How does cryptocurrency work?

It all started with Bitcoin, which was first described by the Japanese Satoshi Nakamoto in the Bitcoin whitepaper in 2008. His idea was to establish a digital currency. This was to be organized in a decentralized manner, i.e. it was to be administered neither by governments nor by banks. The maximum number of Bitcoins was to be limited to a total of 21 million to rule out inflation from the outset. Unlike central banks, however, Bitcoin units are not printed like banknotes, for example, but can only be generated digitally through computing power.

The basis for this is the so-called “blockchain”. This is because in crypto mining or bitcoin mining, each individual transaction is summarized in “blocks”. These are then linearly lined up and chained together via a decentralized peer-to-peer network. All blocks have so-called “hash values”, which are a kind of verification number for the transactions made.  The check number in turn contains the individual hash values of the current transaction as well as the hash values of the respective previous transaction. To generate them, a conventional computer can be used, which executes a cryptographic function, also called a “hash function” (SHA256). Thanks to this procedure, it is impossible to manipulate the transactions, since a subsequent change within the chain would not only stand out, but would also not be possible in the first place. This is because if even one value were to be manipulated, the value following it would also deviate from the actual sequence.

Difficulties in the generation of cryptocurrencies

Simplified explained there are two different possibilities to mine cryptocurrency. These are, on the one hand, private Bitcoin mining from home and crypto mining via the cloud. In the following, we will take a closer look at the two options:

Private Bitcoin Mining

The cornerstone for each type of crypto mining is the so-called eWallet, in order to be able to store the cryptocurrencies generated during mining (e.g. Bitcoins, Moneros and Co.). In addition, private Bitcoin mining requires a special program that can execute the hash function for mining. This can be installed and set up quite easily by any PC owner. While it is still possible to do Bitcoin mining from home using your own computer’s CPU, it is discouraged for economic reasons these days. This is partly because there are now chips developed specifically for crypto mining, called “ASIC” (Application Specific Integrated Circuit), which can mine cryptocurrencies up to one hundred times more efficiently and seven times faster. However, even this is not always profitable compared to crypto mining via the cloud.

Crypto mining via the cloud

If you want to save yourself the trouble of doing crypto mining from home, you have the option of renting hash power from a cloud mining provider. There are now countless different providers, some of which operate entire mining farms. The contracts can be concluded via the website of the respective providers for different cryptocurrencies. The costs of the contracts depend on the rented power. Thus, the providers remain independent of the value of the cryptocurrencies.

Legal and illegal crypto mining – what are the differences?

Crypto mining is an extremely complex, resource-intensive – and therefore expensive process. While in the early days of Bitcoin and Co. it was still sufficient to use one’s own PC to mine the coveted online money, the situation is different today. Since the value of the cryptocurrency decreases with the increasing amount of generated units, a so-called “halving” takes place at regular intervals. This ensures that it takes twice as much effort to generate a unit of a cryptocurrency after a certain point in time. This measure is necessary because otherwise inflation would occur. Conversely, this means that more and more computing power is required to generate the unit of a cryptocurrency. The power consumption and the wear and tear on the hardware increase rapidly. Prospecting with one’s own computer is simply becoming unprofitable. Resourceful crypto miners were soon looking for new ways to mine cryptocurrencies more profitably. Entirely new possibilities quickly established themselves: One is to mine cryptocurrencies in countries with very low energy prices, such as Iceland, Venezuela or Georgia. In these states, entire industries have already formed, some of which now pose a problem for the stability of the national power supply. In Iceland, an energy emergency has already occurred due to the rapid increase in crypto mining activities. The consequences: A significant shortage of the commodity in demand and increasingly expensive generation. An almost free, but also illegal method, is the generation of cryptocurrencies with the help of a bot network. The aim here is to make as many computers as possible part of such a network and have them mine cryptocurrencies in a network. The generated units are then credited to the cybercriminals’ eWallet. To do this, they smuggle malware onto their victims’ computers. How the criminal miners manage to do this is described below.

Illegal crypto mining – how cybercriminals tap into the computer

Crypto mining using JavaScrip commands.

Basically, it is necessary to distinguish between two types of illegal crypto mining. The most widespread method, is the use of the crypto mining program Coinhive, which is classified as a “potentially malicious program” by most antivirus programs. Since it is based on JavaScript, it can be integrated into websites without much effort and is simply reloaded by most browsers. However, the legal situation here is anything but clear. IT security expert Brian Krebs recently dubbed the program “one of the biggest threats to web users”. And indeed, the program’s modus operandi is extremely perfidious. Websites infected with Coinhive force their visitors’ devices to mine cryptocurrencies – usually without the victim noticing or obtaining consent beforehand. Some of them even exploit the entire CPU power, for example, the crypto mining program that was embedded on the website of Portuguese soccer star Cristiano Ronaldo. However, this method has a decisive disadvantage for Coinhive users: cryptocurrencies are only mined as long as someone is actually actively on the website. If he leaves the site, the crypto mining process is aborted.

Crypto Mining via Malware

Crypto mining using malware is a completely different matter. This method involves the use of malware specifically designed for cryptocurrency mining. The cybercriminals use different ways to smuggle it onto their victims’ computers. The most popular way of distribution is via infected websites. However, pirated software is also suitable as a hiding place for a crypto mining dropper. If a user accesses an infected download website, the malicious program is loaded onto the computer unnoticed via a drive-by download and starts mining a selected cryptocurrency for the hackers. Since the maximum computing power of the devices should ideally be exploited, the cybercriminals have to proceed cautiously in order not to be exposed during the mining process. If the device is always running at 100 percent of its computing capacity, its owner will hardly be able to operate it. In most cases, the user will then take countermeasures. Because of this, crypto mining malware usually only uses about two-thirds of the computing power. In some cases, the malware is even programmed to detect the start of a resource-consuming application and throttle the malware’s activities accordingly. Crypto mining malware has even been detected that is capable of bypassing antivirus programs. However, many independently infected devices are still of little use to cybercriminals. It is important that they are able to bundle their power to mine cryptocurrencies. A bot network represents the ideal means for this. Some of these networks comprise several thousand computers, and the profits that the cybercriminals pocket are correspondingly high.

How can I effectively protect myself from illegal crypto mining?

First of all, there is no “one” protection against illegal crypto mining, but rather a combination of different security solutions should be used in the fight against unwanted mining. On the one hand, it is important to understand how cybercriminals proceed in illegal crypto mining and which tools they use. This way, the right security awareness can already lay the foundation for a functioning prevention. In addition, an antivirus program should be installed on the computer that is always kept up to date – this also applies to all other programs and the operating system. If you want to download software from the Internet, you should only do so from trustworthy sources, such as heise.de. Software is also offered for download on renowned download portals, which would like to install further software within the installation process. It cannot be ruled out that additional malicious programs such as Crypto Mining Dropper are contained in this software. Furthermore, spam emails may also contain links that lead to websites contaminated with crypto mining droppers. Since it can be difficult to distinguish well-crafted spam emails from normal emails, it is recommended to use a managed spam filter service, especially for companies. Increased attention is also advised when surfing the web. Since dubious, malware-infected sites can only be recognized as such in the rarest of cases, it is also advisable to use a web filter. This reliably warns the user about potentially harmful content before the page is called up. This provides protection not only against crypto mining malware, but also against all other malicious content.