{"id":5714,"date":"2026-06-11T10:52:37","date_gmt":"2026-06-11T10:52:37","guid":{"rendered":"https:\/\/adex.com\/blog\/?p=5714"},"modified":"2026-06-11T10:54:19","modified_gmt":"2026-06-11T10:54:19","slug":"cryptojacking-in-advertising","status":"publish","type":"post","link":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/","title":{"rendered":"Cryptojacking in Advertising: How Malicious Scripts Hijack Your Users&#8217; Devices"},"content":{"rendered":"\n<p>Publishers running programmatic advertising generally expect their ad inventory to deliver content: a banner, a video, or a native placement. What they do not expect is for that inventory to silently turn every visitor&#8217;s device into a cryptocurrency mining node. Cryptojacking via ad scripts does exactly that, leaving no obvious trace in standard campaign reporting.<\/p>\n\n\n\n<p>The attack is not new, but its mechanics have evolved. After <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/coinhive-in-browser-cryptomining-service-shuts-down-on-march-8\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Coinhive, the mining service most associated with early browser-based cryptomining, shut down in March 2019<\/a>, the assumption in some quarters was that the threat had peaked. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/coinhive-dead-but-browser-based-cryptomining-still-a-threat\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">It had not<\/a>.\u00a0<\/p>\n\n\n\n<p>The infrastructure moved to less visible pools, delivery methods diversified, and cryptojacking remained profitable thanks to its low operating costs.<\/p>\n\n\n\n<p>Here, we will break down how cryptojacking enters ad inventory, what it does on devices, why it is harder to detect than other forms of malvertising, and how responsible platforms address the problem.<\/p>\n\n\n<div class=\"toc\"><h4 class=\"toc__title\" id=\"contents\">Contents<\/h4><ul class=\"toc__list\"><li class=\"toc__list_item\"><a href=\"#what-cryptojacking-is-and-what-makes-it-different-from-other-malvertising\">What Cryptojacking Is And What Makes It Different from Other Malvertising<\/a><\/li><li class=\"toc__list_item\"><a href=\"#how-the-script-gets-into-ad-inventory\">How the Script Gets Into Ad Inventory<\/a><\/li><li class=\"toc__list_item\"><a href=\"#what-happens-on-the-device-the-mechanics-of-in-browser-mining\">What Happens on the Device: The Mechanics of In-Browser Mining<\/a><\/li><li class=\"toc__list_item\"><a href=\"#why-advertisers-and-publishers-pay-the-price\">Why Advertisers and Publishers Pay the Price<\/a><\/li><li class=\"toc__list_item\"><a href=\"#detection-signals-what-cryptojacking-looks-like-in-the-data\">Detection Signals: What Cryptojacking Looks Like in the Data<\/a><\/li><li class=\"toc__list_item\"><a href=\"#how-ad-platforms-defend-against-cryptojacking\">How Ad Platforms Defend Against Cryptojacking<\/a><\/li><li class=\"toc__list_item\"><a href=\"#faq\">FAQ<\/a><\/li><\/ul><\/div><style>\n.toc {}\n.toc__title {\n      font-size: 32px;\n    line-height: 40px;\n    font-weight: 700;\n}\n.toc__list_item {\n    color: #FE645A !important;\n}\n.toc__list_item:not(:last-child){\n    margin-bottom: 5px;\n}\n.toc__list_item a {\n    font-size: 18px;\n    line-height: 24px;\n    color: #FE645A;\n    font-weight: 600;\n}\n.toc__list_item a:hover {\n    text-decoration: underline;\n}\n@media (max-width: 1023px) {.toc__title {font-size: 24px;line-height: 32px;}}\n<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-cryptojacking-is-and-what-makes-it-different-from-other-malvertising\">What Cryptojacking Is And What Makes It Different from Other Malvertising<\/h2>\n\n\n\n<p>Most malvertising is designed to redirect: it pushes the user to a destination they did not intend to reach, either via a forced landing page, a fake alert, or a drive-by download. The goal is immediate and visible, which also means it is relatively easy to detect and report.&nbsp;<\/p>\n\n\n\n<p>Cryptojacking works on a different logic. The script does not need the user to click anything, install anything, or notice anything. It loads silently in the browser, identifies idle CPU cycles, and uses them to perform the hash calculations required by cryptocurrency mining.&nbsp;<\/p>\n\n\n\n<p>From the user&#8217;s perspective, the page loaded normally. Their device just runs a little hotter and a little slower than usual \u2013 easy to attribute to a heavy page, a background app, or an aging battery.<\/p>\n\n\n<div class=\"block__bord\"><div class=\"block__bord_desc\"><p><strong>That invisibility is the defining characteristic. Cryptojacking is not about stealing credentials or redirecting traffic. Instead, it\u2019s trying to go unnoticed for as long as possible, extracting value from the device&#8217;s processing power rather than from the user&#8217;s data or actions. The longer it runs undetected, the more it earns.<\/strong><\/p>\n<\/div><\/div>\n<style>\n.block__bord { margin: 32px 0; padding: 1.25em 2.375em;\tborder-radius: 24px; background: rgba(0, 220, 200, 0.20); }\n.block__bord_desc {font-size: 16px !important;font-weight: 400 !important;color: #606060 !important;}\n<\/style>\n\n\n\n<p>This changes the detection problem significantly. The signals that catch standard malvertising \u2013 redirect chains, suspicious landing page domains, user complaints about unexpected navigation \u2013 do not apply.&nbsp;<\/p>\n\n\n\n<p>The signals for cryptojacking are performance-based: CPU load, browser process behavior, and device temperature. Most ad monitoring setups are not instrumented to catch these.<\/p>\n\n\n<div class=\"block__preview\">\n        <a href=\"https:\/\/adex.com\/blog\/device-fingerprinting-fraud-prevention-gdpr\/\" class=\"block__preview_img\"><img src=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-device-fingerprinting-balance.png\" srcset=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-device-fingerprinting-balance.png\" sizes=\"100vw\" alt=\"How to balance between device fingerprinting and user security?