If you have experienced unusually slow performance from your computer, reduced battery life, or visited affected websites, we recommend:
Unauthorised cryptocurrency mining could also be done by malware. Visit our malware page for information on how to recover from malware.
For website administrators
In certain cases, some technical measures can also help prevent inclusion of compromised third-party resources:
SRI (Sub-Resource Integrity) allows the browser to check a cryptographic hash of the script to ensure that your users are running the unaltered version. However, SRI will only work if the script is relatively static. If it changes regularly, the signature will no longer be valid and the script will not be loaded by users. Also, browser support for SRI is not universal.
CSP (Content Security Policy) allows you to whitelist locations where scripts can be loaded from. Several independent researchers have written that having a well-defined CSP in place would have blocked this type of attack.
We recommend putting the above mitigating measures in place where practical, and while we recognise these will not necessarily protect end-users in all cases, they will reduce the chances of them experiencing unauthorised cryptomining.