excessive CPU usage, their advice for browser makers is to implement CPU allotments for tabs.
“As soon as a tab runs out of its quota, the browser could take actions, such as throttling the tab’s scripts or warning the user,” they explained.