In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.
About
Publications
A first look at browser-based Cryptojacking
IEEE SECURITY & PRIVACY ON THE BLOCKCHAIN (IEEE S&B) 2018 University College London (UCL), London, UK
GitHub
Paper
Slides
Press:
Schneier on Security
Cointelegraph
Motherboard Vice
Cointelegraph
Cryptoinsider
Randed
Bleepingcomputer
On the feasibility of decentralized derivatives markets
FC 2017 Financial Cryptography and Data Security
GitHub
Paper
Press:
Coindesk
Bitaccess
bitcoin.com
Buy your coffee with bitcoin, Real-world deployment of a bitcoin point of sale terminal
Advanced and Trusted Computing (ATC), 2016 Intl IEEE Conferences, Toulouse, France.
GitHub
Paper
Press:
Cafe Aunja
Cointelegraph
Real-world Deployability and Usability of Bitcoin
Thesis (M.A. Sc.) - Concordia University, 2015
Paper
A first look at the usability of bitcoin key management
USEC 15 NDSS Workshop on Usable Security (USEC) 2015, San Diego, CA, USA, February 8, 2015, Internet Society
Paper
Press:
The Morning Paper
VentureSkies
Standford, Bitcoin and Cryptocurrency Technologies Syllabus
Hackernoon
Blocks and Chains (Book)
ACM Queue Research for Practice
King Abdullah University, Blockchain Systems and Cryptocurrencies Syllabus
Projects
Catena Blockchain Suite
The Catena Blockchain Suite is an industry first product to quickly enable publishing of complex datasets onto public or private blockchains. Utilising smart contracts and hardware security modules, Catena enables a new level of data consistency and integrity. Government of Canada, piloted by National Research Council (NRC) is using the Catena Blockchain Suite on the Ethereum blockchain, to publish funding and grant information in real time.
GitHub HomepagePress: National Research Council Canada GlobalNews Newswire ETHNews TrustNodes
LibSubmarine - Defeat Front-Running on Ethereum
LibSubmarine is an open-source smart contract library that makes it easy to protect your contract against front-runners by temporarily hiding transactions on-chain.
GitHub HomepagePress: Ethereum Foundation - DevCon4 Hackernoon Ethereum Foundation - DevCon4
Bitaccess Enterprise Wallet
Bitaccess offers Bitcoin ATM and online software solutions to purchase and sell Bitcoin and Ethereum. I joined Bitaccess in 2015 to redesign and develop a new enterprise cloud wallet for better scalability of the BTM network and easier integration of the wallets in the software solutions.
GitHub HomepagePress: Enterprise Wallet TechCrunch Bitcoin.com CoinDesk
Velocity Technology
Velocity is a decentralized options platform that allows users to enter into a collar option using a smart contract on the ethereum blockchain. Velocity platform includes smart contracts responsible for the trades and, PriceGeth, an oracle to publish price pairs on Ethereum blockchain at every blocktime.
GitHubPress: Steemit ETHNews IBSIntelligence siliconANGLE BlockTribune
Keystamp, An open-source Proof-of-Compliance standard on the blockchain
Ontario Securities Commission Hackathon 1st Prize Winner. Integrating applied cryptography and blockchain technologies in existing corporate processes and commercial relationships, such as compliance policy implementation and audit.
GitHub HomepagePress: Betakit TimelyDisclosure Ontario Securities Commission Keystamp Pitch in RegHackTo
Lectures and Panels
Blockchain Myopia, A thing from the Future
DevCon4, Prague, Czech Republic - 2018An experimental session that involved an award-winning imagination game called 'The thing from the Future' that challenges players to collaboratively and competitively describe objects from a range of alternative futures. We discussed topics that range from the technological utopian visions conceptualized by the flag bearers of Blockchain/Unicorn-land to the technological dystopian hypotheticals of unstoppable dark markets.
WebsiteCryptojacking, victimless crime or a new online economy?
Blockchain Technology Symposium - from Hype to Reality, UofT, Canada - 2018Cryptojacking is the invisible use of one’s resources to mine cryptocurrency for someone else’s profit. Even though these attacks rose by 8500 percent in the final quarter of 2017, it seems that this phenomena is neither well-studied or well-known. In the follow up of the published paper, we invite the community from crypto-communities to ethicists to start the conversation on the policies and regulation for this new online monetization architecture.
Website VideoCocktail Blockchain
Blockhouse, Montreal, Canada. - 2018Panel organized by National Bank of Canada, Catallaxy and Ivado.
Discussion regarding the use of blockchain now and in the future in the real world and how organizations such as banks can use Blockchain technology and smart contracts to facilitate trust and security within their infrastructure.
SecRev - The Security Revolution from Montreal
Montreal, Canada. - 2018The Cybersecurity Revolution is an event conceived to openly encourage sharing and interaction among the wider cybersecurity research community. It is an event focused around research, education, science and learning and not the furthering of commercial interests. On this talk I presented my work on the first look at browser-based Cryptojacking.
Website Paper Slides Video2nd Annual Blockchain Bootcamp
Blockhouse (Catallaxy), Montreal, Canada. - 2018This blockchain bootcamp is an introductory level workshop that will teach the attendees the main building blocks of blockchain, with hands on experience with timestamping and associated use cases.
WebsiteWTH is Bitcoin?
Technologies, World and Societies Class, School of Sociological and Anthropological Studies, University of Ottawa, Canada - 2018A through historical view of where Bitcoin and Blockchain technology came from and how it evolved to be what we know now.
SlidesIntroduction to Bitcoin
Shahid Beheshti University, Tehran, Iran - 2015The first workshop on Bitcoin and Blockchain technology in Iran. This workshop organized by SBU Computer Science Scientific Association was designed to introduce and discuss research possibilities regarding Blockchain technology for graduate students and other interested parties.
Video