Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking

  • Panagiotis PapadopoulosEmail author
  • Panagiotis Ilia
  • Evangelos Markatos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11723)


In recent years, we have been observing a new paradigm of attacks, the so-called cryptojacking attacks. Given the lower-risk/lower-effort nature of cryptojacking, the number of such incidents in 2018 were nearly double of those of ransomware attacks. Apart from the cryptojackers, web-cryptomining library providers also enabled benign publishers to use this mechanism as an alternative monetization schema for web in the era of declined ad revenues. In spite of the buzz raised around web-cryptomining, it is not yet known what is the profitability of web-cryptomining and what is the actual cost it imposes on the user side.

In this paper, we respond to this exact question by measuring the overhead imposed to the user with regards to power consumption, resources utilization, network traffic, device temperature and user experience. We compare those overheads along with the profitability of web-cryptomining to the ones imposed by advertising to examine if web-cryptomining can become a viable alternative revenue stream for websites. Our results show that web-cryptomining can reach the profitability of advertising under specific circumstances, but users need to sustain a significant cost on their devices.


Cryptomining Cost of in-browser mining Digital advertising Cryptojacking 



The research leading to these results has received funding from European Union’s Marie Sklodowska-Curie grant agreement 690972 (PROTASIS) and Horizon 2020 Research & Innovation Programme under grant agreement 786669 (REACT). This work has been also supported by the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe ( The paper reflects only the authors’ view and the Agency and the Commission are not responsible for any use that may be made of the information it contains.


