Malicious Monero Miners Made Off with 5% of Coins in Circulation, Over $175 Million

News

‘Fair’ mining and privacy altcoin, Monero (XMR), shed $175 million as a result of malicious miners hijacking what amounts to an eye-popping 5% of XRP in circulation. The findings come by way of a cyber security researcher in Northern California, investigating a noticeable trend uptick in mining thievery generally.  

Also read: William Shatner Joins Bitcoin Mining Project, Admits He Doesn’t Quite Get It

In preparation for the company newsletter, Unit 42, Palo Alto Networks researcher Josh Grunzweig blogged, The Rise of the Cryptocurrency Miners. It’s his effort to document a growing trend over the last year, malicious mining. Mr. Grunzweig’s frequent investigations on the subject caused him to dive deeper into the particulars. He came away with two critical findings: 1, malicious mining has indeed grown, and in direct relation to the giant price spikes of 2017; 2, Satoshi Pulse ranked 14th most valuable coin by market capitalization, Monero, has lost over $175 million, 5% of its present circulation, to malicious mining activity.

Malicious Monero Miners Made Off with 5% of Coins in Circulation, Over $175 Million
Breakdown of cryptocurrencies targeted by malicious miners. Palo Alto Networks

Palo Alto Networks is a publicly traded (NYSE: PANW) cyber security company, focusing mostly on proprietary firewall solutions. It boasts almost $2 billion in revenue last year, with a global service reach of 50,000 customers in 150 countries, employing more than 5,000 people around the world. 

Mr. Grunzweig “extracted a total of 2,341 Monero wallets from the analyzed sample set,” he explained in the post. “Unlike some other cryptocurrencies, it is impossible to query the Monero blockchain to extract a single wallet’s current balance without the owner’s password. This is by design: a result of how Monero was originally designed. As such, I needed to take a different methodology in order to determine how much money attackers were able to mine.”

Japanese Police Begin Coinhive Investigation

“Fortunately,” he mentioned, “in addition to the wallets, I was also able to determine which mining pools were used for various mining efforts. Looking at the top ten mining pools used by this malware, I determined that all but one allows for anonymous viewing of statistics based off of the wallet as an identifier. This anonymous viewing is intentional, as it allows users to anonymously connect and use various mining pools without inputting any personal identifiable information.”

Malicious Monero Miners Made Off with 5% of Coins in Circulation, Over $175 Million
Instances where a new cryptominer sample was discovered over time. Palo Alto Networks

Almost in passing, he refers to one “interesting note,” namely “that the total Monero represented roughly 5% of all Monero in circulation at the time of writing. This of course doesn’t take into account web-based Monero miners, or Monero miners that we do not have visibility into. As such, we can assume that the actual percentage of Monero in circulation that was mined via malicious activity is actually higher.”

He concludes by suggesting the malicious trend has leveled off some due to prices plummeting in recent months, noting it “is clear that such activities have been incredibly profitable for individuals or groups who have mined cryptocurrency using malicious techniques for a long period of time. A total of $175m has been found to be mined historically via the Monero currency, representing roughly 5% of all Monero currently in circulation.” Research revelations came around the same time Japanese police announced they’re investigating suspects employing Coinhive, a mining script used in Monero, focusing on thefts similar to those mentioned above.

What do you think about Monero? Let us know in the comments. 


Images via the Pixabay.


Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi Pulse, another original and free service from Bitcoin.com.