dYdX logo
dYdX logodYdX icon

What is Cryptojacking?

What is Cryptojacking?

Cyberattacks are a serious threat not only in cryptocurrency but also in every hi-tech industry. Since coins like Bitcoin (BTC) and Ethereum (ETH) live on decentralized computer networks powered by unique algorithms, they're vulnerable to hacks like code exploits from malicious actors. Unfortunately, it doesn't matter whether you own or don’t own crypto—all internet users are at risk of cryptojacking.

With more than 130 million cryptojacking cases having been reported in 2022, it goes without saying internet users can't ignore this growing cybersecurity issue. Here’s all you need to know about cryptojacking, including how to spot cryptojacking scripts and ways to avoid falling prey to it. 

What is Cryptojacking? 

Cryptojacking is an illicit technique hackers use to drain their victims’ processing power to reward themselves with cryptocurrency. Here’s how it works:

Cryptocurrencies using the proof-of-work (PoW) model require every computer on the network to solve challenging algebraic equations every few minutes to post new transactions on the blockchain. Typically, PoW coins like Bitcoin incentivize miners with crypto rewards whenever they successfully solve an algorithm.

Cyptojackers, however, send a virus to another individual’s PC, mobile device, or web browser to subtly run PoW crypto mining malware in the background. Victims are unaware their computers are contributing energy to a cryptocurrency's validation process, and they aren't receiving any crypto compensation. Instead, hackers set up a private server and direct all the power on corrupted PCs and phones to their accounts, so it appears as if they deserve the PoW mining rewards.     

How Does Cryptojacking Work? 

There are a few ways cryptojackers break into their victims’ electronic devices, but common methods include Trojan Horse attacks or phishing links. In either of these cases, victims click a file or link that appears legitimate but actually downloads and installs a crypto virus.

Sometimes, cybercriminals also install their crypto mining malware on websites or ads that load on a user's web browser when they visit these pages (aka drive-by cryptojacking). For example, cryptojackers successfully installed malicious JavaScript code into The Los Angeles Times’ Homicide Page in 2018 to mine the PoW cryptocurrency Monero (XMR). Anyone who visited the webpage before IT experts discovered the exploit immediately started mining XMR for the hackers.

Unlike other malware forms, cryptojackers typically don't care about gaining access to users’ personal data or extorting their victims (however, the malware may have more than one intended purpose). Instead, hackers are most interested in silently stealing energy from a user's device to earn crypto mining rewards without paying high hardware expenses and electricity bills.

Although cryptojacking exploits work on any PoW cryptocurrency, many criminals prefer Monero due to its high degree of privacy. Unlike Bitcoin, Monero doesn't have a transparent payment ledger. Instead, Monero’s developers created an advanced verification process that clouds public transaction data so only people who directly send and receive XMR coins know their transaction history. The high degree of anonymity on this blockchain makes it a target for criminals and cryptojacking attacks. 

What are the Consequences of Cryptojacking?

The main consequence of cryptojacking is it increases the processing burden on a victim's electronic devices. People with mining malware on their phones or computers spend more on energy bills every year and often notice degraded performance when surfing the web. The increased energy may also reduce the lifespan of the infected hardware or make computers more vulnerable to other malware attacks.

Although many individual users experience the negative impact of cryptojacking, this attack also puts institutional infrastructure at risk. For example, cryptojackers successfully broke into water utility agencies in Europe in 2018, diverting precious electrical resources to maintain essential services like water treatment and sewage control. Prior cryptojacking attacks also drained electrical power from financial, medical, and educational industries, impacting the safety and efficiency of many businesses and institutions. 

How to Detect Crypto Mining Walware

Because cryptojacking is designed to be stealthy, criminals go to great lengths to make it difficult for people to suspect an issue with their computing power. However, there are a few cryptojacking warning signs to look out for when scanning a device.

  • Lagging internet performance: Once cryptojacking malware infects a computer, it diverts a huge amount of energy away from other tasks. Therefore, if someone's phone or desktop has an issue with cryptojacking, users will notice it takes longer to load pages, or their device constantly crashes. Cryptojacking victims may also notice their devices’ batteries drain faster, or they may have unexplainably higher electricity bills. 

  • Unusually hot machines: Crypto mining requires a lot of computational effort, which translates to hotter temperatures in a device's hardware. Users often notice their devices feel warmer than usual, and the fans in these units will run more frequently and furiously to try and keep the temps low. 

  • Increased CPU usage: Another way to monitor cryptojacking is to scan for abnormally high spikes in activity for central processing units (CPUs), especially when visiting new websites. Detecting for higher-than-average CPU usage when browsing the web may alert users to a greater risk of cryptojacking. 

