Truth in Web Mining: Measuring the Profitability and the Imposed Overheads of Cryptojacking

Abstract

In recent years, we have been observing a new paradigm of attacks, the so-called cryptojacking attacks. Given the lower-risk/lower-effort nature of cryptojacking, the number of such incidents in 2018 were nearly double of those of ransomware attacks. Apart from the cryptojackers, web-cryptomining library providers also enabled benign publishers to use this mechanism as an alternative monetization schema for web in the era of declined ad revenues. In spite of the buzz raised around web-cryptomining, it is not yet known what is the profitability of web-cryptomining and what is the actual cost it imposes on the user side. In this paper, we respond to this exact question by measuring the overhead imposed to the user with regards to power consumption, resources utilization, network traffic, device temperature and user experience. We compare those overheads along with the profitability of web-cryptomining to the ones imposed by advertising to examine if web-cryptomining can become a viable alternative revenue stream for websites. Our results show that web-cryptomining can reach the profitability of advertising under specific circumstances, but users need to sustain a significant cost on their devices.