27 Cryptojacking Statistics You Need to Know in 2023

Simply put, cryptojacking refers to the unauthorized use of someone else’s computing resources to mine cryptocurrencies. 

This cybercrime can have severe consequences, ranging from reduced system performance on devices affected to financial losses for targeted individuals.

To better understand its impact, we have compiled a list of some of the most astonishing cryptojacking statistics. 

These statistics shed light on the scale of the problem and highlight the need for better protection against this type of threat. 

So, let’s dive in and discover its incredible impact!


Mind-boggling cryptojacking statistics

Before delving deep, here are some quick shocking cryptojacking statistics:

  • In the first half of 2021, 51.1 million cryptojacking incidents were recorded, an increase of 23% over the first half of 2020
  • In 2022, there were an average of 15.02 million cryptojacking cases per month, marking an 86% increase from the previous year’s average of 8.09 million per month.
  • Monero (XMR) is the most popular cryptocurrency for malicious mining
  • Ethiopia, where cryptocurrencies are banned officially, has the highest number of attacked users.
  • In Europe, cryptojacking rose by over 248% in the first half of 2021
  • 450+ malicious Python packages were detected on PyPI (Python Package Index), which installed harmful Chromium browser extensions to hijack crypto transactions on browser wallets and sites.

General cryptojacking statistics

So, let’s start with some general cryptojacking statistics.

Hopefully, they will provide valuable insights into this malicious practice that exploits unsuspecting users’ computing power for unauthorized cryptocurrency mining.

1. The first occurrence of cryptojacking surfaced in September 2017

(Source: Allot)

In September 2017, the concept of cryptojacking surfaced with the introduction of code on a website named Coinhive.

It allowed crypto miners to utilize the processing power of third-party CPUs to mine the cryptocurrency Monero through a small donation of their processing capacity.

After the introduction of Coinhive, several malicious websites imitated its script to allow miners to illicitly take control of computing resources from servers, personal computers, and mobile devices.

2. In the Q3 of 2022, the country with the highest number of attacked users was Ethiopia

(Source: Kaspersky’s Solutions)

Notably, Ethiopia, where the use and mining of cryptocurrencies are illegal, was the country most frequently targeted in Q3 of 2022, with a rate of 2.38%. 

In second and third place were Kazakhstan with 2.13% and Uzbekistan with 2.01%.

3. More than 20% of the cryptojacking domains last less than nine days

(Source: University of California)

Research shows that cryptojacking domains are short-term. In fact, over 20% of them have a lifespan of less than nine days. 

This may be likely due to detection and mitigation efforts. 

In comparison, blacklists, which serve as a means to block access to these malicious domains, get updates every 10 to 20 days on average.

4. 20% of the cryptojacking domains are marked as advertisements.

(Source: University of California)

Unlike regular ads, malicious mining is sneakier and seems more profitable, making it attractive to conventional advertising services.

Studies have found that 20% of cryptojacking domains disguise as advertisements.

5. Monero (XMR) is the most popular cryptocurrency for malicious mining.

(Source: Kaspersky’s Solutions)

A significant portion of the malicious mining software samples analyzed (48%) was found to be covertly mining the Monero (XMR) crypto through the victim’s system. 

Monero is well-known for its sophisticated technology, which obfuscates transaction data to ensure maximum privacy. 

The privacy features of Monero, including the inability of observers to trace addresses, transaction amounts, address balances, or transaction histories, make it a desirable option for cybercriminals.

6. Bitcoin (BTC) was cybercriminals’ second choice, with a share of 17%.

(Source: Kaspersky’s Solutions)

Despite being the most well-known cryptocurrency, Bitcoin (BTC) was the second choice of cyber criminals, with a share of 17%. Ethereum (ETH), commonly used for exchanging non-fungible tokens (NFTs), came in third with a share of 14%. 

Other cryptocurrencies involved include Litecoin (LTC), Bit Hotel (BTH), Dash (DASH), Dogecoin (DOGE), and Neo (NEO).

Frequency and growth in cryptojacking activities.

Generally, since 2017 when the first cryptojacking incident emerged, it has been increasing in frequency.

In fact, cybercriminals use this method more often now as an alternative to traditional malware and ransomware attacks.

Check out some of the stats that showcase this.

7. There was 43% in cryptojacking attempts between 2021 and 2022.

(Source: Statista)

From 2018 to 2022, there was a gradual rise in global cryptojacking attempts. 

These incidents were 57.55 million in 2018, 97.06 in 2021. However, it nearly reached 140 million in 2022, marking a significant 43 percent increase compared to the previous year.

Overall, it made a 141.95% increase between 2018 and 2022. 

8. With 37%, the US has the highest number of cryptojacking activities blocked between January 2017 to July 2018.

(Source: Symantec Corporation)

From January 2017 to July 2018, most blocked cryptojacking activities occurred in the United States, accounting for 37% of the total. 

Japan followed with 14%, and France with 10%. These statistics highlight the global nature of cryptojacking.

