TABLE OF CONTENTS

Many concerns arise when we look at Browser based crypto-mining. By recruiting more users computers to mine bitcoin we escalate the hashRate, this can make them perform similar to botnets[1]. In addition to this issues there is the overwhelming lack of security involved with how browser based crypto mining is being implemented and its lack of consent from the user. With this being the case many cryptocurrencies difficulties escalated, which means more hashes are required to obtain one bitcoin; this also means more energy is required. This also pushed Anti-virus softwares and browsers(google chrome) to block their users from visiting any sites hosting non-opt-in browser-based crypto mining scripts[2]. These factors have lead to the decline in browser based crypto mining. Coinhive decided to shut down due to the lack of profit despite them taking 30% of all mined currency and 100% from those users who are using the script unlawfully[2]. This leads to the question of how profitable is it to crypto mine today? After looking at the price fluctuations of some of the major Cryptocurrencies we can see that after the drop in 2018 none of them fully recovered. There are many theories behind the sudden drop in value, the two most common are due to the U.S. Securities and Exchange Commission’s decision to classify ICOs as unlicensed securities, meaning that those offering such assets were breaking the law and must pay fines as well as restitution[4]. As well as the forking of Bitcoin BCH into Bitcoin ABC and Bitcoin SV creating what some call a ‘crypto civil war’ between the two communities, creating two competing chains[5].

Because of the regulatory concerns and forking of Bitcoin BCH driving the value of these cryptocurrencies down, the cost to mine them increases. The energy consumption and work are the same while earning less rewards, this is a large concern when it comes to the continuing stability and longevity of cryptocurrencies[6]. The biggest concern is with all of the technology and new solutions to recruit more miners, more resources are being put towards mining cryptocurrencies. This means the hash rate increases and forces the mining difficulty of cryptocurrencies to rise and in turn[7]. Since the release of Bitcoin we can see the increase in hash rates shown below.

With the increasing Hash rates we also see an increase in environmental impact. Statistics from June 2019 show that 60 - 80 % of bitcoin mining revenue goes back into paying for electricity[9]. Bitcoin often claims that much of this energy is renewable but it's hard to track and verify these claims since bitcoin miners are located all over the globe and often remain anonymous. That doesn’t really give us a representation however of how much energy cryptocurrencies utilize. As of December 2017 Bitcoin alone used about 32 terawatts of energy per year, this could power roughly 3 million households in the US. This is crazy in comparison to a company like Visa which uses 1/30th amount of energy annually to complete transactions[10]. Many would think that being said, it can’t compare to the cost of mining gold or platinum. They would be wrong; it takes 17 megajoules of computer power to generate 1 US dollar in Bitcoin, whereas it only takes 5 megajoules to mine 1 US dollar of gold and 7 megajoules for platinum[11]. These statistics raise concerns as these reports were all completed before the end of 2018 and as we discussed earlier the hash rates have risen even further. This begins to raise the question: is there a better way of handling the influx in miners than upping the hash difficulty?

Detection of Cryptojacking and Cryptomining

The state of affairs concerning the prevalence of cryptomining, be it malicious or not, pushed the cyber community to discovering whether or not there was a way to effectively detect if a site or application has deployed this functionality. There have been methods of machine learning attempted that used function calls as features to determine whether a site or application is using cryptomining [1]. These methods include using a Support Vector Machine (SVM), a Multi-Layer Perceptron (MLP) and a Random Forest. The Receiver Operating Characteristic (ROC) of each of these methods is shown below. It displays that the Random Forest machine learning algorithm performed the best in detecting which sites were performing cryptomining. This is determined by which algorithm gets the least false positives and false negatives.

Other dynamic methods of website analysis to determine if a site is using cryptomining or cryptojacking software include dynamic analysis of legitimate executable, dynamic opcode analysis, and machine learning as well [2]. The machine learning implemented in this research was using 10-fold cross validation where the accuracy was found to be an impressive almost 100% in the sample data set provided [2]. The dynamic part of this included not solely including function calls as the features for the machine learning algorithm.

Since we have determined ways of detecting cryptojacking and cryptomining with a high accuracy, it next falls that there should be a method of protecting against these attacks. A method was determined that involved blacklisting and heuristics from CPU usage, however this has been found to be insufficient [3]. The authors of [3] determined a method of inputting into browsers so that silent cryptojacking can be discovered and defended against.

