Cryptojacking is a growing issue for website owners and organizations globally, with many falling victim to cryptocurrency mining malware hacks. These hacks install mining scripts into websites allowing hackers to mine cryptocurrencies unbeknown to website visitors and owners.
Crypto-mining scripts can use website visitor’s computer systems, central processing units (CPUs), graphics processing units (GPUs) and their electricity, sending mining rewards to hackers at hidden cryptocurrency wallet addresses.
Website owners may also knowingly operate cryptocurrency mining scripts, but without warning visitors, using visitor’s computer power to mine cryptocurrencies for their own benefit.
In both cases, website visitors are not aware their systems are being used in this way unless they happen to notice their systems slow down or spot hikes in processor or browser activity.
Ahrefs crawled the 175 million websites in its database, including subdomains, with an application called Wappalyzer which reveals the technologies a website employs. Wappalyzer is able to identify 14 common crypto-mining scripts.
A total of 23,872 unique website domains out of the 175 million analyzed were found to be running cryptocurrency mining scripts. Of the total identified, most of them, at 93.82%, were running the Coinhive crypto-mining script.
Ahrefs went on to analyse how many visitors these sites are likely receiving via organic search from Google, most of which would be unaware they are mining cryptocurrency for hackers or site owners while they are browsing the site. Ahrefs estimated monthly search traffic based on search volumes and estimated click-through rates. They summarised that roughly 91% of websites with cryptocurrency mining scripts installed were getting less that 50 visitors via Google each month.
Finally, larger, more popular sites are likely to achieve a higher CPM for advertising and thus the incentives for running malware are less than they’d receive from conventional advertising.
Most of the websites identified also fell outside of Ahrefs’ top 100,000 domains according to the Ahref Domain Rating system. The Domain Rating system grades the popularity of a website based on the amount and quality of inbound links it has from other websites.