\" decoding=\"async\" class=\"lazy\"><\/a>\n    <div class=\"block__preview_box\">\n        <a href=\"https:\/\/adex.com\/blog\/category\/guides\/\" class=\"block__preview_box-cat\">Guides<\/a>        <h3 class=\"block__preview_box-title\" id=\"device-fingerprinting-for-fraud-prevention-navigating-gdpr-and-privacy-constraints\"><a href=\"https:\/\/adex.com\/blog\/device-fingerprinting-fraud-prevention-gdpr\/\">Device Fingerprinting for Fraud Prevention: Navigating GDPR and Privacy Constraints<\/a><\/h3>\n    <\/div>\n<\/div>\n<style>\n.block__preview {display: flex;align-items: center;justify-content: center; margin: 32px 0;}\n.block__preview a {text-decoration: none;}\n.block__preview_img {min-width: 360px;max-width: 360px;min-height: 188px;width: 100%;height: 100%;}\n.block__preview_img img {width: 100%;height: 100%;}\n.block__preview_box {margin-left: 40px;max-width: 360px;}\n.block__preview_box-cat {color: #00B8A7 !important;font-weight: 600;font-size: 12px;line-height: 16px;text-transform: uppercase; display: block; margin-bottom: 4px;}\n.block__preview_box-cat:hover {color: #FE645A !important; text-decoration: none !important;}\n.block__preview_box-title {font-size: 20px;font-weight: 700;line-height: 24px;color: #0B172D;}\n.block__preview_box-title a {color: #0B172D !important;}\n.block__preview_box-title a:hover {color: #FE645A !important;}\n@media screen and (max-width: 768px) {.block__preview {flex-direction: column;}.block__preview_box {max-width: 100%; margin-top: 32px;margin-left: 0px;}.block__preview_img {max-width: 100%;min-width: 100%;min-height: 100%;}}<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-the-script-gets-into-ad-inventory\">How the Script Gets Into Ad Inventory<\/h2>\n\n\n\n<p>There are three main entry points, each with different implications for who is responsible and where the defense needs to sit.<\/p>\n\n\n\n<div class=\"adex-cryptojacking-vectors-block\">\n  <style>\n    .adex-cryptojacking-vectors-block,\n    .adex-cryptojacking-vectors-block * {\n      box-sizing: border-box;\n    }\n\n    .adex-cryptojacking-vectors-block {\n      width: 100%;\n      max-width: 900px;\n      margin: 40px auto;\n      padding: 0 16px;\n      font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Arial, sans-serif;\n      color: #111111;\n      background: #ffffff;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-title {\n      margin: 0 0 4px;\n      text-align: center;\n      font-size: 18px;\n      line-height: 1.25;\n      font-weight: 700;\n      letter-spacing: -0.01em;\n      color: #000000;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-subtitle {\n      margin: 0 0 32px;\n      text-align: center;\n      font-size: 14px;\n      line-height: 1.45;\n      color: #666666;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-grid {\n      display: grid;\n      grid-template-columns: repeat(3, minmax(0, 1fr));\n      gap: 12px;\n      align-items: stretch;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-path {\n      display: grid;\n      grid-template-rows: 76px 1fr 78px;\n      min-width: 0;\n      height: 100%;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-path-header {\n      display: flex;\n      flex-direction: column;\n      justify-content: center;\n      padding: 14px 16px;\n      background: #000000;\n      border-radius: 6px 6px 0 0;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-path-label {\n      margin: 0 0 5px;\n      font-size: 10px;\n      line-height: 1.2;\n      font-weight: 700;\n      text-transform: uppercase;\n      letter-spacing: 0.08em;\n      color: #00e6d1;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-path-title {\n      margin: 0;\n      font-size: 15px;\n      line-height: 1.3;\n      font-weight: 700;\n      color: #ffffff;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-path-body {\n      display: grid;\n      grid-template-rows: 104px 20px 120px 20px 92px;\n      gap: 10px;\n      padding: 16px;\n      background: #ffffff;\n      border: 1.5px solid #e8e8e8;\n      border-top: none;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-step {\n      display: flex;\n      flex-direction: column;\n      justify-content: flex-start;\n      padding: 11px 12px;\n      background: #f9f9f9;\n      border-left: 3px solid #cccccc;\n      overflow: hidden;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-step--primary {\n      border-left-color: #00e6d1;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-step-label {\n      margin: 0 0 5px;\n      font-size: 11px;\n      line-height: 1.2;\n      font-weight: 700;\n      text-transform: uppercase;\n      letter-spacing: 0.06em;\n      color: #888888;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-step--primary .acv-step-label {\n      color: #00e6d1;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-step-text {\n      margin: 0;\n      font-size: 14px;\n      line-height: 1.45;\n      color: #111111;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-arrow {\n      display: flex;\n      align-items: center;\n      justify-content: center;\n      text-align: center;\n      font-size: 18px;\n      line-height: 1;\n      color: #cccccc;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-defense {\n      display: flex;\n      flex-direction: column;\n      justify-content: center;\n      padding: 12px 14px;\n      background: #f0fffe;\n      border: 1.5px solid #00e6d1;\n      border-top: 3px solid #00e6d1;\n      border-radius: 0 0 6px 6px;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-defense-label {\n      margin: 0 0 3px;\n      font-size: 10px;\n      line-height: 1.2;\n      font-weight: 700;\n      text-transform: uppercase;\n      letter-spacing: 0.06em;\n      color: #007a6e;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-defense-text {\n      margin: 0;\n      font-size: 13px;\n      line-height: 1.35;\n      font-weight: 500;\n      color: #000000;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-endpoint {\n      display: flex;\n      align-items: center;\n      gap: 16px;\n      margin-top: 20px;\n      padding: 16px 24px;\n      background: #000000;\n      border-radius: 6px;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-endpoint-line {\n      width: 3px;\n      height: 36px;\n      flex-shrink: 0;\n      background: #00e6d1;\n      border-radius: 2px;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-endpoint-label {\n      margin: 0 0 4px;\n      font-size: 10px;\n      line-height: 1.2;\n      font-weight: 700;\n      text-transform: uppercase;\n      letter-spacing: 0.08em;\n      color: #00e6d1;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-endpoint-text {\n      margin: 0;\n      font-size: 14px;\n      line-height: 1.4;\n      font-weight: 500;\n      color: #ffffff;\n    }\n\n    .adex-cryptojacking-vectors-block .acv-source {\n      margin: 14px 0 0;\n      text-align: center;\n      font-size: 11px;\n      line-height: 1.3;\n      color: #aaaaaa;\n    }\n\n    @media (max-width: 860px) {\n      .adex-cryptojacking-vectors-block {\n        max-width: 760px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-grid {\n        grid-template-columns: 1fr;\n        gap: 18px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-path {\n        grid-template-rows: auto auto auto;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-path-header {\n        min-height: 72px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-path-body {\n        grid-template-rows: auto 20px auto 20px auto;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-step {\n        min-height: 82px;\n        overflow: visible;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-defense {\n        min-height: 72px;\n      }\n    }\n\n    @media (max-width: 520px) {\n      .adex-cryptojacking-vectors-block {\n        margin: 32px auto;\n        padding: 0 12px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-title {\n        font-size: 16px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-subtitle {\n        font-size: 13px;\n        margin-bottom: 24px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-path-header {\n        padding: 13px 14px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-path-body {\n        padding: 14px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-step-label {\n        font-size: 10.5px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-step-text {\n        font-size: 13.5px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-defense-text {\n        font-size: 12.5px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-endpoint {\n        align-items: flex-start;\n        padding: 15px 18px;\n      }\n\n      .adex-cryptojacking-vectors-block .acv-endpoint-text {\n        font-size: 13px;\n      }\n    }\n  <\/style>\n\n  <p class=\"acv-title\">Three Entry Vectors for Cryptojacking Scripts in Ad Inventory<\/p>\n  <p class=\"acv-subtitle\">Where in the supply chain each attack originates \u2014 and where defense must sit<\/p>\n\n  <div class=\"acv-grid\">\n    <div class=\"acv-path\">\n      <div class=\"acv-path-header\">\n        <p class=\"acv-path-label\">Path 01<\/p>\n        <p class=\"acv-path-title\">Compromised Creative<\/p>\n      <\/div>\n\n      <div class=\"acv-path-body\">\n        <div class=\"acv-step acv-step--primary\">\n          <p class=\"acv-step-label\">Attacker<\/p>\n          <p class=\"acv-step-text\">Submits creative with obfuscated mining script in JavaScript<\/p>\n        <\/div>\n\n        <div class=\"acv-arrow\">\u2193<\/div>\n\n        <div class=\"acv-step\">\n          <p class=\"acv-step-label\">Platform<\/p>\n          <p class=\"acv-step-text\">Creative passes review if scanning is insufficient<\/p>\n        <\/div>\n\n        <div class=\"acv-arrow\">\u2193<\/div>\n\n        <div class=\"acv-step\">\n          <p class=\"acv-step-label\">Trigger<\/p>\n          <p class=\"acv-step-text\">Script executes on ad render<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"acv-defense\">\n        <p class=\"acv-defense-label\">Defense point<\/p>\n        <p class=\"acv-defense-text\">Creative scanning at submission<\/p>\n      <\/div>\n    <\/div>\n\n    <div class=\"acv-path\">\n      <div class=\"acv-path-header\">\n        <p class=\"acv-path-label\">Path 02<\/p>\n        <p class=\"acv-path-title\">Supply Chain Injection<\/p>\n      <\/div>\n\n      <div class=\"acv-path-body\">\n        <div class=\"acv-step acv-step--primary\">\n          <p class=\"acv-step-label\">Attacker<\/p>\n          <p class=\"acv-step-text\">Compromises a legitimate ad tag or third-party script after approval<\/p>\n        <\/div>\n\n        <div class=\"acv-arrow\">\u2193<\/div>\n\n        <div class=\"acv-step\">\n          <p class=\"acv-step-label\">Injection<\/p>\n          <p class=\"acv-step-text\">Mining script added at network or CDN level \u2014 advertiser and publisher unaware<\/p>\n        <\/div>\n\n        <div class=\"acv-arrow\">\u2193<\/div>\n\n        <div class=\"acv-step\">\n          <p class=\"acv-step-label\">Trigger<\/p>\n          <p class=\"acv-step-text\">Trusted tag executes; miner runs under legitimate cover<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"acv-defense\">\n        <p class=\"acv-defense-label\">Defense point<\/p>\n        <p class=\"acv-defense-text\">Tag integrity monitoring at runtime<\/p>\n      <\/div>\n    <\/div>\n\n    <div class=\"acv-path\">\n      <div class=\"acv-path-header\">\n        <p class=\"acv-path-label\">Path 03<\/p>\n        <p class=\"acv-path-title\">Malicious Bid<\/p>\n      <\/div>\n\n      <div class=\"acv-path-body\">\n        <div class=\"acv-step acv-step--primary\">\n          <p class=\"acv-step-label\">Attacker<\/p>\n          <p class=\"acv-step-text\">Fraudulent DSP wins auction with a legitimate-looking creative<\/p>\n        <\/div>\n\n        <div class=\"acv-arrow\">\u2193<\/div>\n\n        <div class=\"acv-step\">\n          <p class=\"acv-step-label\">Delay<\/p>\n          <p class=\"acv-step-text\">Mining script loads as secondary payload after a delay \u2014 timed to fall outside scan window<\/p>\n        <\/div>\n\n        <div class=\"acv-arrow\">\u2193<\/div>\n\n        <div class=\"acv-step\">\n          <p class=\"acv-step-label\">Trigger<\/p>\n          <p class=\"acv-step-text\">Miner activates after render; evades post-bid scanners<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"acv-defense\">\n        <p class=\"acv-defense-label\">Defense point<\/p>\n        <p class=\"acv-defense-text\">Demand-side vetting + post-render behavioral analysis<\/p>\n      <\/div>\n    <\/div>\n  <\/div>\n\n  <div class=\"acv-endpoint\">\n    <div class=\"acv-endpoint-line\"><\/div>\n    <div class=\"acv-endpoint-copy\">\n      <p class=\"acv-endpoint-label\">All three paths \u2014 same outcome<\/p>\n      <p class=\"acv-endpoint-text\">User device CPU hijacked. Mining runs silently in the browser.<\/p>\n    <\/div>\n  <\/div>\n\n  <p class=\"acv-source\">Source: ADEX Security Operations<\/p>\n<\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The first vector is a <strong>compromised creative<\/strong> submitted directly through the ad platform. The mining script is embedded in the creative&#8217;s JavaScript, typically obfuscated to avoid signature-based scanners. This is the most straightforward form of the attack, and also the most likely to be caught by a platform with rigorous pre-flight creative review. However, on platforms with rigorous pre-flight creative review \u2013 like Adex \u2013 this attack simply does not reach delivery.