Abstract
Cryptojacking is the illicit exploitation of Internet users’ bandwidth and processing power to mine cryptocurrencies. This paper presents an experimental analysis of how different types of cryptojacking attacks impact a selection of consumer-grade devices, and the perceived annoyance by the user. This is seen in relation to the expected cost and revenue the attacker would expect. The results show that a well-configured cryptojacking attack does not significantly harm its victims, hence can be very difficult to detect, and even aware users might not bother getting rid of the infection. The costs and risk associated with performing cryptojacking are low, but the attacker would rely on a pool of infected devices over a prolonged period of time in order to make any significant revenue. The main cost is therefore the opportunity cost, as there are more profitable ways to abuse compromised systems due to the general decline in cryptocurrency values. Though the heyday of cryptojacking has gone by, several adversaries are likely to have made quite a profit from it. It can therefore emerge as a serious threat again due to market externalities.