Energy Consumption and Monetary Value of CryptoMining

The question that follows is the consumption of energy required for Cryptomining and the environmental impact that comes from the required computations for the mining of new blockchain. As stated previously, the energy required to mine for some cryptocurrencies is greater than that required for mining metals such as gold. The question brought forward here is whether the energy required for new blocks in the blockchain is worth the price and resulting effect on the environment. The sustainability is shown below for 4 different cryptocurrencies composed of Bitcoin, Ethereum, Litecoin and Monero [4]. It is visible from these figures that the sustainability of these cryptocurrencies has become unrealistic as the required energy is exponentially increasing whereas the price is decreasing per energy unit. The expense required to sustain a consistent inflow of currency from the mining of new blockchain is not realistic [4]. This would indicate a reason that cryptomining and cryptojacking had become as prominent was because it would incur the expense on the victim computers so that the energy consumption and associated costs would be shared. However, it will follow that to have a consistent income, the required energy, and therefore victims computers, must exponentially increase. This was not feasible at the time and could have been a reason that Coinhive shutdown. The income provided from the use of these tools was solely decreasing and the business model was losing money, most likely a strong reason behind the shutdown of Coinhive.

eWhores and their relationship to cryptomining

The practice of eWhoring is defined as when an individual sells sexting, erotic pictures or videos fraudulently [6]. Typically, the individual selects a target and pretends to be the subject of the pictures or videos. These interactions involve the exchange of currencies such as cryptocurrencies [6] [7]. The illicit activities by these individuals can be expanded to crimes other than fraud including embedding malware in the provided images/videos/sexting [6]. The extension of this could become cryptojacking by non-browser-based means or through the site used to exchange the currencies and services.

Coinhive Shutdown

Now we come to our final question, how has the shutdown of the most prominent organization for cryptomining affected the popularity of browser-based cryptomining? The results collected by a group of researchers determined that though there are still some websites using cryptomining, the popularity of browser-based cryptomining has greatly decreased since the shutdown of Coinhive. The determination came from taking the findings of a previous paper that detected approximately 2700 websites that had been running cryptomining, and identified that 99% of these sites were no longer running cryptomining softwares [8]. This allows us to conclude that though the popularity of cryptomining and cryptojacking has decreased dramatically since Coinhive shut down, there is still some software present on sites. Effectively, cryptomining is not quite completely dead after Coinhive was forced to shut their doors.

LOG ENTRY 05

Research on commercial & social issues that affected the profitability and contributed to the downfall of cryptomining

The web-cryptomining trend kicked off with companies like coinhive launching in 2017 with 2018 being the peak year for web-cryptomining and cryptojacking attacks with an increase of 450% from first to the last quarter of 2018 [1]. Monero was a major factor contributing to this growth with features like increased transaction speed, mining speed and the ability for distributed mining, becoming its the growth factors. Monero [2] grew from 13$ to 300$ within 2017 [3] and was the catalyst for the incarnation of JavaScript-based coin mining [4]. Web-cryptomining was introduced as an alternative to advertisements to monetize websites. Their were issues with the web-cryptomining model for website publishers as well as for the users. The ad based revenue model was proving to be more profitable on average and the users didn't like the implications it posed with additional stress on CPU, memory and network bandwidth. The rise in cryptojacking also didn't help with the public perception of web-cryptomining with the total number of cryptojacking attack incidents being the double of ransomware attacks in 2018 [1].

Profitability as compared to ad based monetization

The profits from web-cryptomining depend on factors like the length of website visit & the processing power of the device being used by the user. The advertisement based model was proving to be more reliable and profitable as the average length of a website visit is around 1 minute [5]. The web-cryptomining option was proving to be harder to utilise for publishers as for an average visit, the profits from an average ~3 ads per page website being upto 5.5 times higher when using 2018's average Monero value of $205 USD [6]. The cryptomining method is more profitable when the length of visit is more than 5.53 minutes and increases further the longer someone stays on the page [6]. The devices that are used by the users have varying form factors ranging from phones, desktops, IoT devices to cloud infrastructure and as the mining scripts started showing up everywhere the processing power of different devices resulted in different hash rates. Hash rates vary across the board depending upon the device, like the rate of 50 Hash/sec(e.g., iPhone7), 90 Hash/sec (e.g., iPhoneX), 200 Hash/sec (e.g., 4-core PC) and 300 Hash/sec (e.g., 8-core PC). Clearly a visit of same length on an iPhone7 will result in far less revenue when compared to an 8-core PC.