Digging into Browser-based Crypto Mining
This work addresses the problem of detecting and quantifying in-browser crypto mining for cybersecurity researchers and website operators, providing new methods and data on its scale and impact.
The study investigated the prevalence of browser-based crypto mining, identifying and classifying mining websites across 138 million domains and developing a fingerprinting method that detects up to 5.7 times more miners than existing block lists. It found that Coinhive is the major stakeholder, contributing 1.18% of mined blocks and turning over 1293 Moneros in June 2018.
Mining is the foundation of blockchain-based cryptocurrencies such as Bitcoin rewarding the miner for finding blocks for new transactions. The Monero currency enables mining with standard hardware in contrast to special hardware (ASICs) as often used in Bitcoin, paving the way for in-browser mining as a new revenue model for website operators. In this work, we study the prevalence of this new phenomenon. We identify and classify mining websites in 138M domains and present a new fingerprinting method which finds up to a factor of 5.7 more miners than publicly available block lists. Our work identifies and dissects Coinhive as the major browser-mining stakeholder. Further, we present a new method to associate mined blocks in the Monero blockchain to mining pools and uncover that Coinhive currently contributes 1.18% of mined blocks having turned over 1293 Moneros in June 2018.