Please use this identifier to cite or link to this item:
|Title:||In-browser cryptomining for good: An untold story||Authors:||Tekiner E.
Selçuk, Ali Aydın
Non profit organizations
Ready to use
|Issue Date:||2021||Publisher:||Institute of Electrical and Electronics Engineers Inc.||Source:||Tekiner, E., Acar, A., Uluagac, A. S., Kirda, E., & Selcuk, A. A. (2021, August). In-Browser Cryptomining for Good: An Untold Story. In 2021 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS) (pp. 20-29). IEEE.||Abstract:||In-browser cryptomining uses the computational power of a website’s visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users’ explicit consent and malicious actors who wish to exploit the computational power of the users’ computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our analysis in this paper shows that in practice, regardless of their being legitimate or not, all in-browser mining scripts are treated the same as malicious cryptomining samples (aka cryptojacking) and blacklisted by browser extensions or antivirus programs. Indeed, there is a need for a better understanding of the in-browser cryptomining ecosystem. Hence, in this paper, we present an in-depth empirical analysis of in-browser cryptomining processes, focusing on the samples explicitly asking for user consent, which we call permissioned cryptomining. To the best of our knowledge, this is the first study focusing on the permissioned cryptomining samples. For this, we created a dataset of 6269 unique websites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. We believe that (1) this paper is the first attempt showing that permissioned in-browser cryptomining could be a legitimate and viable monetization tool if implemented responsibly and without interrupting the user, and (2) this paper will catalyze the widespread adoption of legitimate cryptomining with user consent and awareness. © 2021 IEEE.||Description:||3rd IEEE International Conference on Decentralized Applications and Infrastructures, DAPPS 2021 -- 3 August 2021 through 6 August 2021 -- -- 176990||URI:||https://doi.org/10.1109/DAPPS52256.2021.00008
|Appears in Collections:||Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering|
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show full item record
checked on Sep 23, 2022
checked on Feb 6, 2023
Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.