MINING A CRYPTOCURRENCY can be an expensive business. Producing new coins, also known as tokens, can require computers to solve cryptographic puzzles, which takes large amounts of power. One way to keep costs down is to relocate mines to wherever electricity is cheapest. Cheaper still is having others foot the bill. An unsuspecting organisation’s power can be hijacked by stacking computers in a crawlspace or storage room, for example. Such operations, however, are regularly discovered, and culprits risk penalties and confiscated kit.
An unsuspecting organisation’s power can be hijacked by stacking computers in a crawlspace or storage room, for example. (UNSPLASH)
A less risky and more scalable approach is to steal power by remotely sneaking crypto-mining software onto other people’s computers. Crypto-jacking, as this trick is known, is booming. Over the course of 2025, instances jumped by about 20%, according to a note in November from GreyNoise, an American security firm. Victims take quite a hit. A study published in 2022 by Sysdig, a security company based in San Francisco, estimates that every dollar in crypto thus generated costs victims an average of $53 in computing expenses.
Part of the surge is due to the high value of cryptocurrencies in recent years (although there has been a drop in 2026). The barriers to crypto-jacking are also relatively low. The requisite software is readily obtained from underground web forums, says a specialist with Interpol’s cybercrime unit in Singapore who required anonymity to comment on operations. And installing such software on computers is less challenging than stealing data, or, in the case of ransomware, holding it hostage. The upshot is that crypto-jacking shows no sign of going away.
Among the most useful tools in crypto-jackers’ arsenal are web-crawling bots. These packets of codes sniff out computers with security settings that are weak or which have not been changed since purchase. Many such bots are now roaming cyberspace, tipping off their masters when opportunities are spotted. Advanced artificial-intelligence models could, in theory, help identify additional targets, but Michael Clark, head of threat research at Sysdig, believes their edge over existing bots is not large enough to justify the expense.
When vulnerabilities are found, crypto-jackers are often among the first to exploit them. Corporate computers rendered vulnerable by a configuration error are often commandeered within an hour, says Mr Clark. Servers are particularly attractive targets. They are always on, and surges in traffic are common. Also, because servers act as data-processing hubs for other computers, crypto-jacking software can often replicate itself on the network’s spokes.
Another way crypto-jackers can access computers is by finding login credentials unwittingly posted online. GitHub, a massive online repository of code, is a good place to look. And if a bot cannot find a server password, it might be able to guess it. In January 2025 it emerged that one such “password-spray attack” allowed crypto-jacking software to be run on servers rented by USAID, an American government agency, at a cost of nearly $500,000.
Even bigger scams have come to light. In 2024 Ukrainian police, helped by Europol, arrested a man in Mykolaiv alleged to have used password-cracking software to mine cryptocurrency worth nearly $2m over the course of two years. On August 15th 2025 America’s Department of Justice announced that a Nebraska man had crypto-jacked nearly $1m in tokens while simultaneously running up more than $3.5m in cloud-computing fees for his victims. He was sentenced to a year in prison.
In recent years personal laptops and mobile phones have replaced corporate servers as prime targets, says Alex Delamotte of SentinelOne, a security firm in Mountain View, California. She attributes this to the rising value of Monero, one of the relatively few cryptocurrencies that can be mined on personal devices.
Individuals are also likely to be softer targets than outfits with a dedicated cybersecurity team. Scripts used for crypto-jacking—a list that includes Crypto-Loot, Minr and XMRig—can be illicitly embedded in email attachments, free apps, online “malvertisements” and even web browsers. When unsuspecting users click or visit, parasitic code invisibly deploys, often bypassing antivirus protection. In July c/side, a security firm in San Francisco, said it had discovered more than 3,500 websites infected with a stealthy crypto-jacking script it described as a “digital vampire”.
These problems continue to get worse, says the expert from Interpol. Crypto-jacking scripts are increasingly packaged as “fileless” code, which is much harder to spot when uploaded to a given device. Google tacitly acknowledged its inability to stamp out crypto-jacking on its cloud service when it introduced, in 2023, a programme to provide certain victims credits worth up to $1m for losses incurred over any 12-month period.
Security firms, however, aim to adapt. New forensic software packages analyse processing loads, data traffic and electricity usage, flagging spikes and other suspicious patterns. And heavyweights, Google and Microsoft included, are increasingly folding advanced AI models into such offerings. Some hope that these models will become experts at spotting crypto-jackers’ tricks as well as—eventually—automatically deleting malicious code. Until the cryptocurrency bubble bursts, though, expect the arms race to continue.
