Cryptojacking: A Growing Corporate Threat

October 2018

Finadium reports are distributed primarily by subscription. If you are a research subscriber, please log in to download a copy of this report. Otherwise, please contact us at

Cryptojacking has grown from a nuisance to a threat, with over 2.9 million instances recorded in Q1 2018. For financial services firms, the ability of a hacker to not only infiltrate corporate servers but to stay there for long periods of time, and send data outwards, is a serious security breach. Capital markets should recognize this attack and take active steps to guard against it.

Cryptojacking attacks have already occurred on a variety of platforms including the public cloud. While most schemes run on JavaScript and can access computers via a website, others can be delivered via email or Kubernetes systems with weak password protection.

The Internet of Things (IoT) presents new opportunities for cryptojacking. Most consumers do not think about securing the processing power of their toaster or refrigerator. While individually the CPUs of these devices are small, current growth patterns suggest that collectively, a takeover of millions of IoT devices is both practical and could yield substantial rewards for hackers.

While the illegal takeover of a user’s CPU is unwelcome, the technology has an upside: the authorized borrowing of computational power allows visitors to benefit from online content and pay using a barter system of CPUs for services.

This report has been written for generalist financial services practitioners to understand the dimensions of this new cryptojacking challenge.

Table of Contents

  • Executive Summary
  • The Scope and Scale of Cryptojacking
    • – Pick Your Platform
    • – Monero and Coinhive
  • Examples and Opportunities
    • – IoT Gets Real
  • Capital Markets Implications
  • About the Author
  • About Finadium LLC

Reset password

Create an account