Browser Cryptojacking

Speaker/Bio

Yair Kosowsky-Sachs is a rising freshman at University of Maryland. This is his second summer working on Bitcoin-related subjects at BU with NISLAB.

Abstract

(Modified from the referenced paper)

In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.

Reference