This week one of the Labs team members Toby Samples (@tsamples) gave a presentation on How does blockchain work and what is cryptomining. We are looking at Blockchain in the Labs right now and with the considerable press around cryptomining and how you can even hack a website to do it, we figured it would be good to educate everyone internally and also come up with some policy around preventing this as part of our delivery excellent to clients.
What is blockchain?
Well simply put it is a distributed digital record which enables the ability to prove that every transaction within the “chain” is correct and has not been tampered with. Most people know the association of blockchain and bitcoin.
Blockchain works by “hashing” the contents of a transaction and adding them to the “chain”. Once the chain is started the next link in the chain is created using the hash from the previous chain. If the contents of any link are changed the hashes will not match and the chain is broken.
The implication for bitcoin transactions on a massive scale is that every transaction is recorded in the chain, which makes the chain large, which makes validating the chain expensive and processor intensive. (One bitcoin transaction costs as much as the energy for a house for a week)
In a financial ledger it is critical to the confidence of the company/investor/buyer that bank records are accurate and no-one is faking the numbers for their own personal gain. But there are many other potential usages which less “volume” but just as much use.
Bitcoin and other distributed cryptocurrencies allow for transactions to happen all over the global and more importantly transaction validation can be a distributed process. It is not instantaneous that the transactions occur.
When a digital transaction is carried out, it is grouped together in a cryptographically protected block with other transactions that have occurred in the last 10 minutes and sent out to the entire network.
Miners (members in the network with high levels of computing power) then compete to validate the transactions by solving complex coded problems. The first miner to solve the problem and validate the block receives a reward. (In the Bitcoin Blockchain network, for example, a miner would receive Bitcoins). This is a really nice article explaining how the proof of work, works.
Explaining How Proof of Stake, Proof of Work, Hashing and Blockchain Work Together
So what is cryptomining?
Cryptomining is using a computer to do the coin mining processing. This is generally cost prohibitive to run as an individual. Unless you have a powerful gaming pc and are making a long term investment, it is not really a financially viable thing to do for an individual. The process is relatively simple: you create an online account to process financial transactions (you get paid), sign up to a service which will give you transactions to process, and install a program to churn through validations. Once you sign up to a service the validations are transmitted to your computer for processing.
It becomes illegal (cryptojacking) when you commandeer someone else’s machine to do the mining for you. Why not have someone else pay for the mining while you reap the profits for the validation?
Where this becomes especially nefarious when services like coinhive allow you to make your website customers do this mining for you. Some people are starting to use this as income from their websites rather than advertising. Coinhive offer a service whereby you can add a coinhive js file to your website and then anyone who visits that site gets a javascript load of coin mining assigned to the computer and it churns away while you are on the page.
What happened earlier in Feb 2018 became international news when a remote 3rd party js library site used by UK and AUS government sites was hacked and these .gov sites started to behave like coinhive processing sites. See this great blog for more details (The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries).
There are ways and means to prevent your site becoming victim to this JavaScript attack as the article describes. The tale is cautionary and it is important that awareness of this kind of behavior is out there.
Conclusion
Blockchain is not just for financial transactions, there are many other real world applications for it. Understanding why how cryptocurrency works in principle, and the necessity for Coin Mining it breeds, gives us a better preparedness to prevent its illegal usage.
Xomino 