Generated by Codex with GPT-5
This summary covers The Economist’s April 25th, 2026 Science & technology article listed in the contents as Crypto-jacking and published under the headline Whose mine is it anyway?.
The article argues that crypto-jacking has become a durable form of cybercrime because it turns other people’s computing infrastructure into a hidden energy subsidy. Mining cryptocurrencies can be expensive because it consumes large amounts of processing power and electricity. Criminals can cut that cost most brutally by forcing victims to provide both.
That makes crypto-jacking less spectacular than ransomware or data theft, but not necessarily less damaging. Instead of announcing itself with a ransom note, it hides in servers, laptops, phones, websites and cloud accounts, quietly converting stolen compute into tokens while the victim absorbs the bill.
A Low-Drama Crime With High Costs
The basic economics are simple. A miner earns crypto only if computers keep working on cryptographic puzzles. A legitimate miner must pay for machines, electricity, cooling and maintenance. A crypto-jacker tries to keep the upside while pushing those costs onto someone else.
The article notes that crude versions of the scheme still exist. Someone may physically stash mining hardware in an organisation’s crawlspace or storage room and draw on its power. But that approach can be discovered, and the hardware can be seized. The more scalable version is remote: attackers sneak mining software onto computers they do not own.
That remote version is spreading. The article cites GreyNoise, an American security firm, which reported that detected crypto-jacking instances rose by about 20% during 2025. Sysdig, a San Francisco security company, has estimated that every \$1 in crypto produced this way costs victims an average of \$53 in computing expenses. The imbalance is the point. Crypto-jacking is profitable because the criminal captures the token while the target pays the operating cost.
It is also easier than many other cybercrimes. Attackers do not always need to steal sensitive data, trick an executive into wiring money or maintain access long enough to negotiate a ransom. They need vulnerable machines, mining code and time.
Why The Targets Are So Available
Crypto-jackers benefit from the ordinary messiness of modern computing. Many machines are misconfigured, left with default settings or slow to receive patches. Web-crawling bots can scan the internet for these weaknesses and alert attackers when a promising target appears.
Corporate servers are especially tempting. They are powerful, usually online all day and expected to show traffic spikes. That makes illicit mining harder to distinguish from normal workloads. Servers can also sit at the centre of a wider network, giving mining code a path to spread from the hub to connected machines.
Cloud systems create a related opportunity. Attackers can search public code repositories such as GitHub for accidentally exposed login credentials, or use automated attempts to guess weak passwords. The article points to cases in which public agencies and private victims were left with large cloud-computing bills while attackers kept the mined tokens. In one case involving rented servers used by USAID, the cost reached nearly \$500,000; in another, a Nebraska man was sentenced after allegedly generating almost \$1m in tokens while imposing more than \$3.5m in cloud charges on victims.
The target list is widening beyond corporate infrastructure. Security researchers say personal laptops and phones have become more attractive as Monero and similar currencies remain mineable on ordinary devices. Individuals are softer targets than companies with dedicated security teams. Malicious scripts can hide in email attachments, free apps, infected websites, web browsers and online advertisements. To the user, the only visible clues may be a hot device, a drained battery, poor performance or a larger bill.
The Arms Race
The article’s most important point is that crypto-jacking persists because the incentives remain intact. As long as some cryptocurrencies can be mined profitably and anonymously enough, there will be a reason to steal compute. Falling crypto prices may reduce the reward, but they do not remove the technique.
Defenders are adapting. Security firms now look not only for known malicious files, but also for suspicious patterns in processing loads, data traffic and electricity usage. A machine that suddenly runs hot at odd hours, or a cloud account that starts consuming far more resources than usual, may be signalling an infection. Google and Microsoft are also adding advanced AI models to security products in the hope that pattern detection will improve faster than attackers can disguise their scripts.
But the attackers are adapting too. Some mining code is now packaged as “fileless” malware, meaning it leaves fewer conventional traces on a device’s storage. That makes older antivirus methods less reliable. The article treats this as an arms race rather than a solvable nuisance: defenders get better at spotting anomalies, while criminals get better at blending into normal compute activity.
The Takeaway
Crypto-jacking is best understood as theft of capacity. The stolen thing is not usually a database or a password, but the ability of computers and electricity budgets to do work. That makes the crime easy to underestimate. Nothing may appear missing, yet the victim’s infrastructure has been turned into someone else’s mine.
The practical lesson is that cyber-security must pay attention to resource abuse, not just data loss. Stronger credential hygiene, faster patching, tighter cloud permissions and better monitoring of compute spikes all matter because crypto-jacking thrives in neglected corners.
The broader lesson is about incentives. Cryptocurrencies convert processing power into money; crypto-jackers convert insecure systems into processing power. Until that chain becomes less profitable, the article suggests, the hidden mining will continue.