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The second vector is more insidious: <strong>supply chain injection<\/strong>. A legitimate third-party tag, ad-serving component, or JavaScript library that is already trusted within the ad stack is compromised at the source. The original creative is clean; the mining script is introduced through a dependency. From the publisher&#8217;s perspective, the creative was approved, and the tag was verified. The infection entered through a route that neither the publisher nor the platform was monitoring at that layer. Again, platforms like Adex that treat tag verification as ongoing rather than a one-time checkpoint close this vector entirely.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The third vector is a <strong>malicious bidder<\/strong> winning impressions through a programmatic auction. The winning creative looks legitimate at render time but loads the mining script as a secondary payload after a brief delay, specifically to evade post-bid creative scanners that inspect immediately on render. The delay is calibrated to fall outside the scan window.<\/li>\n<\/ul>\n\n\n<div class=\"block__bord\"><div class=\"block__bord_desc\"><p>Each vector requires a different defensive response, which is part of why cryptojacking has remained persistent even as platform detection has improved. Catching all three simultaneously requires controls at creative submission, tag integrity monitoring, and continuous post-render behavioral analysis \u2013 not just one of these.<\/p>\n<\/div><\/div>\n<style>\n.block__bord { margin: 32px 0; padding: 1.25em 2.375em;\tborder-radius: 24px; background: rgba(0, 220, 200, 0.20); }\n.block__bord_desc {font-size: 16px !important;font-weight: 400 !important;color: #606060 !important;}\n<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-happens-on-the-device-the-mechanics-of-in-browser-mining\">What Happens on the Device: The Mechanics of In-Browser Mining<\/h2>\n\n\n\n<p>When a cryptojacking script executes in the browser, it instantiates a mining worker, typically using the Web Workers API to run the computation in a background thread.&nbsp;<\/p>\n\n\n\n<p>This lets the script use CPU resources without blocking the main browser thread, keeping the page visually responsive and reducing the chance the user notices lag.<\/p>\n\n\n\n<p>The script connects to a mining pool via an encrypted WebSocket, receives a set of computational tasks (finding hash values that meet a defined difficulty target), and begins running them across available CPU cores. Completed hashes are submitted back to the pool; valid ones earn a fraction of the mining reward, which accumulates in a wallet controlled by the attacker.<\/p>\n\n\n\n<p>Modern implementations are designed to manage their CPU footprint. A script that maxes out all available cores will trigger fan noise, visible performance degradation, and battery drain that even a non-technical user will notice. The more sophisticated variants <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/08\/cryptojackers-are-growing-in-numbers-and-sophistication\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">actively throttle their CPU usage<\/a>, keeping consumption low enough that the device remains functional and no alarm is raised, while still generating yield over a sustained session.<\/p>\n\n\n<div class=\"block__bord\"><div class=\"block__bord_desc\"><p>From a security operations standpoint, what makes this particularly difficult to attribute in an advertising context is that legitimate ad-heavy pages already carry elevated JavaScript execution load. A mining script running at moderate throttle on a page with four ad units and two analytics tags does not stand out in a standard performance profile.\u00a0<\/p>\n<\/div><\/div>\n<style>\n.block__bord { margin: 32px 0; padding: 1.25em 2.375em;\tborder-radius: 24px; background: rgba(0, 220, 200, 0.20); }\n.block__bord_desc {font-size: 16px !important;font-weight: 400 !important;color: #606060 !important;}\n<\/style>\n\n\n\n<p>The signal is there, but it requires specific instrumentation to separate from background noise.<\/p>\n\n\n\n<div class=\"adex-mining-mechanics-block\">\n  <style>\n    .adex-mining-mechanics-block,\n    .adex-mining-mechanics-block * {\n      box-sizing: border-box;\n    }\n\n    .adex-mining-mechanics-block {\n      width: 100%;\n      max-width: 860px;\n      margin: 0 auto;\n      padding: 28px 24px 24px;\n      border-radius: 12px;\n      background: #000000;\n      font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif;\n      color: #ffffff;\n    }\n\n    .adex-mining-mechanics-block p {\n      margin: 0;\n    }\n\n    .adex-mining-mechanics-block .amm-label {\n      margin-bottom: 4px;\n      color: #00e6d1;\n      font-size: 10px;\n      line-height: 1.2;\n      font-weight: 700;\n      letter-spacing: 0.12em;\n      text-transform: uppercase;\n    }\n\n    .adex-mining-mechanics-block .amm-title {\n      margin-bottom: 24px;\n      color: #ffffff;\n      font-size: 18px;\n      line-height: 1.3;\n      font-weight: 700;\n    }\n\n    .adex-mining-mechanics-block .amm-flow {\n      display: flex;\n      flex-direction: column;\n    }\n\n    .adex-mining-mechanics-block .amm-step {\n      display: flex;\n      gap: 16px;\n      align-items: stretch;\n    }\n\n    .adex-mining-mechanics-block .amm-spine {\n      display: flex;\n      flex-shrink: 0;\n      flex-direction: column;\n      align-items: center;\n      width: 32px;\n    }\n\n    .adex-mining-mechanics-block .amm-dot {\n      display: flex;\n      flex-shrink: 0;\n      align-items: center;\n      justify-content: center;\n      width: 32px;\n      height: 32px;\n      border-radius: 50%;\n      background: #00e6d1;\n      color: #000000;\n      font-size: 12px;\n      line-height: 1;\n      font-weight: 800;\n    }\n\n    .adex-mining-mechanics-block .amm-line {\n      width: 2px;\n      min-height: 16px;\n      flex: 1;\n      margin: 4px 0;\n      background: #1a1a1a;\n    }\n\n    .adex-mining-mechanics-block .amm-body {\n      flex: 1;\n      margin-bottom: 