This came to the fore after a study conducted by researchers at Germany’s Braunschweig University of Technology revealed that even though some high-traffic websites profit handsomely from cryptojacking, the average ones only manage to reap minimal returns.
“On average these websites attract 24,721 visitors per day and keep them for roughly 3 minutes on average. Overall, we thus observe a range of 0.17 to 89,000 core hours, with a mean of 1,550 core hours,” wrote the researchers in a report titled “Web-based Cryptojacking in the Wild,” which was published this week. “With a hash rate of 80 H/s and CoinHive’s payout ratio, a miner earns about 5.8 USD per day and website on average, which supports our observation that web-based cryptojacking currently provides only limited profit.”
Despite the low payout for the average cryptojacking websites, some of the profitable illegal crypto mining websites featured in the top 10 make between $119 and $340.
The study, which was conducted by Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck, also noted that one website in every 500 (about 0.2%) possesses a web-based miner targeting the mining of memory-bound cryptocurrencies such as monero. The study was limited to websites which are ranked among the top one million list by Alexa.
With regards to the kind of content that cryptojackers mostly used to lure visitors to their websites, pornography ranked high. Other kinds of content that were also favored by cryptojackers included entertainment, technology, and business. The researchers also found that most of the cryptojacking websites have their servers located in the United States, with Russia, Germany, France, and Netherlands completing the top five.
Ineffective Detection Methods
On the existing methods that are used to detect the presence of cryptojacking malware, the researchers concluded that they are far from effective. The researchers proposed a hybrid approach where both static and dynamic analysis is conducted. Additionally, the researchers called for browser developers to introduce methods of detecting crypto-mining activity by, for instance, implementing tab-based CPU quotas which can tell when unauthorized cryptocurrency mining is taking place.
Despite all the bad press that web-based cryptocurrency mining has been getting, researchers pointed out that the legitimate use cases ought to be appreciated.
“Web-based mining certainly has legit use-cases and may pose an alternative to online advertisements as scheme of monetization,” the researchers noted. “Moreover, mining might even replace CAPTCHAs used for rate limitation by requiring a proof-of-work.”