9. WannaMine has infected more than 75,000 devices since its discovery in 2017.

(Source: Symantec Corporation)

WannaMine employs various techniques, including Windows Management Instrumentation and credential stealers, to establish persistence and spread across multiple computers. 

It exploits the Oracle WebLogic Server Remote Security Vulnerability as its initial infection method. 

Additionally, the criminals responsible for WannaMine exploit vulnerable JBoss servers using the open-source tool JexBoss. 

Since its discovery in October 2017, it has infected over 75,000 devices.

10. Between January and October 2022, 215,843 new variations of miners were identified.

(Source: Kaspersky’s Solutions)

In 2022, there was a significant surge in the creation of malicious mining software modifications. 

Between January and October of that year, Kaspersky identified a whopping 215,843 new variations of miners. 

This number is more than double the amount detected during the same period in 2021, which was just over 100,000.

11. In Europe, cryptojacking rose by over 248% in the first half of 2021

(Source: SonicWall Cyber Threat Report)

There was a staggering 248% increase in cryptojacking incidents in Europe, with attack volumes skyrocketing in May and June. 

During these months, the attack volumes were 50 and 23 times higher than during the same period last year.

12. There were 139.3 million cryptojacking attacks in 2022, marking a 43% rise from 2021.

(Source: SonicWall Cyber Threat Report)

In 2022, ransomware operators shifted towards more stable and discreet methods of generating revenue, resulting in a significant increase in cryptojacking attacks. 

SonicWall reported a record high of 139.3 million cryptojacking attacks in 2022, marking a 43% rise from 2021 and a staggering 142.3% increase since 2018. 

The number of attacks is expected to grow, especially in Europe, which experienced a staggering 549% surge in attack volume over the years.

13. In the first half of 2021, 51.1 million cryptojacking incidents were recorded, an increase of 23% over the first half of 2020

(Source: SonicWall Cyber Threat Report)

In Q1 of 2021, there was a significantly higher number of cryptojacking incidents than in any quarter since 2018, when tracking these attacks began.

The unusually high levels during the first few months of the year resulted in 51.1 million cryptojacking attacks during the first half of 2021, representing a 23% increase compared to the same period in 2020.

14. 450+ malicious Python packages were detected on PyPI that installed harmful Chromium browser extensions.

(Source: Bleeping computer)

The Python Package Index (PyPI) is a repository for software dedicated to the Python programming language. 

It plays a crucial role in facilitating the discovery and installation of software created and shared by the Python community.

However, over 450 malicious PyPI python packages installed malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites.

This discovery is a continuation of a campaign initially launched in November 2022, which started with only twenty-seven malicious PyPi packages, and now greatly expanding over the past few months.

15.  400,000 crypto-mining malware samples were detected in Q4 2017, while 2.5 million known samples were found in Q1 2018.

(Source: McAfee Labs Threats Report)

In the fourth quarter of 2017, McAfee, an anti-malware vendor, detected approximately 400,000 samples of cryptomining malware. 

However, this number increased dramatically by 525% to over 2.5 million samples in Q1 2018.

16. 24.56% of malware families found running on Linux were coin miners.

(Source: TrendMicro 2021 Midyear Cybersecurity Roundup)

A study conducted between January 1 and June 30, 2021, detected the most prevalent malware families on Linux servers. 

A cryptocurrency miner was the most common type of malware during this period.

Cybercriminals often take advantage of the abundant computing power available in the cloud to carry out their mining operations.

17.  Cryptocurrency miners were the most detected malware in the first half of 2021

(Source: TrendMicro Midyear Cybersecurity Roundup)

With 74,490 detections, Crypto miners have emerged as the most detected malware in the first half of 2021, surpassing Wannacry’s 6108, which had held the top spot for a few years. 

18.  Coinhive.com was the most blocked webpage for Trojan-Bitcoin-related links, with 750 million blocks.

(Source: Allot)

Allot’s report on blocked links to questionable websites in three European countries from November 2017 to February 2018 showed that most of these blocks were related to Trojan-Bitcoin infections. 

This indicates a high prevalence of malware infections linked to Bitcoin transactions.

The report also revealed that the most blocked webpage was coinhive.com, with a staggering 750,000,000 blocks.

Statistics on the impact of cryptojacking activities

Cryptojacking has a global impact, targeting individuals, organizations, and public websites alike. 

Here are some stats showing its impacts.

19. Cryptojacking workloads cost more than 278K kWh of extra power daily

(Source: University of California)

Cryptojacking workloads consume an additional daily power of over 278,000 kilowatt-hours (kWh).

This is equivalent to the energy consumption of a small town housing approximately 9,300 residents.

20. Q1 2022 saw the biggest number of users (over 500,000) affected by malicious mining software.

(Source: Kaspersky)

During the first quarter of 2022, over 500,000 individuals fell victim to malicious mining software attacks. 

The quarter witnessed the highest number of users affected by such malicious activities.

Interestingly, despite the surge in affected users, the number of new malicious miner variants introduced during this period was relatively low. 

This meant a lower frequency of new strains or variations of the mining software discovered or created during Q1 2022.