8px;\n      padding: 14px 16px;\n      border: 1px solid #222222;\n      border-radius: 8px;\n      background: #111111;\n    }\n\n    .adex-mining-mechanics-block .amm-step-title {\n      margin-bottom: 5px;\n      color: #00e6d1;\n      font-size: 11px;\n      line-height: 1.25;\n      font-weight: 700;\n      letter-spacing: 0.06em;\n      text-transform: uppercase;\n    }\n\n    .adex-mining-mechanics-block .amm-step-text {\n      color: #aaaaaa;\n      font-size: 13px;\n      line-height: 1.55;\n    }\n\n    .adex-mining-mechanics-block .amm-step-text strong {\n      color: #ffffff;\n      font-weight: 600;\n    }\n\n    .adex-mining-mechanics-block .amm-warning {\n      display: flex;\n      gap: 12px;\n      align-items: flex-start;\n      margin-top: 12px;\n      padding: 14px 16px;\n      border: 1px solid #00e6d1;\n      border-radius: 8px;\n      background: #0d1a19;\n    }\n\n    .adex-mining-mechanics-block .amm-warn-icon {\n      flex-shrink: 0;\n      margin-top: 1px;\n      color: #00e6d1;\n      font-size: 16px;\n      line-height: 1;\n    }\n\n    .adex-mining-mechanics-block .amm-warn-text {\n      color: #aaaaaa;\n      font-size: 13px;\n      line-height: 1.55;\n    }\n\n    .adex-mining-mechanics-block .amm-warn-text strong {\n      color: #00e6d1;\n      font-weight: 600;\n    }\n\n    @media (max-width: 640px) {\n      .adex-mining-mechanics-block {\n        padding: 24px 18px 22px;\n      }\n\n      .adex-mining-mechanics-block .amm-title {\n        font-size: 17px;\n      }\n\n      .adex-mining-mechanics-block .amm-step {\n        gap: 12px;\n      }\n\n      .adex-mining-mechanics-block .amm-spine {\n        width: 28px;\n      }\n\n      .adex-mining-mechanics-block .amm-dot {\n        width: 28px;\n        height: 28px;\n        font-size: 11px;\n      }\n\n      .adex-mining-mechanics-block .amm-body {\n        padding: 13px 14px;\n      }\n\n      .adex-mining-mechanics-block .amm-step-text,\n      .adex-mining-mechanics-block .amm-warn-text {\n        font-size: 12.5px;\n      }\n    }\n\n    @media (max-width: 420px) {\n      .adex-mining-mechanics-block {\n        padding: 22px 14px 20px;\n      }\n\n      .adex-mining-mechanics-block .amm-title {\n        font-size: 16px;\n      }\n\n      .adex-mining-mechanics-block .amm-warning {\n        padding: 13px 14px;\n      }\n    }\n  <\/style>\n\n  <p class=\"amm-label\">Adex \u2014 Threat Intelligence<\/p>\n  <p class=\"amm-title\">What Happens on the Device: In-Browser Mining Mechanics<\/p>\n\n  <div class=\"amm-flow\">\n    <div class=\"amm-step\">\n      <div class=\"amm-spine\">\n        <div class=\"amm-dot\">1<\/div>\n        <div class=\"amm-line\"><\/div>\n      <\/div>\n\n      <div class=\"amm-body\">\n        <p class=\"amm-step-title\">Mining Worker Instantiated<\/p>\n        <p class=\"amm-step-text\">\n          Script executes in the browser and launches a <strong>Web Worker<\/strong> \u2014 a background thread that uses CPU without blocking the main page. The page stays visually responsive, reducing the chance the user notices lag.\n        <\/p>\n      <\/div>\n    <\/div>\n\n    <div class=\"amm-step\">\n      <div class=\"amm-spine\">\n        <div class=\"amm-dot\">2<\/div>\n        <div class=\"amm-line\"><\/div>\n      <\/div>\n\n      <div class=\"amm-body\">\n        <p class=\"amm-step-title\">Connection to Mining Pool<\/p>\n        <p class=\"amm-step-text\">\n          Worker connects to a <strong>mining pool via encrypted WebSocket<\/strong> and receives computational tasks: finding hash values that meet a defined difficulty target.\n        <\/p>\n      <\/div>\n    <\/div>\n\n    <div class=\"amm-step\">\n      <div class=\"amm-spine\">\n        <div class=\"amm-dot\">3<\/div>\n        <div class=\"amm-line\"><\/div>\n      <\/div>\n\n      <div class=\"amm-body\">\n        <p class=\"amm-step-title\">CPU Cores Put to Work<\/p>\n        <p class=\"amm-step-text\">\n          Tasks are distributed across <strong>available CPU cores<\/strong>. Completed hashes are submitted back to the pool \u2014 valid ones accumulate as fractions of mining reward in the attacker\u2019s wallet.\n        <\/p>\n      <\/div>\n    <\/div>\n\n    <div class=\"amm-step\">\n      <div class=\"amm-spine\">\n        <div class=\"amm-dot\">4<\/div>\n        <div class=\"amm-line\"><\/div>\n      <\/div>\n\n      <div class=\"amm-body\">\n        <p class=\"amm-step-title\">Throttling to Stay Hidden<\/p>\n        <p class=\"amm-step-text\">\n          Maxing out all cores triggers fan noise, battery drain, and visible slowdown. Sophisticated variants <strong>actively throttle CPU usage<\/strong>, keeping consumption low enough to avoid detection while generating yield across sustained sessions.\n        <\/p>\n      <\/div>\n    <\/div>\n\n    <div class=\"amm-step\">\n      <div class=\"amm-spine\">\n        <div class=\"amm-dot\">5<\/div>\n      <\/div>\n\n      <div class=\"amm-body\">\n        <p class=\"amm-step-title\">Blends Into Page Noise<\/p>\n        <p class=\"amm-step-text\">\n          Ad-heavy pages already carry elevated JS execution load. A throttled mining script running alongside <strong>four ad units and two analytics tags<\/strong> does not stand out in a standard performance profile.\n        <\/p>\n      <\/div>\n    <\/div>\n  <\/div>\n\n  <div class=\"amm-warning\">\n    <div class=\"amm-warn-icon\">\u26a0<\/div>\n    <p class=\"amm-warn-text\">\n      <strong>Detection challenge:<\/strong> The signal is there \u2014 but separating it from background noise requires specific instrumentation, not standard page performance monitoring.\n    <\/p>\n  <\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-advertisers-and-publishers-pay-the-price\">Why Advertisers and Publishers Pay the Price<\/h2>\n\n\n\n<p>The direct victim of cryptojacking is the user whose device is being used to mine. The downstream victims are the advertiser and the publisher, and the damage runs in different directions.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>For publishers<\/strong>, the damage comes through automated systems rather than user complaints. Security tools and ad verification vendors scan domains for malicious scripts. When a mining script is detected on a publisher&#8217;s domain, that domain gets added to blocklists. Browser extensions running on the publisher&#8217;s audience will quietly stop loading ads on that domain. Advertiser exclusion lists get updated. The publisher loses ad revenue without a clear explanation \u2013 the domain was simply deprioritized by systems that flagged it, and no one sent a notification.