I’ll be honest, up until a few weeks ago, I didn’t know there was such thing as a “crypto mining script” that can be installed on your website.
So let me briefly explain how crypto-mining scripts work. (I’ll try to keep it simple.)
For cryptocurrencies to function, complex computational calculations have to be continually carried out; this process is called mining. Mining is carried out by miners, who earn cryptocurrency by doing so.
It takes a lot of computational power to mine cryptocurrency, which means a lot of energy.
Because energy costs money, some websites install scripts that effectively utilise your computer’s energy to mine cryptocurrency on their behalf. So, the longer you have their site opened in your browser, the more coins they earn using your computer’s energy. (Clever, right?)
Since cryptomining is such a hot trend right now, we thought it would be interesting to find out not only how many sites in the world have crypto-mining scripts installed, but also how many have enough traffic to make this a worthwhile endeavor.
Let’s get to the results!
We crawled all 175,251,729 websites in our database to see how many were mining cryptocurrency.
To clarify, this means that we crawled subdomains, too.
To check for the presence of crypto-mining scripts, we used Wappalyzer.
For those unfamiliar with Wappalyzer, here’s what it does:
Wappalyzer is a cross-platform utility that uncovers the technologies used on websites. It detects content management systems, ecommerce platforms, web frameworks, server software, analytics tools and many more.
Wappalyzer can identify the presence of 14 common crypto-mining scripts.
These scripts include Coinhive, Crypto-Loot, JSECoin, ProjectPoi, and many more.
You can test Wappalyzer for yourself here.
Enter a domain and it tells you what technologies are being used on that website.
But let’s get to the results, shall we?
We found 23,872 unique domains running cryptocurrency mining scripts.
As a percentage of the total 175M+ in Ahrefs’ database, that’s 0.0136%. (Or 1 in 7,353 websites.)
In terms of the actual crypto-mining script these sites are running, Coinhive is the most popular option by far. It accounts for 93.82% of our results—that’s ~22,396 websites.
(We’ll talk more about Coinhive later in the article.)
Let’s take a deeper look at our data to glean some additional insights.
1. How many monthly organic search visitors do these sites get?
Here’s a breakdown of the monthly organic search traffic distribution for these sites (as estimated by Ahrefs):
IMPORTANT! This IS NOT the total traffic; it’s estimated monthly organic search traffic. This means estimated search traffic from Google alone.
You can see that ~91% of websites that have crypto-miners installed are estimated to receive <50 visitors from Google each month—not many at all!
To summarise, most of the sites running crypto-scripts probably receive very little traffic.
We can only speculate as to why this is, but here are a few thoughts:
- Abandoned websites may get hacked: I touched on this earlier. Basically, many people set up websites and then quickly lose interest. These websites are then abandoned and left to rot. Never do they have chance to attract a significant amount of traffic. Because they’re left abandoned, it’s likely that the CMS, theme, and plugin(s) won’t receive any critical updates. This leads to security flaws which in turn, make it easier for hackers to gain access and install crypto-malware. So, while an individual website might only be getting a few dozen visitors per month, hackers may be able to mine a significant amount of cryptocurrency should they hack into, and install crypto-mining scripts on, thousands of websites. (But again, that is a pure speculation, as we didn’t really dig into that.)
- High-traffic have more to lose: Let’s assume you have a website with a ton of monthly search traffic; wouldn’t you avoid anything that may put your website at risk? Of course you would. There has even been rumours in the past that Google might block websites with crypto-mining scripts in Chrome (a browser with ~58% market share). Bottomline: installing crypto-mining scripts simply isn’t worth the risk for high-profile websites.
2. How are these sites distributed across Domain Rating (DR), and how many of these sites are in top 100K by Ahrefs Rank?
Let’s first tackle Domain Rating (DR).
But what is DR?
Domain Rating (DR) is a proprietary Ahrefs’ metric that shows the strength of a target website’s total backlink profile (in terms of its size and quality). DR is measured on a logarithmic scale from 0 to 100, with the latter being the strongest.
Basically, if site has high Domain Rating (DR), it means it has links from a ton of other sites. It’s one way to measure the popularity of that website compared to other websites.
Here’s how the sites running crypto-scripts stack up in terms of DR:
But what about Ahrefs’ Rank?
First, let’s quickly recap what Ahrefs’ Rank is.
If you take all the websites in the world and order them by the size and quality of their backlink profile (basically by their DR), you’ll get the Ahrefs Rank. So Ahrefs Rank #1 belongs to the website with the best backlink profile, #2 is just a bit worse, #3 is a little worse than that, etc.