  1. 1.
    AdGuard Research: Cryptocurrency mining affects over 500 million people. And they have no idea it is happening (2017).
  2. 2.
    AT&T: Create your mobile share advantage plan (2018).
  3. 3.
    Bashir, M.A., Arshad, S., Robertson, W., Wilson, C.: Tracing information flows between ad exchanges using retargeted ads. In: Proceedings of 2016 USENIX Security Conference, SEC 2016 (2016)Google Scholar
  4. 4.
    Bates, P.: How heat affects your computer, and should you be worried?
  5. 5.
    Catalin Cimpanu: Coinhive cryptojacking service to shut down in March 2019 (2019).
  6. 6.
    Coinhive: Monetize your business with your users’ CPU power.
  7. 7.
  8. 8.
    Maxence Cornet: Coinhive review: embeddable javascript crypto miner - 3 days in (2017).
  9. 9.
    Cryptocurrency Posters. The ethics of Javascript mining (2019).
  10. 10. CPU for monero (2017).
  11. 11.
    Van der Sar, E.: The pirate bay website runs a cryptocurrency miner (updated).
  12. 12.
    Desai, D., Gandhi, D., Sadique, M., Ghule, M.: Cryptomining is here to stay in the enterprise.
  13. 13.
    Dorsey, B.: Browser as botnet, or the coming war on your web browser. Radical Networks (2018)Google Scholar
  14. 14.
    eMarketer Podcast: Emarketer releases new us programmatic ad spending figures (2017).
  15. 15.
    Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking. In: Proceedings of IEEE S&B’18, S&B’18 (2018)Google Scholar
  16. 16.
    FANDOM Lifestyle Community: Prepaid data SIM card wiki - Spain (2017).
  17. 17.
    Filloux, F.: Paid or ad-supported: pick one model, and stick with it (2016).
  18. 18.
    Fung, B.: Hackers have turned politifact’s website into a trap for your pc (2017).
  19. 19.
  20. 20.
    Global Coin Report: Here’s how monero (XMR) gets to \$1,000 (2018).
  21. 21.
    Goodin, D.: Ad network uses advanced malware technique to conceal CPU-draining mining ads.
  22. 22.
    Greenfield, P.: Government websites hit by cryptocurrency mining malware (2018).
  23. 23.
    Gui, J., Mcilroy, S., Nagappan, M., Halfond, W.G.J.: Truth in advertising: the hidden cost of mobile ads for software developers. In Proceedings of the 37th International Conference on Software Engineering, ICSE 2015 (2015)Google Scholar
  24. 24.
    Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1701–1713. ACM (2018)Google Scholar
  25. 25.
    IBM Security: IBM x-force report: ransomware doesn’t pay in 2018 as cybercriminals turn to cryptojacking for profit.
  26. 26.
    Steve, C., Hoffman, L.J., Jacobson, J.S.: New jersey division of consumer affairs obtains settlement with developer of bitcoin-mining software found to have accessed new jersey computers without users’ knowledge or consent (2015).
  27. 27.
    Kharraz, A., et al.: Outguard: Detecting in-browser covert cryptocurrency mining in the wild. In Proceedings of 2019 World Wide Web Conference, WWW 2019 (2019)Google Scholar
  28. 28.
    Konoth, R.K., et al.: Minesweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018 (2018)Google Scholar
  29. 29.
    Leyden, J.: More and more websites are mining crypto-coins in your browser to pay their bills, line pockets.
  30. 30.
    Leyden. J.: Real mad-quid: murky cryptojacking menace that smacked ronaldo site grows.
  31. 31.
    Leyden, J.: Security opt-in cryptomining script coinhive ‘barely used’ say researchers (2018).
  32. 32.
    Lomas, N.: Cryptojacking attack hits 4,000 websites, including UK’s data watchdog (2018).
  33. 33.
    Martin, J.: What’s the best CPU temperature? (2018).
  34. 34.
    McCarthy, K.: Cbs’s showtime caught mining crypto-coins in viewers’ web browsers.
  35. 35.
    Nadolny, D.: Bitcoin plus miner.
  36. 36.
    Newman, L.H.: The year cryptojacking ate the web (2018).
  37. 37.
    Newman, L.H.: Now cryptojacking threatens critical infrastructure, too (2019).
  38. 38.
    Nielsen, J.: How long do users stay on web pages?
  39. 39.
    Nithyanand, R., et al.: Adblocking and counter blocking: a slice of the arms race. In 6th USENIX Workshop on Free and Open Communications on the Internet (FOCI 16), Austin, TX. USENIX Association (2016)Google Scholar
  40. 40.
    Official Journal of the European Union: Directive 95/46/ec (general data protection regulation).
  41. 41.
    Olejnik, L., Tran, M.-D., Castelluccia, C.: Selling off user privacy at auction. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February, 2014 (2014)Google Scholar
  42. 42.
    Osborne, C.: Ransomware has been abandoned in favor of cryptojacking attacks against the enterprise (2019).
  43. 43.
    Paganini, P.: Thousands of websites worldwide hijacked by cryptocurrency mining code due browsealoud plugin hack (2018).
  44. 44.
    Papadopoulos, P., Ilia, P., Polychronakis, M., Markatos, E.P., Ioannidis, S., Vasiliadis G.: Master of web puppets: abusing web browsers for persistent and stealthy computation. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2019 (2019)Google Scholar
  45. 45.
    Papadopoulos, P., Kourtellis, N., Markatos, E.: Cookie synchronization: everything you always wanted to know but were afraid to ask. In: The World Wide Web Conference, WWW 2019, pp. 1432–1442. ACM, New York (2019)Google Scholar
  46. 46.
    Papadopoulos, P., Kourtellis, N., Markatos, E.P.: The cost of digital advertisement: comparing user and advertiser views. In: Proceedings of the 2018 World Wide Web Conference, WWW 2018, pp. 1479–1489. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland (2018)Google Scholar
  47. 47.
    Papadopoulos, P., Kourtellis, N., Rodriguez, P.R., Laoutaris, N.: If you are not paying for it, you are the product: how much do advertisers pay to reach you? In: Proceedings of Internet Measurement Conference, IMC 2017 (2017)Google Scholar
  48. 48.
    Papadopoulos, P., Snyder, P., Livshits, B.: Another brick in the paywall: the popularity and privacy implications of paywalls. CoRR, abs/1903.01406 (2019)Google Scholar
  49. 49.
    Papadopoulos, P., Vasiliadis, G., Christou, G., Markatos, E., Ioannidis, S.: No sugar but all the taste! memory encryption without architectural support. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 362–380. Springer, Cham (2017). Scholar
  50. 50.
    Phidgets Inc.: What is a phidget?
  51. 51.
    PublicWWW: Source code search engine (2019).
  52. 52.
    Robertson, A.: Salon asks ad-blocking users to opt into cryptocurrency mining instead (2018).
  53. 53.
    Robitaille, T.: psrecord: record the CPU and memory activity of a process.
  54. 54.
    Roeck, G.: Overview of the lm-sensors package.
  55. 55.
    Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining. In: Proceedings of the Internet Measurement Conference 2018, IMC 2018, pp. 70–76. ACM, New York (2018)Google Scholar
  56. 56.
    ShafayI: Javascript mining — best coinhive alternative for 2019 (2019).
  57. 57.
    Tung, L.: Windows: this sneaky cryptominer hides behind taskbar even after you exit browser (2017).
  58. 58.
    WhistleOut Inc.: Compare the best cell phone plans (2018).
  59. 59.
    zerodot1: Coinblockerlists - simple lists that can help to prevent illegal mining in the browser or other applications (2019).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Panagiotis Papadopoulos
    • 1
    Email author
  • Panagiotis Ilia
    • 2
  • Evangelos Markatos
    • 1
  1. 1.University of Crete/FORTHHeraklionGreece
  2. 2.University of Illinois at ChicagoChicagoUSA

Personalised recommendations