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>For advertisers<\/strong>, the issue is where their ads end up. Brand safety tools evaluate the full page environment, not just the ad creative. A page running a cryptojacking script in the background will score poorly in that evaluation. For campaigns in financial services, healthcare, or any category operating under a strict inclusion list, that score can pull a placement out of eligible inventory entirely \u2014 or leave it running on a domain that would fail a manual review. The advertiser either loses reach or ends up buying inventory they wouldn&#8217;t have approved if they&#8217;d looked at it.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cryptojacking also distorts campaign data<\/strong>. Mining scripts compete with everything else running in the browser, including the measurement tools that track viewability and engagement. When a script is consuming most of the CPU, viewability measurement may not complete within the required time window \u2014 so impressions get logged as non-viewable even if the ad was in full view. Interaction rates drop because the page is slow to respond. The resulting data looks like a traffic quality problem, not a resource problem. Without specific instrumentation that identifies mining activity, the real cause stays hidden.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"detection-signals-what-cryptojacking-looks-like-in-the-data\">Detection Signals: What Cryptojacking Looks Like in the Data<\/h2>\n\n\n\n<p>Standard ad fraud detection looks at traffic behavior: bot patterns, invalid click sequences, and implausible conversion rates. Cryptojacking does not generate those signals because it is not interacting with the campaign at all. It is running in parallel to the ad, using the page load as its delivery mechanism.<\/p>\n\n\n\n<p>The signals that do exist are performance-based and require a different monitoring layer.<\/p>\n\n\n\n<div class=\"adex-ivt-detection-block\">\n  <style>\n    .adex-ivt-detection-block,\n    .adex-ivt-detection-block * {\n      box-sizing: border-box;\n    }\n\n    .adex-ivt-detection-block {\n      width: 100%;\n      max-width: 980px;\n      margin: 40px auto;\n      padding: 30px 22px 28px;\n      background: #000000;\n      border-radius: 10px;\n      font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Arial, sans-serif;\n      color: #ffffff;\n    }\n\n    .adex-ivt-detection-block .aid-title {\n      margin: 0 0 28px;\n      text-align: center;\n      font-size: 16px;\n      line-height: 1.35;\n      font-weight: 700;\n      color: #777777;\n    }\n\n    .adex-ivt-detection-block .aid-table-wrap {\n      width: 100%;\n      overflow: visible;\n      background: #ffffff;\n    }\n\n    .adex-ivt-detection-block .aid-table {\n      width: 100%;\n      border-collapse: collapse;\n      table-layout: fixed;\n      background: #ffffff;\n    }\n\n    .adex-ivt-detection-block .aid-table th,\n    .adex-ivt-detection-block .aid-table td {\n      text-align: left;\n      vertical-align: middle;\n      overflow-wrap: break-word;\n      word-break: normal;\n      hyphens: auto;\n    }\n\n    .adex-ivt-detection-block .aid-table th {\n      padding: 14px 14px;\n      border-right: 1px solid #d9d9d9;\n      border-bottom: 1px solid #d9d9d9;\n      font-size: 11px;\n      line-height: 1.25;\n      font-weight: 800;\n      text-transform: uppercase;\n      letter-spacing: 0.08em;\n      background: #000000;\n    }\n\n    .adex-ivt-detection-block .aid-table th:last-child,\n    .adex-ivt-detection-block .aid-table td:last-child {\n      border-right: none;\n    }\n\n    .adex-ivt-detection-block .aid-table th:nth-child(1) {\n      width: 24%;\n      color: #00e6d1;\n    }\n\n    .adex-ivt-detection-block .aid-table th:nth-child(2) {\n      width: 38%;\n      color: #ffffff;\n    }\n\n    .adex-ivt-detection-block .aid-table th:nth-child(3) {\n      width: 38%;\n      color: #00e6d1;\n    }\n\n    .adex-ivt-detection-block .aid-table td {\n      padding: 15px 14px;\n      border-top: 1px solid #e2e2e2;\n      border-right: 1px solid #d9d9d9;\n      font-size: 13.5px;\n      line-height: 1.42;\n    }\n\n    .adex-ivt-detection-block .aid-signal {\n      background: #f5f5f5;\n      color: #111111;\n      font-size: 15px;\n      font-weight: 800;\n    }\n\n    .adex-ivt-detection-block .aid-signal-highlight {\n      position: relative;\n      background: #fff8eb;\n    }\n\n    .adex-ivt-detection-block .aid-signal-highlight::before {\n      content: \"\";\n      position: absolute;\n      top: -1px;\n      bottom: -1px;\n      left: 0;\n      width: 4px;\n      background: #ffc32b;\n    }\n\n    .adex-ivt-detection-block .aid-standard,\n    .adex-ivt-detection-block .aid-crypto {\n      background: #ffffff;\n      color: #444444;\n      font-weight: 400;\n    }\n\n    .adex-ivt-detection-block .aid-crypto-highlight {\n      color: #111111;\n      font-weight: 700;\n    }\n\n    .adex-ivt-detection-block .aid-legend {\n      display: flex;\n      justify-content: center;\n      align-items: center;\n      gap: 10px;\n      margin: 22px 0 0;\n      color: #777777;\n      font-size: 13px;\n      line-height: 1.4;\n      font-weight: 700;\n    }\n\n    .adex-ivt-detection-block .aid-legend-mark {\n      width: 18px;\n      height: 18px;\n      background: #fff8eb;\n      border-left: 4px solid #ffc32b;\n      flex-shrink: 0;\n    }\n\n    .adex-ivt-detection-block .aid-source {\n      margin: 22px 0 0;\n      text-align: center;\n      color: #9b9b9b;\n      font-size: 13px;\n      line-height: 1.4;\n      font-weight: 700;\n    }\n\n    @media (max-width: 900px) {\n      .adex-ivt-detection-block {\n        padding: 28px 16px 26px;\n      }\n\n      .adex-ivt-detection-block .aid-title {\n        font-size: 15px;\n        margin-bottom: 24px;\n      }\n\n      .adex-ivt-detection-block .aid-table th {\n        padding: 12px 10px;\n        font-size: 9.5px;\n        letter-spacing: 0.06em;\n      }\n\n      .adex-ivt-detection-block .aid-table td {\n        padding: 13px 10px;\n        font-size: 12px;\n        line-height: 1.38;\n      }\n\n      .adex-ivt-detection-block .aid-signal {\n        font-size: 13px;\n      }\n    }\n\n    @media (max-width: 640px) {\n      .adex-ivt-detection-block {\n        padding: 24px 10px 22px;\n      }\n\n      .adex-ivt-detection-block .aid-title {\n        font-size: 14px;\n      }\n\n      .adex-ivt-detection-block .aid-table th {\n        padding: 10px 7px;\n        font-size: 8.5px;\n        letter-spacing: 0.04em;\n      }\n\n      .adex-ivt-detection-block .aid-table td {\n        padding: 11px 7px;\n        font-size: 10.5px;\n        line-height: 1.35;\n      }\n\n      .adex-ivt-detection-block .aid-signal {\n        font-size: 11.5px;\n      }\n\n      .adex-ivt-detection-block .aid-legend {\n        font-size: 11.5px;\n        text-align: left;\n      }\n\n      .adex-ivt-detection-block .aid-source {\n        font-size: 11.5px;\n      }\n    }\n  <\/style>\n\n  <p class=\"aid-title\">\n    Why cryptojacking evades conventional invalid traffic (IVT) detection \u2014 and what additional signal layer is required\n  <\/p>\n\n  <div class=\"aid-table-wrap\">\n    <table class=\"aid-table\">\n      <thead>\n        <tr>\n          <th>Signal Type<\/th>\n          <th>Standard Invalid Traffic (IVT) Detection<\/th>\n          <th>Cryptojacking Detection<\/th>\n        <\/tr>\n      <\/thead>\n\n      <tbody>\n        <tr>\n          <td class=\"aid-signal\">Traffic behavior<\/td>\n          <td class=\"aid-standard\">Bot patterns, click farms, implausible session data<\/td>\n          <td class=\"aid-crypto\">Traffic looks normal \u2014 no anomalous click or visit behavior<\/td>\n        <\/tr>\n\n        <tr>\n          <td class=\"aid-signal\">Creative interaction<\/td>\n          <td class=\"aid-standard\">No interaction or scripted interaction<\/td>\n          <td class=\"aid-crypto\">Normal or slightly reduced interaction due to resource contention<\/td>\n        <\/tr>\n\n        <tr>\n          <td class=\"aid-signal aid-signal-highlight\">CPU \/ process load<\/td>\n          <td class=\"aid-standard\">Not monitored by standard invalid traffic tools<\/td>\n          <td class=\"aid-crypto aid-crypto-highlight\">Elevated and sustained central processing unit (CPU) usage in browser process \u2014 particularly in background worker threads<\/td>\n        <\/tr>\n\n        <tr>\n          <td class=\"aid-signal aid-signal-highlight\">Network activity<\/td>\n          <td class=\"aid-standard\">Suspicious redirect chains, unknown landing domains<\/td>\n          <td class=\"aid-crypto aid-crypto-highlight\">Encrypted WebSocket connections to mining pool domains, often on non-standard ports<\/td>\n        <\/tr>\n\n        <tr>\n          <td class=\"aid-signal\">Viewability scores<\/td>\n          <td class=\"aid-standard\">Often low due to placement fraud<\/td>\n          <td class=\"aid-crypto\">May degrade over session length as device resources are consumed<\/td>\n        <\/tr>\n\n        <tr>\n          <td class=\"aid-signal\">User session length<\/td>\n          <td class=\"aid-standard\">Abnormally short (bot) or scripted<\/td>\n          <td class=\"aid-crypto\">May shorten due to device heat, battery drain, or user frustration<\/td>\n        <\/tr>\n      <\/tbody>\n    <\/table>\n  <\/div>\n\n  <div class=\"aid-legend\">\n    <span class=\"aid-legend-mark\"><\/span>\n    <span>Primary signal \u2014 requires dedicated instrumentation<\/span>\n  <\/div>\n\n  <p class=\"aid-source\">Source: ADEX Security Operations<\/p>\n<\/div>\n\n\n\n<p>The most reliable detection approach combines three signal layers.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Layer 1: Network-level domain blocking&nbsp;<\/strong>\u2013 mining pools operate from known infrastructure, and maintaining an updated blocklist of mining pool domains and WebSocket endpoints catches the majority of active scripts at the connection level. This is reactive to known infrastructure, so it requires continuous updating as attackers rotate domains.<\/li>\n\n\n\n<li><strong>Layer 2: Behavioral analysis of creative execution&nbsp;<\/strong>\u2013 monitoring JavaScript execution patterns for the specific combination of sustained CPU usage, background worker instantiation, and outbound connection to pool infrastructure. This is more durable than domain blocking because it targets behavior rather than specific addresses.<\/li>\n\n\n\n<li><strong>Layer 3: User-side signal correlation&nbsp;<\/strong>\u2013 elevated CPU during a session on a specific placement, combined with reduced viewability and shortened session length, creates a composite signal that is statistically distinguishable from normal performance variation. This requires instrumentation at the publisher or platform level, not just at the campaign level.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-ad-platforms-defend-against-cryptojacking\">How Ad Platforms Defend Against Cryptojacking<\/h2>\n\n\n\n<p>The defensive approach that actually works at scale is layered, and each layer addresses a different entry vector.&nbsp;<\/p>\n\n\n\n<p>A platform that only scans creatives at submission catches the most obvious attacks but misses supply-chain injection and delayed-payload variants. A platform that only monitors known mining pool domains misses established infrastructure and newly registered domains, as well as obfuscated pool connections.<\/p>\n\n\n\n<p>What the Adex team applies across the inventory it monitors works in layers:<\/p>\n\n\n\n<ul style=\"background-color:#d6d6d630\" class=\"wp-block-list has-background\">\n<li>Creative-level scanning checks submitted scripts for obfuscation before they go live.\u00a0<\/li>\n\n\n\n<li>Tag integrity monitoring catches supply chain injection by comparing how a tag behaves at runtime against how it behaved at approval \u2014 not just checking it once and moving on.\u00a0<\/li>\n\n\n\n<li>Post-render behavioral analysis catches delayed-payload attacks: scripts that stay dormant long enough to pass standard scan intervals, then activate later.<\/li>\n<\/ul>\n\n\n\n<p>A cryptojacking campaign using a freshly registered mining pool domain, running on standard HTTPS ports, with a script obfuscated against current signature databases, will have time before detection catches it. How much time depends on how quickly threat intelligence updates and how fast behavioral analysis identifies the new pattern. Platforms that are transparent about their detection methods and update cycles give buyers and publishers a realistic picture of what that gap looks like.