21. In 2019, a vulnerability in the firmware of MikroTik routers resulted in approximately 1.4 million routers being infected with cryptomining codes

(Source: Delft University of Technology)

Through a firmware vulnerability in MikroTik routers, cybercriminals can hijack user traffic and insert cryptomining code into every outgoing web connection. 

This allows them to profit from the mining activity whenever anyone behind an infected router visits a web page. 

The research was conducted over 10 months and examined the activities of these criminals who controlled up to 1.4 million routers. This accounts for approximately 70% of all MikroTik devices worldwide

22.  69% of Cisco customers were affected by crypto mining malware activity in 2020.

(Source: Cisco)

In 2020, Cisco discovered that More than two-thirds of its customers were impacted by crypto-mining malware, creating a substantial volume of malicious DNS traffic and excessive consumption of computing resources.

23.  Apps can take 5-10 times longer to start when the computer is being used for coin mining.

(Source: Symantec Corporation)

Apps can experience significant delays of 5-10 times their normal startup time when the computer is being used for coin mining. 

This affects individuals by causing frustration and reducing productivity when their devices slow down.

Also has consequences for organizations, in some cases, self-propagating coin miners may necessitate the shutdown of corporate networks to clean up the system effectively.

24.  86% of compromised GCP instances used for cryptocurrency mining

(Source: Threat Horizons Executive Snapshot)

Malicious actors used compromised Cloud instances for cryptocurrency mining.

According to the findings, 86% of the 50 recently compromised GCP instances were exploited for this purpose.

Furthermore, 10% of the compromised instances were found to be scanning public resources online in search of vulnerable systems, while 8% were observed launching attacks on other targets.

Earnings from cryptojacking activities

The financial gains from cryptojacking can be substantial for cybercriminals. 

And often, this is at the expense of companies and individuals. Here are some surprising cryptojacking stats showing these perpetrators’ profits.

25. Cryptojacking through a MITM attack on routers is 30 times more lucrative than other means

(Source: Delft University of Technology)

Cryptojacking through a MITM attack on routers has proven significantly more lucrative, around 30 times more profitable, than other commonly observed attack methods. 

In fact, the most successful MITM attacker earns a whopping five times more revenue compared to the combined earnings of the top 10 website-based cryptojackers.

26.  File-based mining can earn a cryptojacker up to $750k in 30 days, while browser-based mining up to $30k.

(Source: Symantec Corporation)

A browser-based coin miner can generate approximately one cent per machine within 24 hours of continuous mining. 

However, file-based miners could increase this amount to 25 and 50 cents every 24 hours. 

The actual return on investment relies heavily on the device’s processing power and the value of the mined currency. 

For instance, if a botnet consisting of 100,000 bots continuously engaged in browser-based mining for 30 days, it could earn $30,000. 

On the other hand, a file-based miner has the potential to make $750,000 in the same timeframe. 

The potential for significant profits exists in cryptojacking, but the scale of operations is a crucial factor in determining the outcomes.

27.  A Bitcoin Cryptojacker wallet mined up to 1.79 BTC, the equivalent of more than US$34K per month

(Source: Kaspersky’s Solutions)

The profits obtained by cybercriminals differ significantly depending on the coin. According to some analysis of Bitcoin wallets, the monthly average was 0.08 BTC or approximately US$1.6K.

However, one wallet stood out due to the considerably larger transaction amounts. In September 2022, this wallet received almost 1.79 BTC, worth more than US$34K during the research.

Wrap up

The impact of cryptojacking can be significant for both individuals and businesses. 

For individuals, it can cause decreased device performance, increased power consumption, and even hardware damage.

It can lead to lost productivity, more IT costs, and even business data breaches.

The sad part is the number of cryptojacking attacks has increased in recent years. 

This is due to several factors, including the rising value of cryptocurrencies, the sophistication of the malware, and the growing number of vulnerable devices. 

The abovementioned cryptojacking statistics bring awareness of the risks and necessity for individuals and organizations to take proactive measures to protect their devices from infection.


How much money does cryptojacking make?

File-based mining can earn a cryptojacker up to $750k in 30 days, while browser-based mining up to $30k.

Is cryptojacking on the rise?

Yes, cryptojacking is on the rise. 
This is due to several factors, including the rising value of cryptocurrencies, the increasing sophistication of malware, and the growing number of vulnerable devices.

How illegal is cryptojacking?

Cryptojacking is illegal in many jurisdictions.

In the United States, for example, it is a form of cybercrime and can be prosecuted under the Computer Fraud and Abuse Act (CFAA). At the same time, it is illegal in the UK under the Misuse of Computers Act. The penalties for cryptojacking can be severe, including fines and imprisonment.


  1. Kaspersky’s solutions
  2. SonicWall Cyber Threat Report
  3. Bleeping Computer
  4. University of California
  5. TrendMicro Midyear Cybersecurity Roundup
  6. Allot
  7. Delft University of Technology
  8. Symantec Corporation
  9. Threat Horizons Executive Snapshot
  10. Cisco
  11. Statista
  12. McAfee Labs Threats Report
  13. SonicWall Cyber Threat Report