• Crypto-jacking, or malicious crypto mining, accounted for 73 percent of ill-gotten gains from crypto-malware between 2017-2021.
  • Trojans, Crypto-jacking, clippers, and info stealers are the less sophisticated mechanisms that are draining millions from individual people.

 

Of all the varying types of crypto-malware, excluding ransomware, cryptojacking brought in the most (73 percent) gains for malicious actors between 2017-2021. This information is per a Jan. 19 report from blockchain analysis firm Chainalysis.

Of note, malware, short for ‘malicious software,’ conduct ill-intended activities on users’ devices after being downloaded without their knowledge. Malware imposes a wide array of damage including, information theft, distributed-denial-of-service (DDoS), and ad fraud on an extensive scale, among other ills. Cryptojacking specifically consumes the user’s computing power to mine crypto. Monero is the most mined in this case, with Zcash (ZEC) and Ethereum (ETH) mined on a smaller scale.

Related: Chainalysis report: Crypto scams and ransomware activity on the rise in Eastern Europe

Other than crypto-jacking, Chainalysis also covered other types of crypto-malware and the value they generated in that period: Trojans (19 percent), ‘Others’ (5 percent), info stealers, and clippers (1 percent each). Info stealers, as the name suggests, swipe victims’ crypto wallet info and account credentials. Meanwhile, clippers hijack the victim’s clipboard and insert a cybercriminal’s wallet address when victims are pasting a sending address.

Low-grade crypto-malware bringing in millions

Importantly, Chainalysis emphasized that these softwares are cheap and easy to use, making them quite common among “low-skilled cybercriminals.”

While most tend to focus on high-profile ransomware attacks against big corporations and government agencies, cybercriminals are using less sophisticated types of malware to steal millions in cryptocurrency from individual holders.

After siphoning crypto assets, cybercriminals send the “majority of funds on to addresses at centralized exchanges” despite the risk of being discovered due to KYC protocols. However, Chainalysis notes that this figure has significantly declined over the years. Centralized exchanges in 2021 received 54 percent of funds from those addresses, compared to 75 percent in 2020 and about 90 percent in 2019.

DeFi protocols make up much of the difference at 20% in 2021, after having received a negligible share of malware funds in 2020.

Further details

For crypto-jacking malware, Chainalysis says it is hard to know exactly the amount of funds it has generated. This is because cyber criminals transfer funds from mempools to unknown mining addresses, rather than from wallet to wallet.

The firm, however, projects this malware to have generated about three-quarters of the total monetary gains from crypto-malware. It also highlights a 2020 report by Cisco’s cloud security division, saying 69 percent of its clients were the victims of crypto-jacking. Another report by Palo Alto Networks in 2018 estimated that 5 percent (about $100M at the time) of Monero’s circulating supply resulted from crypto-jacking.

On the other hand, clippers and info stealers received a combined 5,974 transfers from victims in 2021, up from 5,449 in the year before.