Can We Prevent Cryptojacking? 

As cryptojacking becomes a more pressing concern, cybersecurity companies work on developing prevention strategies to stop hackers from stealing innocent users' computing resources to mine cryptocurrency. Installing a few software programs and staying on top of the latest upgrades may dramatically reduce the risk of suffering a cryptojacking exploit. 

  • Look into anti-crypto mining browser extensions: A few browser-based extensions automatically monitor websites and detect mining activity when people surf the web. For example, NoMiner and No Coin install on popular web browsers like Chrome or Opera and protect users from interacting with web pages involved with crypto miners. Professional cybersecurity companies and information technology (IT) experts are also ready to help clients counteract cryptojacking from messing up their operations.  

  • Use ad-blocking and antivirus software: Sometimes, cryptojackers install malicious code into pop-up ads, websites, and apps. One way to stay clear of these cyberattacks is to install a high-quality ad blocker and antivirus program beforehand. Using these tools reduces the odds of visiting a site with a higher risk of a cryptojacking infection.  

  • Be extra suspicious before clicking links: Some phishing scams appear to be from a credible source, but there are usually signs that something’s awry. If an email or text tries to get users to click a link because they've noticed "suspicious activity" or they say they need to "confirm" data, it's likely a phishing exploit. Pay careful attention to strange messages, and never click a link without verifying it's legitimate. For example, if an email has the logo of a centralized crypto exchange (CEX), contact the CEX's official help portal to ask if it's a legitimate link.  

  • Disable JavaScript: Many cryptojacking hacks in the past used code in programming language JavaScript to infect users' devices, particularly from the now-defunct project Coinhive. Although Coinhive's code is no longer available, it's still helpful for internet users to disable JavaScript from their web browsers as it decreases the likelihood of a cryptojacking attack. Web browsers often let users disable JavaScript in the "Settings'' menu. 

Learn More About Crypto Safety on dYdX Academy 

Cryptocurrency is an exciting industry, but there are many unique security challenges and scams related to digital assets. For more details on staying safe in Web3, check out dYdX Academy for educational content on the basics of crypto security. From properly transferring crypto to avoiding pump and dump schemes, dYdX Academy has dozens of guides to help avoid common security threats.

dYdX is also proud to offer eligible traders one of the safest and fastest decentralized exchanges for derivatives in the crypto industry. For more details on our latest updates and safety features, follow dYdX's official blog for up-to-date details, and eligible traders can start trading on dYdX today.


The content of this article (the “Article”) is provided for general informational purposes only. Reference to any specific strategy, technique, product, service, or entity does not constitute an endorsement or recommendation by dYdX Trading Inc., or any affiliate, agent, or representative thereof (“dYdX”). Use of strategies, techniques, products or services referenced in this Article may involve material risks, including the risk of financial losses arising from the volatility, operational loss, or nonconsensual liquidation of digital assets.  The content of this Article does not constitute, and should not be considered, construed, or relied upon as, financial advice, legal advice, tax advice, investment advice, or advice of any other nature; and the content of this Article is not an offer, solicitation or call to action to make any investment, or purchase any crypto asset, of any kind.  dYdX makes no representation, assurance or guarantee as to the accuracy, completeness, timeliness, suitability, or validity of any information in this Article or any third-party website that may be linked to it.  You are solely responsible for conducting independent research, performing due diligence, and/or seeking advice from a professional advisor prior to taking any financial, tax, legal, or investment action.

You may only use the dYdX Services in compliance with the dYdX Terms of Use available here, including the geographic restrictions therein. 

Any applicable sponsorship in connection with this Article will be disclosed, and any reference to a sponsor in this Article is for disclosure purposes, or informational in nature, and in any event is not a call to action to make an investment, acquire a service or product, or purchase crypto assets.  This Article does not offer the purchase or sale of any financial instruments or related services.

By accessing this Article and taking any action in connection with the information contained in this Article, you agree that dYdX is not responsible, directly or indirectly, for any errors, omissions, or delays related to this Article, or any damage, injury, or loss incurred in connection with use of or reliance on the content of this Article, including any specific strategy, technique, product, service, or entity that may be referenced in the Article.

Want more content? Check out these articles!

What are Layer 1 Blockchains?

What Does FUD Mean?

How Do Cryptographic Hash Functions Work?

Soulbound Tokens

What are Automated Market Makers?

What are Crypto ETFs

What is a Wallet Address?

What is Cold Storage in Crypto?

The dYdX Crypto Glossary

How to Read Crypto Charts