The State of Cryptojacking

This is a new research project conducted by AdGuard. Our goal was to understand the current state of in-browser crypto-mining, and its growth rate and trends. We will periodically update the data to see where it goes.
The data on this page was collected in the period from November 11 to 18, 2017.
What Is Cryptojacking?
According to Wikipedia, “A cryptocurrency (or crypto currency) is a digital asset designed to work as a medium of exchange using cryptography to secure the transactions, to control the creation of additional units, and to verify the transfer of assets”. All of the currency’s functions require a lot of computer calculations. Transactions and transfers of the currency need to be validated and recorded. This process is called mining. People who allow their devices to be used for these calculations are rewarded.
In-browser mining (or cryptojacking) is a hidden mining strategy that has become very popular in recent times. When a user visits a webpage, a mining code starts running in the browser. While the webpage is open, the mining continues.
The overwhelming majority of websites that use this revenue stream, don’t warn their visitors about mining or ask for their permission. That’s why it’s an unethical and potentially harmful strategy, which should be fought against.
Why You Should Care
Even if you are not interested in mining, your devices could be used for it by other people. Mining can be a secret additional function of apps that you install for quite different purposes. Games, websites, browser extensions, mobile apps and other software can contain hidden miners because their own developers added them or because hackers broke in. Hidden mining slows down your device, and depletes the battery of a smartphone.
How Does It Work?
Several companies produce and support technological solutions for building mining scripts into a website. When a user visits such a website, the script starts in his browser and keeps working while the site remains open in a browser tab.
The best-known mining solution provider is CoinHive. Besides them, there's Crypto-Loot, JSEcoin, Coin Have, PPoi (works with Chinese websites), and several others. Some of them are simply CoinHive clones. Websites that use a specific solution form a mining network. They receive their reward from the technology provider.
The research shows that cryptojacking is growing rapidly. In the first research that we conducted more than a month ago, we found out that it is used on 220 websites from Alexa's top 100K list. One month has passed, and it is now 288 (a growth rate of 31%). Furthermore, according to Whorunscoinhive, a month ago there were 1071 websites on Alexa's top 1M. This number has increased by 31.7% and has now reached 1411.
The Scale
33,000+ Websites
We have found more than 33k websites currently running a crypto-mining script. Most of these websites run the CoinHive script.
1 Billion Visits
The estimated number of monthly visits to these websites is more than 1 Billion! That means, you risk running into a cryptojacker any time you go online.
4,800+ Crypto-Jackers
We've identified that a considerable part of the cryptojacking scripts belongs to a small number of people. For instance, the top 3 cryptojackers cover 8,500+ websites.
US $150,000+
We estimate the joint profit at over US $150,000 per month. 70% of this sum goes to the website owner, and 30% to the mining network.
6 Mining Networks
There are already 6 active mining networks including CoinHive itself. Some of these networks even emphasize that they are good for malicious use.
Growing 31% per Month
Compared to our previous research, the number of websites on Alexa's top 100K list has increased by 31%.
Active Mining Networks
The most popular mining network, which became famous when ThePirateBay decided to test hidden mining. CoinHive is still the largest mining network: 95% of the websites we found run the CoinHive script.
JSECoin is number 2 at the moment, with almost 900 websites running its script. Unlike CoinHive, it limits the consumed CPU resources to 15-25%, and displays a privacy notice with an opt-out link.
AuthedMine by CoinHive
This is an alternative "legit" version of the CoinHive script, which requires an explicit opt-in from users in order to start mining.
A CoinHive clone that even advertises itself as "stealth" and unnoticed by users.
CoinHive clone by unknown authors.
Project Poi
Chinese clone of CoinHive.
Website Statistics
Here you can explore statistics on the websites we've identified as running in-browser crypto-mining scripts. The revenue estimate is based on the websites' traffic statistics and calculated using the current Monero rate (US $133). We did not estimate revenue for the websites that use JSECoin, as the currency is pre-ICO and doesn't have a value yet.
Crypto-mining scripts should be initialized with a special identifier so that the mining network knows which partner the earnings belong to. We were able to extract miner identifiers on most of the websites.
Please note that these are not the countries where the websites are hosted, but the countries the websites' traffic comes from.
Mining Networks
Mobile Apps
Cryptojacking has also come to mobile apps, and we are working on a new research project that unveils the scale of this new threat.
Coming soon...
How Can I Protect Myself?
There are multiple ways to protect yourself from websites that have abusive in-browser cryptocurrency mining technology.
Ad Blockers
All AdGuard users are protected from hidden crypto-mining. Adblock now provides a special rule to block it; AdBlock and uBO block it by default.
Antivirus Programs
The major AV vendors have blacklisted known browser mining scripts. At minimum, they warn their users of the presence of mining scripts, and they offer an option to prevent hidden mining.
Mining Blockers
There are three browser extensions made specifically to block browser mining: AntiMiner, NoCoin, and MinerBlock.
  • We used Alexa's top 1M list as a source of websites for the detection script.
  • We used PublicWWW API as another source.
  • We used SimilarWeb and Alexa to analyze web traffic for each site.
  • We used CoinmarketCap to get the current Monero rate and CoinHive's formula to estimate revenue.