Ahrefs is a company that investigates traffic on the internet and it has published a study to determine how many websites had installed a software for illegal use of their visitors’ computer processing power to mine cryptocurrencies. Ahrefs used software robots to explore the web and analyze more than 175 million websites. These robots use specialized tools to detect mining software.
The study is called “How many websites are mining cryptocurrency?” and its goal is to estimate the number of web servers that have installed some type of mining code. Ahrefs also wanted to detect the type of web mining software used in order to determine which software is the most frequently used and also analyze the traffic of the affected websites.
The analysis of the traffic allowed the team at Ahrefs to obtain more information about the most efficient websites when it comes to clandestine web mining. This is because many administrators of these websites were not aware of the fact that their websites have web mining software installed. Among the first 20 websites with the most traffic, was one Venezuelan website.
Tim Soulo, the Head of marketing & product strategy at Ahrefs said: “I’ll be honest, up until a few weeks ago, I didn’t know there was such thing as a “crypto mining script” that can be installed on your website.
So let me briefly explain how crypto-mining scripts work (I’ll try to keep it simple). For cryptocurrencies to function, complex computational calculations have to be continually carried out; this process is called mining. Mining is carried out by miners, who earn cryptocurrency by doing so. It takes a lot of computational power to mine cryptocurrency, which means a lot of energy.
Because energy costs money, some websites install scripts that effectively utilise your computer’s energy to mine cryptocurrency on their behalf. So, the longer you have their site opened in your browser, the more coins they earn using your computer’s energy. (Clever, right?)
Since cryptomining is such a hot trend right now, we thought it would be interesting to find out not only how many sites in the world have crypto-mining scripts installed, but also how many have enough traffic to make this a worthwhile endeavor.”
Ahrefs analyze 175,251,729 websites using a tool called Wappalyzer, which detects the technologies used by a particular website. Soulo says: “Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, ecommerce platforms, web frameworks, server software, analytics tools and many more.”
Moreover, Wappalyzer is able to detect 14 scripts for web mining such as CoinHive, Crypto-Loot, JSECoin, ProjectPoi, and many more.
As a result of the analysis, Ahrefs says their study found 23,872 websites with web mining scripts installed, which represents 0.0136% of the total websites analyzed or 1 in 7,353 websites.
According to the study, CoinHive is by far the most represented web mining software. It was found on 93.82% of the infected websites (on around 22,000 websites).
When it comes to the traffic the infected websites get, the majority of them, around 91%, receive up to 50 visitors from Google per month, which is not much traffic at all. Ahrefs says: “To summarise, most of the sites running crypto-scripts probably receive very little traffic.”
Tim Soulo says the cause for this may be the fact that people are aware that abandoned websites might get hacked and stay away from them: “Basically, many people set up websites and then quickly lose interest. These websites are then abandoned and left to rot. Never do they have chance to attract a significant amount of traffic. Because they’re left abandoned, it’s likely that the CMS, theme, and plugin(s) won’t receive any critical updates. This leads to security flaws which in turn, make it easier for hackers to gain access and install crypto-malware. So, while an individual website might only be getting a few dozen visitors per month, hackers may be able to mine a significant amount of cryptocurrency should they hack into, and install crypto-mining scripts on, thousands of websites (But again, that is a pure speculation, as we didn’t really dig into that).”
Another reason might be that high-traffic websites have more to lose if they temper with web mining scripts: “Let’s assume you have a website with a ton of monthly search traffic; wouldn’t you avoid anything that may put your website at risk? Of course you would. There has even been rumours in the past that Google might block websites with crypto-mining scripts in Chrome (a browser with ~58% market share). Bottomline: installing crypto-mining scripts simply isn’t worth the risk for high-profile websites.”
The practice of convert websites into a means for the mining of cryptocurrencies at the expense of the visitors brings along certain risks, especially if a website is popular and attracts a lot of traffic, as Ahrefs mentioned in their study. Out of the numerous reported cases of websites with cryptocurrency mining scripts installed, there are some that ask for user authorization before the web mining scripts kicks into action.
According to Internet Live Stats, there are more than 1.86 billion websites out there, but only 200 million of them are active. If we apply the proportion from the study published by Ahrefs to this number, we could estimate that around 27,000 websites out of the total number of active ones might use web mining scripts to mine cryptocurrencies with the computer resources of their visitors.