Sites Are Using Your Browser to Mine Crypto. It Could Be a Good Thing

The name says it all: WannaMine. Panda, a Bilbao, Spain-based cybersecurity company, wrote in the beginning of February that "a new malware variant has been taking over computers around the world, hijacking them to mine a cryptocurrency called Monero."

The virus recalls WannaCry, a worm that swept the globe in May 2017, encrypting infected systems' data and demanding bitcoin ransom payments in order to decrypt it. But WannaMine takes a different approach to wringing cryptocurrency out of its victims: it uses their machines' processing power to run an algorithm called CryptoNight over and over again, hoping to find a hash meeting certain criteria before any other miners do. When that happens, a new block is mined, creating a chunk of new monero – worth about $1,500 at the time of writing – and depositing the windfall to the attacker's wallet.

The chances that any given miner will find the next block first and receive the reward is tiny, but infect enough CPUs, and you can hack together a decent revenue stream. Since the victim pays the electricity bills and provides the hardware, the costs to the attacker are negligible. (See also, How Does Bitcoin Mining Work?)

"A Proof-of-Concept"

On Feb. 11, a similar but rather more spectacular attack was uncovered. Cybersecurity researchers Scott Helme and Ian Thornton-Trump (phat_hobbit) noticed that sites from the UK's National Health Service to the U.S. Courts were hijacking visitors' browsers to mine monero.

The culprit was a text-to-speech plugin popular with Anglophone governments called Browsealoud, which had been infected with Coinhive, an in-browser monero miner that is not necessarily malware per se: Its providers present it as a legitimate way to monetize traffic, but ask their users far too few questions, according to Motherboard.

Can Browser Mining Work?

My brief encounter with browser mining revealed the kind of hiccups that are typical of beta versions. But power consumption is an obstacle that minor improvements won't solve. Bitcoin miners are flocking to Quebec because the electricity is cheap. Hijackers are mining using visitors' browsers for the same reason. While it's difficult to estimate the monetary impact of mining on Salon's behalf, the increase in electricity consumption was obvious. If a significant chunk of the web adopted browser mining, using the internet could get expensive.

The same goes for hardware usage. WannaMine presented such a problem because, as Panda put it, "the way in which it tries to make maximum use of the processor and RAM places the computer under great strain." Unless sites limit the demands they make on visitors' computers, processes will slow to a crawl and hardware will wear out considerably faster.

Nuzzi doesn't discount these problems. "If browser-based mining becomes a thing, there will definitely be abuse when it comes to the number of mining threads the website consumes," he said via email. On the other hand, "like ads, there will be ways of blocking that scrypt, so websites have to figure out what the fair balance should be, otherwise users will stop visiting the website or block the miner."

As for electricity usage, monero's hash function CryptoNight has a lighter touch than, say, bitcoin's SHA-256. Monero mining "isn't a big problem for laptop users," says Nuzzi, but "it most certainly curbs some of the use cases for smart-phones" with their more limited battery capacity.

Then there's the risk that the hash rate arms race, which has rendered CPU and even GPU mining of bitcoin and litecoin unprofitable, will stall the browser mining push. The reason that Coinhive and WannaMine use monero is that it is one of the only cryptocurrencies that can be profitably mined using a CPU. Given the right economic incentives, couldn't monero also fall victim to ASICs, specialized hardware designed solely to run through hash functions as fast as possible?

Nuzzi doesn't think so. He calls CryptoNight "brilliantly designed," adding that it "allows Monero to be mined using a variety of devices, including smartphones, as the majority of them have at least 2GB of RAM, while only 2MB is required to initiate a CryptoNight instance. Relative to Scrypt (Litecoin's consensus algorithm), CryptoNight is much more resilient to circuit integration, which allows ASICs to be built."

9 views0 comments

Recent Posts

See All