What is Bitcoin Mining?
Bitcoin mining, in and of itself, is not harmful and involves using a computer to solve difficult mathematical equations for the user to earn bitcoin. The user earns bitcoin by verifying transactions on the blockchain, which is a digital ledger—similar to a bankbook—that keeps track of all the transactions of a given cryptocurrency. Each time a hash is solved, the user who solves it earns bitcoin.
However, to solve the math problems, a computer has to run nonstop, expending a lot of central processing unit (CPU) power. This takes a lot of electricity. Hackers have begun hijacking other people’s computers to use them, their resources, and the user’s electricity to mine bitcoin, which the hacker can then cash in on.
How Does Bitcoin Mining Work?
Bitcoin mining uses malware. Hackers have written malware with the ability to access your computer and use its resources to mine bitcoin and other cryptocurrencies. For the hacker to earn cryptocurrencies, they have to verify transactions on a blockchain. Cryptocurrencies depend on this to maintain solvency.
Each transaction generates an ID labeled with a hash. On the bitcoin blockchain, a hash is a 256-bit encryption, which is essentially a password. Each computer on the network tries to figure out the 256-bit password, and if it gets even one character wrong, the hash is not solved. Other computers work to verify the authenticity of the solutions the “winning” computer came up with. All of this work is rewarded with cryptocurrencies—in this case, bitcoin.
In some cryptocurrency ecosystems, users also get voting rights in the system’s governance structure. This means they get to cast a vote regarding the decisions the development team makes about the future of the currency, its token, and how they will be used.
Although it is not hard for a computer to solve a hash, to do it fast enough so that the problem is solved before other users' computers solve it, the computer has to be fast. But a fast computer is not enough. As the CPU tries to churn out an answer as quickly as possible, it has to fire billions of electrical impulses in a short period of time. To keep the computer from burning up, powerful fans are run constantly. This takes a lot of electricity. This is why hackers come after your computer—to bring it into one of their hijacked bitcoin mining pools.
A hacker installs bitcoin mining malware on hundreds of computers to divide the work among them. All of the computers become bitcoin miners verifying bitcoin transactions. Bitcoin mining calculators have calculated the electric draw of these operations, and they are enough to cause electric bills to spike, CPUs to burn up, and computers to completely fail.
What Are the Bitcoin Mining Risks/Security Risks?
If your computer is hacked and bitcoin mining malware is installed, your computer may be destroyed and your electricity bill may skyrocket.
Because bitcoin transactions require so much computing power to verify, the hardware for bitcoin mining has to be cooled constantly by special fans. Your average cell phone, desktop, or laptop computer does not have the cooling capabilities to keep the CPU from overheating. As a result, when a computer is hijacked for cryptocurrency mining, it often overheats and burns up.
Also, 100% of your device’s computing power may be used for mining. This can bring your computer’s operation to a halt when it comes to business-critical computations. Bitcoin mining software is designed to consume huge portions of a computer’s processing power, leaving little to no room for even relatively low-demand tasks.
In addition, your computer could be used as a launching point to spread the malware to other computers that connect to your network. This could erode the trust you have with customers, business partners, and others who depend on you to deliver services and communications safely. However, there are also specific types of scams that hackers use, and each of these can be a threat to users on your network.
Bitcoins are held in bitcoin wallets. With a wallet scam, fake wallets are set up online, and scammers will request that you either give them money upfront or they will provide you with a bitcoin address that ends up putting your funds in their wallet, not yours. There are also fake hardware wallets with built-in vulnerabilities that make it easy for scammers to get in and steal your bitcoins.
Some companies pretend to provide mining services using a bitcoin mining cloud. They take your money but never mine any bitcoin for you. People often fall for the scam because they want to get their hands on the bitcoin cryptocurrency, and while there are legitimate services out there, some are fraudulent.
When you trade bitcoin, especially for another digital currency, you may use an exchange. Each transaction requires a fee. Scam exchanges may lure in unsuspecting bitcoin holders with very low fees. But they then steal your money by using the wallet ID and password you provide.
How to Secure Your Devices from the Risks
If you fail to secure your devices against these kinds of attacks, your device, as well as others connected to the networks it uses, can become infected and suffer from failure. The CPU may get too hot, and the device could literally melt or burn up. In addition, the vast majority—as much as 100%—of the device’s computing power can be hijacked. This could make it useless for the user, stopping business and creating a time-consuming task for the IT team charged with eradicating the threat.
Avoid Public Wi-Fi Networks
Public Wi-Fi networks are a popular target for those who want to mine cryptocurrency on the bitcoin blockchain using other people’s devices. Because the connections are not secure, it is relatively easy for a hacker to gain access to a user’s computer and install malware in a public network. Avoid connecting to the internet using a publicly provided connection like in a café or store.
Use a VPN
A virtual private network (VPN) can offer adequate protection against cryptojackers. With a VPN, you can access a network that is separate from other users. In this way, only you and other people with a username and password can gain access. Also, traffic on a VPN is encrypted, making it far harder to hack than traditional network activity. This can prevent cryptojacking on your device.
Secure Your Devices
To secure your devices, the following measures should be implemented:
- Antivirus protection: Antivirus programs filter threats, like mining botnet infections, and keep them from attacking your devices. They can also quarantine and eliminate threats that have already penetrated your device, freeing your computer from their effects.
- Use a personal VPN: On each device you use, you can access the internet with your own personal VPN. This keeps your internet use private and secure.
- Use a firewall: If your internet activity happens behind the protection of a firewall, threats like those stemming from bitcoin cryptomining hacks can be kept out. Also, because the firewall can monitor the data leaving your computer, it can prevent your device from being used to hack into others.
How Fortinet Can Help
You can prevent bitcoin mining with Fortinet's suite of tools. FortiGuard is equipped with anti-malware capabilities, providing your organization with a shield against a vast number of threats. Many bitcoin miners take control of your system by infecting your computer with malware introduced through emails. FortiGuard uses highly effective anti-spam protection to keep emails containing bitcoin mining malware away from your network.
FortiGuard Labs also scours the internet on a constant basis, looking for bitcoin mining scripts and other threats, providing you with an ever-evolving security fabric. As new bitcoin miners are developed, regardless of where in the world they emerge, FortiGuard is able to identify them and then use that data to protect all the systems subscribed to the service.
Further, FortiAI has the ability to use deep neural networks (DNN), a form of deep learning, to teach itself how to identify malware threats like bitcoin miners. Therefore, even if your security team does not have extensive experience identifying bitcoin miners, FortiAI can work as your virtual security analyst, identifying them for you and neutralizing the threat.
Also, with the Fortinet next-generation firewall (NGFW), you can protect either your entire network or certain segments of it from bitcoin miners. The NGFW blocks bitcoin miners and other malware, acting as a barrier between your network and these threats. Additionally, you can use the NGFW to secure specific areas of your network because it can monitor and filter internal traffic. In this way, the NGFW can prevent a bitcoin miner with worm capabilities from infecting other devices within your network.