Mark Twain popularized the phrase, “There’s gold in them thar hills,” when he wrote about the gold rush of 1849. The gold may have been mined out of the California hills long ago, but there is plenty of digital gold that can be mined from millions of CPUs across the globe. Yes, there might be digital gold to be mined within your own computing devices. Unfortunately, it is someone else getting the gold. Welcome to the digital gold rush of the modern-day world.

Today’s gold rush is all about cryptocurrency and it has created a fever amongst the global populous looking to claim their fortune. Few people understand what a bitcoin really is, but many regularly visit websites such as Coinbase to buy them and track the upward trajectory of its value. As you are probably aware, the most popular cryptocurrency, bitcoin, has rocketed in value from a few hundred bucks to nearly $20,000 in a year’s time. Like any gold rush, there is also that faction that seeks to jump in and seize a quick buck by taking advantage of all of the frenzy. As a result, nefarious activities abound. (For more on bitcoin, see How the Bitcoin Protocol Actually Works.)

Cyber Thefts and Assaults

Cryptocurrency exchanges offer users the ability to buy and sell digital currencies. Along with crypto-mining companies, these organizations are under constant assault by sinister hackers. Since 2011 there have been more than three dozen heists of cryptocurrency exchanges involving over a million bitcoins. Recently a Slovenian-based crypto-mining company fell victim to a highly sophisticated social engineering attack that resulted in the loss of nearly 5,000 bitcoins. That translates into somewhere between $60 million and $80 million dollars due to the wild price swings in bitcoin. A South Korean exchange was forced to declare bankruptcy after hackers stole 17 percent of their bitcoin inventory. This was the second attack sustained by them within twelve months, the first attack resulting in a loss of nearly $7 million. These bitcoins belonged to their customers, who now must simply write off their losses. As large as these heists were, they pale in comparison to an attack in 2014 against Mt. Gox, the largest bitcoin exchange in the world at the time. They too were forced into bankruptcy after losing $850,000 bitcoins in a cyberattack. Even back then, the stolen loot was worth some $450 million.

Digital wallets, however, are not the only target of hackers. Cybercriminals use DDoS attacks to manipulate the marketplace in order to gain favorable buying/selling conditions for them or their clients. Just last month, a U.K.-based cryptocurrency startup called Electroneum was the victim of a massive attack that resulted in 140,000 users being locked out of their digital wallets. DNS servers are also a common target in order to disrupt operations of bitcoin exchanges as well as initial coin offerings (ICO). These types of manipulations are easy to implement for experienced hackers due to the decentralized nature of cryptocurrencies.

Your Own Device May Be a Crypto-Mining Slave

While crypto exchanges and mining companies try to withstand these constant barrages by hackers, the rest of us are under assault as well. Crypto mining requires a great deal of processing power due to the hash rate requirements of performing the required calculations to a bitcoin and other cryptocurrency. This of course requires significant CAPEX to fund the necessary infrastructure. It also consumes a great deal of electricity. While bitcoin mining requires special high-end processors reserved for dedicated servers, some unscrupulous individuals have found ways to avoid investing their own money to mine for cryptocurrencies such as Monero, Zcash and Ethereum. Instead, they use the CPU power of unsuspecting users. While a single client device has nowhere near the capacity to mine cryptocurrency to any reasonable degree, the collective effort of millions of devices can. Hackers who control these zombie armies of miners are ringing in profits.

One sinister method of acquiring miners involves cryptocurrency mining malware. Once a device is infected with this malicious code, it begins using the CPU and memory resources of its hardware host to help collectively mine a designated cryptocurrency. This type of malware first appeared years ago when bitcoin first came into fruition, but phased out once the hash requirements exceeded the capabilities of consumer-based CPUs. Thanks to the proliferation of an ever-growing number of cybercurrencies, this menace is exponentially growing along with the value of the involved digital coins. There is evidence that rogue nations such as North Korea are heavily involved in this illegal means of mining in order to fund their military aspirations. In addition, many criminals involved in ransomware last year are now transitioning to crypto-mining malware, as the money is more predictable and steady. (To learn more about ransomware, check out The Ability to Combat Ransomware Just Got a Lot Tougher.)

So how prevalent is this threat? An IBM security team reports that cryptocurrency mining attacks have increased by over 600 percent this year, while Kaspersky Lab reports to have these mining menaces on 1.6 million client computers. One of the biggest menaces of 2017 was Adylkuzz, which actually infects PCs in the same manner as the WannaCry virus, using the same MS17-010 vulnerability. One exception is that it does not require any manual interaction to infect the system. Recently, Kaspersky Labs discovered a new malware strain that attacks smartphones to mine cryptocurrency in addition to other tasks such as DDoS attacks and malvertising. It so heavily consumes the resources of the phone that it can physically damage the device. A test device in Kaspersky Labs only lasted two days before breaking.

Your Web Browser May Be Cryptojacked

It isn’t just malware you have to look out for. In fact, using a process called cryptojacking, an attacker doesn’t even have to sneak software onto your computer. With cryptojacking, a hacker can simply inject JavaScript code into the webpages of a popular website. The code then hijacks the user’s web browser session and exploits the CPU power of a visitor’s PC to mine cryptocurrencies. Other than perhaps noticing degraded performance concerning their device (which could be as much as 85 percent), the user is most likely oblivious to the process. Security firms have discovered a new methodology that allows these embedded scripts to keep running in the background of a user’s device even after the closure of the browser window. According to Malwarebytes, one method is to hide a small popup window behind the taskbar or clock of a Windows computer.

One particular strain of this script was released by a mining company called Coinhive that mines for Monero. Estimates are that it has infected some 500 million computers. The popular websites Showtime and Politifacts were recently found to be compromised, and estimates are that as many as 220 of the top 1,000 websites in the world have cryptojacking code on them. The sad thing is that the presence of cryptojacking code isn’t always due to hackers. Some websites are actually incorporating this nonconsensual practice to generate funds for their own websites. File sharing sites such as the Pirate Bay torrent site have embraced this practice as an alternative to banner ads. Other sites are implementing this questionable practice as well as another revenue stream.

What all this means of course is that unknown parties are making money using your computer and electricity resources. Modern-day endpoint protection that is fully patched and up to date is the only sure way for users to protect their devices from these latest menaces. Users must also monitor the performance of their devices and scrutinize slow responsiveness. Cryptocurencies and the blockchain infrastructure they depend on are examples of technology outpacing regulation and security. The culmination of price manipulations, wallet theft and illegal mining will mean that one day governments will step in to regulate this industry. Until then, proceed with caution.