If cryptocurrency is truly a bubble that one day pops, at least we’ll have something to show for it. Even if that something happens to be a veritable encyclopaedia of scams and malware, all of which are conceived to part individuals with their coins. From Buterin impersonators demanding funds, to fraudulent programs promising airdrops in exchange for private keys, there is no shortage of traps individuals must watch out for when dealing with cryptocurrency.
Falling towards the more sophisticated end of the spectrum is a phenomenon called cryptojacking. This involves taking control of an unsuspecting user’s computer processing power to mine cryptocurrencies that are memory-hard (and thus, resistant to ASIC mining). Where bitcoin mining is unprofitable to anyone not running a sophisticated farm, Monero, which runs on the Cryptonight algorithm (one such ASIC-resistant script), has become a favourite for malicious parties relying on a botnet-type system to mine within users’ browsers. A huge amount of organisations have already fallen prey to attacks of this nature.
A recent paper from Concordia University identifies these different forms of cryptojacking, and discusses the ethical considerations. There are cryptojacking scripts that compromise websites and mine without the webmaster’s (or, indeed, the user’s) knowledge and those that the webmaster runs without user consent, but there are also the ones where users are given fair warning and must accept the terms before making use of the site.
So called consensual mining, the paper speculates, may open up the door to alternative monetisation strategies for websites. Replacing advertisements with such practices was in fact the aim of the first (and most widely propagated) cryptojacking script, Coinhive. In 2017, the Pirate Bay was found to be running Coinhive without user permission. Despite initial outrage, when the question was posed to users whether they preferred mining over ads, the majority replied with ‘mining’.
Coinhive proceeded to release a tweaked browser mining script, Authedmine, which this time required the user to opt-in to cryptojacking on a page before viewing it (or accessing premium content). According to a Malwarebytes report earlier this month, though, Authedmine has yet to take off.
Whilst still a grey area given that users may not understand the full extent of what they are authorising, consensual cryptojacking, rather fittingly, stays true to principles of decentralisation – while advertising involves multiple middlemen, opting into running a script (for the duration of a page visit) allows the site owner to profit directly from the value created by the viewer. Salon is perhaps the most recent example of a popular site offering cryptojacking as an alternative to advertising. Its CEO makes a good point that, as more cryptocurrency is mined the longer a visitor remains on the site, adoption of such an alternative would disincentivise clickbait in favour of higher-quality, long-form content.
At the moment, it seems hard to distinguish malicious actors from non-malicious ones, and ad blockers/extensions that detect such scripts simply block them all. It remains to be seen whether a monetisation framework can be derived from mining in this manner. Nevertheless, ethical considerations aside, the phenomenon has been a remarkable proof-of-concept as to how alternatives to advertising can be used to reward webpages.
Never miss a thing and suscribe to our newsletter.
Law graduate and crypto journalist.