This means that sites with an Ahrefs’ Rank <= 100K are the top 0.00058% of all sites in the world. Or in other words, for every website with an Ahrefs’ Rank <= 100K, there are 1,751 websites with an Ahrefs’ Rank > 100K.
So how many of the top 100K domains were running cryptocurrency mining scripts?
To put that in perspective, that’s 0.92% of the total number of domains we found running cryptocurrency mining scripts. (Or 1 in 108.)
To put this another way, this means that >99% of domains running crypto-mining scripts are outside of the top 100K domains by Ahrefs’ Rank.
3. How are these sites distributed by top-level domain (TLD)?
I think this one is best illustrated with a pie-chart.
To summarise, the majority of sites reside on .com top-level domains.
But this is to be expected. After all, the majority of sites in our index are .com TLDs.
We decided to include both the TLD distribution of the sites found to have crypto-scripts installed, and the overall TLDs distribution across our entire domains database above. That way you can take a look at the data and spot any trends (or differences) 🙂
4. How many sites belong to “service root domains”?
I know what you’re thinking… “what the heck are service root domains?”
In short, they’re domains where anyone can launch a subdomain and put some content there, so Ahrefs crawler views them as independent websites.
To illustrate, take typepad.com and sethgodin.typepad.com.
Ahrefs’ crawler views these subdomains as separate websites.
Here are some metrics for each:
- typepad.com (DR 83; Ahrefs Rank: 69,944)
- sethgodin.typepad.com (DR 86; Ahrefs Rank: 3,605)
To reiterate, this is because sethgodin.typepad.com is a subdomain dedicated to user-generated content and thus, we treat it as a separate entity to typepad.com.
This is also true for every other typepad.com subdomain (e.g., mygreatblog.typepad.com).
So how many of the 23,872 websites running crypto-scripts belong to so-called “service root domains?”
That’s ~5.48% of all the total number of domains running crypto-scripts.
Even more interestingly, all 1,308 instances were found on these six “service root domains”:
- blog.jp: 1 instance;
- blogspot.com: 1,257 instances;
- canalblog.com: 2 instances;
- squarespace.com : 1 instance;
- us.com : 1 instance;
- weebly.com: 1 instance (more on this one later!)
That’s right; 1,257 out of 23,872 (~5.27%) domains came from blogspot.com.
Our study vs. another similar study
It’s possible that you’ve already seen a somewhat similar study to this with different numbers.
So, we should note that we’re not the first to conduct a study like this.
Troy Mursch from Bad Packets Report ran a very similar study earlier this year—he found cryptojacking scripts installed on 43K+ sites.
But, if Troy found 43K+ sites running crypto-mining scripts, why did we find only 23K?
We believe there is one main reason for this:
Different data sources.
For our study, we used our own index.
The Bad Packets Report study relied on the publicWWW database.
The publicWWW database contains roughly 17.5% more sites than our index.
But why is the publicWWW database larger? I mean, Ahrefs has industry-leading data, right?
It boils down to this: we’re more picky about the sites we choose to include in our index 🙂
In fact, Troy was kind enough to share his data with us. (Thanks, Troy!)
We studied his data and realised that our crawler had come across many of the domains. But it chose not to add them to our index due to their perceived low-quality.
So I guess when you consider the fact that most of the sites we identified to be running crypto-scripts were both low-DR and low-traffic, it makes total sense that our study—using our index—would find fewer instances.
Here are a couple of other potential reasons for the varying results:
- PublicWWW is more of a “historic” database, whereas we ran a fresh crawl of our entire index for the purpose of conducting this study. Thus, our data was super-fresh and up-to-date.
- Wappalyzer is likely a more accurate way to identify the presence of crypto-mining scripts as it performs a live check on the website’s source code.
This isn’t to say that our study is somehow better or worse than Troy’s study (or anyone else’s, for that matter). We just wanted to tackle this discrepancy head-on and provide some transparency.
23,872 sites may sound a lot but given the size of the web, it really isn’t.
We have ~175M sites in our index and we’ll happily admit that this is only a tiny fraction of the total number of sites on the web.
And even if the entire web was only this size (which it isn’t), that would still mean that only 1 in 7,353 websites run crypto-mining scripts—not many at all.
At the very least, this could save you from a drained laptop battery.
Did you find this data interesting or insightful?
Let me know in the comments! 🙂