Cryptojacking: A Love Story

Part 1: Juan Valdez, the blockchain, and Bitcoin

How do you know that coffee is really from Columbia?  I mean, they’re spending a lot on advertising to make you believe that, but is there really any way to know? What about contracts, land titles, or marriage certificates?  What about your identification? Can we use technology to prove something is authentic? Can we know that those beans are really 100% pure Colombian Coffee?

Blockchain technology emerged early in the 21st century as a potential answer to this sort of question. As a sort of “public ledger” where transactional data can be stored in a decentralized manner so that anyone can know with confidence where Juan Valdez’ beans have been. Essentially, it’s using public key cryptography to “show your work” in scenarios where open record keeping is useful. Blockchain frameworks are designed to promote transparency, security, and accountability.

One of the first things people thought to do with blockchain technology was accounting. If the ledger is public, embezzlement might become quite difficult, people hoped. So in 2007, a pseudonymous person or group referring to themselves as Satoshi Nakamura began work on what is now called “Bitcoin.” Bitcoin is a unit of currency that is powered by a public ledger utilizing blockchain technology. There are now many cryptocurrencies, and you can even make your own, but Bitcoin is notable because it was the first one to become mainstream.  

Another reason Bitcoin was notable is because the process of obtaining an empty bitcoin wallet doesn’t require any identification. We’ll explain why that’s a big deal later, but for now, think about this for a moment:

This bitcoin wallet I selected at random has transacted 774 times on the blockchain and has moved over $200,000 USD worth of Bitcoin. It currently holds $34 USD worth of Bitcoin. Anyone in the world can verify that that information is true. But there is no way to see who controls that wallet. You can’t look up the owner. It’s therefore much more private than conventional banking transactions, because you don’t need an ID or a social security number to transact. That bitcoin wallet could belong to an eleven year old child in Kansas or it could belong to the Taliban. It could belong to someone in your family. There’s no information in the blockchain about who those virtual coins belong to or even what they spent it on, but if someone moves a billion dollars worth of bitcoin, or if you used BTC to buy a pizza, the blockchain would reflect that transaction publicly.  If you know which bitcoin wallet belongs to the pizzeria, you can look up how much money they deposited today.  

Fun fact: in the early days of Bitcoin, a journalist named Laszlo Hanyecz set out to see if it was possible to live on Bitcoin, and he anecdotally bought a pizza in San Francisco for 10,000 bitcoins.10,000 bitcoins at this moment in time would be worth $490.17 million USD. We have to hope for his sake it was delicious.

So let’s get in to how the sausage is made. Since Bitcoin is designed to be decentralized, there’s no government or treasury department to regulate it, and no “First National Bank of Bitcoin” to keep track of everyone’s balances. Instead, the blockchain, which is distributed redundantly to many devices throughout the world, keeps track of which bitcoin wallet has which bitcoins.

Running a cryptocurrency is expensive. There are hashes to compute, information to store, and lots of processing to do. That requires massive amounts of computing power and energy. So they pay volunteers with cryptocoins to provide the needed infrastructure.This is called “mining.”

People install a software program on their computer, it works with a team of other people’s computers to process and encode (solve) a block of transactions (called a hash) and is eventually rewarded with a fraction of a bitcoin that is transferred into its owner’s bitcoin wallet. Essentially, this allows nerds to trade computing power for a digital currency that can be used to obtain goods and services, or exchanged for any old school fiat currency in the world, such as dollars, rupees, pesos, or yuan.

When Bitcoins were new, they were hypothetically valuable, but pragmatically the demand for bitcoins was quite low. Something changed all of that, and that something was probably illegal drugs.

As you recall, bitcoin is very transparent in some respects, but very opaque about who owns a given bitcoin wallet. Around late 2010, dark websites such as Silk Road began to facilitate illicit transactions in bitcoin. People frequently bought illegal drugs like cocaine and heroin, in at least one case paid a hitman for murder, and engaged in other illicit vice with as little effort as you might exert buying a vintage record on eBay. This website was later shut down by the FBI and is the subject of lots of boring documentary films. It’s an open secret that a lot of Bitcoin’s growth is attributable to crime.

An important thing to understand about Bitcoin is that there are only 21 million of them that are mathematically and algorithmically possible, and 89 percent of them have already been awarded. There isn’t a way to print more of them, so they are incredibly prone to deflation. That’s why we have that story of the 490 million dollar pizza.See, in the beginning of Bitcoin, any dweeb with a Windows 95 computer from Best Buy could pull 10 bitcoins in a half hour. They didn’t seem especially scarce or precious back then. As time goes on, the system by design gives out smaller and smaller awards, and there is more and more competition for those awards. There are bitcoin mining facilities the size of towns. Solar panel arrays the size of lakes. Deafening arrays of hard drives clicking and fans keeping it all cool.

Because one bitcoin is now worth more than a new Tesla.

There’s a catch. While mining for cryptocurrency is easier than ever, unless you’ve got access to free electricity, you’re probably going to lose money if you try to participate in cryptocurrency mining.

So what happens next, and what does any of this have to do with cybersecurity? We’ll explore that in the next chapters of this series when we discuss cryptojacking and other cybercrimes.