<\/p>\n\n\n<div class=\"block__preview\">\n        <a href=\"https:\/\/adex.com\/blog\/triada-malvertising-case-study\/\" class=\"block__preview_img\"><img src=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2025\/12\/adex-investigarion-triada-infected-campaigns.png\" srcset=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2025\/12\/adex-investigarion-triada-infected-campaigns.png\" sizes=\"100vw\" alt=\"adex-investigation-triada-infected-campaigns\" decoding=\"async\" class=\"lazy\"><\/a>\n    <div class=\"block__preview_box\">\n        <a href=\"https:\/\/adex.com\/blog\/category\/current_risks\/\" class=\"block__preview_box-cat\">Current risks<\/a>        <h3 class=\"block__preview_box-title\" id=\"inside-the-triada-battle-a-five-year-investigation-and-the-security-upgrades-it-triggered\"><a href=\"https:\/\/adex.com\/blog\/triada-malvertising-case-study\/\">Inside the Triada Battle: A Five-Year Investigation and the Security Upgrades It Triggered<\/a><\/h3>\n    <\/div>\n<\/div>\n<style>\n.block__preview {display: flex;align-items: center;justify-content: center; margin: 32px 0;}\n.block__preview a {text-decoration: none;}\n.block__preview_img {min-width: 360px;max-width: 360px;min-height: 188px;width: 100%;height: 100%;}\n.block__preview_img img {width: 100%;height: 100%;}\n.block__preview_box {margin-left: 40px;max-width: 360px;}\n.block__preview_box-cat {color: #00B8A7 !important;font-weight: 600;font-size: 12px;line-height: 16px;text-transform: uppercase; display: block; margin-bottom: 4px;}\n.block__preview_box-cat:hover {color: #FE645A !important; text-decoration: none !important;}\n.block__preview_box-title {font-size: 20px;font-weight: 700;line-height: 24px;color: #0B172D;}\n.block__preview_box-title a {color: #0B172D !important;}\n.block__preview_box-title a:hover {color: #FE645A !important;}\n@media screen and (max-width: 768px) {.block__preview {flex-direction: column;}.block__preview_box {max-width: 100%; margin-top: 32px;margin-left: 0px;}.block__preview_img {max-width: 100%;min-width: 100%;min-height: 100%;}}<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"faq\">FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"what-is-cryptojacking-in-advertising\">What is cryptojacking in advertising?<\/h3>\n\n\n\n<p>Cryptojacking in advertising refers to the use of malicious JavaScript embedded in ad creatives or ad tags to mine cryptocurrency using a website visitor&#8217;s device&#8217;s computational resources without their knowledge or consent. The script executes when an ad loads, running in the background while the user browses normally. The user&#8217;s CPU is used to perform mining calculations, which benefit the attacker.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-is-cryptojacking-different-from-other-types-of-malvertising\">How is cryptojacking different from other types of malvertising?<\/h3>\n\n\n\n<p>Most malvertising attempts to redirect users, install malware, or steal data via a visible or interactive trigger. Cryptojacking requires no user action and produces no visible output. It runs silently in the background, which makes it harder to detect through standard user complaint signals or redirect-chain analysis. Detection requires performance monitoring and behavioral analysis rather than traffic pattern analysis.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-can-a-user-tell-if-their-device-was-cryptojacked-via-a-malicious-ad\">How can a user tell if their device was cryptojacked via a malicious ad?<\/h3>\n\n\n\n<p>Sometimes, though not reliably. Symptoms include elevated CPU usage visible in the device&#8217;s task manager, unusual fan activity, faster battery drain, and general sluggishness during a browsing session. Some browser security extensions detect known mining scripts and display a warning. Most users attribute these symptoms to the site being heavy or their device being slow, rather than identifying the specific cause.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"does-cryptojacking-affect-ad-performance-metrics\">Does cryptojacking affect ad performance metrics?<\/h3>\n\n\n\n<p>Yes, indirectly. Mining scripts consume browser resources that would otherwise be available for ad rendering, tracking pixel execution, and viewability measurement. Sessions where mining is running tend to show compressed viewability scores, reduced interaction rates, and anomalous time-on-page data. This can distort campaign performance reporting in ways that are difficult to diagnose without knowing the underlying cause.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"what-should-publishers-do-if-they-suspect-cryptojacking-in-their-ad-inventory\">What should publishers do if they suspect cryptojacking in their ad inventory?<\/h3>\n\n\n\n<p>The first step is isolating which placement or tag is triggering elevated CPU by testing page variants with individual ad units disabled. Network monitoring tools can identify unexpected outbound WebSocket connections to unknown domains during an ad session playback. Publishers should report confirmed cases to their ad platform, including session recordings and network logs, and request a tag integrity audit if the suspected vector is a third-party component rather than a specific creative.<\/p>\n\n\n    <div class=\"block__buttons\">\n        <a href=\"https:\/\/app.adex.com\/auth\/login\" class=\"block__buttons_btn\">JOIN ADEX<\/a>    <\/div>\n<style>\n    .block__buttons {\n        text-align: center;\n    }\n\n    .block__buttons_btn {\n        background-color: rgba(254, 100, 90, 1) !important;\n        border-radius: 200px !important;\n        padding: 16px 24px !important;\n        font-weight: 600 !important;\n        font-size: 18px !important;\n        line-height: 24px !important;\n        text-align: center !important;\n        display: inline-block !important;\n        color: #fff !important;\n        text-decoration: none !important;\n        text-transform: uppercase !important;\n    }\n\n    .block__buttons_btn:hover {\n        color: rgba(11, 31, 58, 1) !important;\n    }\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>What if a \u201cnormal\u201d ad was quietly draining your users\u2019 CPU power? This guide explains cryptojacking in advertising, how it enters ad inventory, and what it takes to detect it.<\/p>\n","protected":false},"author":8,"featured_media":5723,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4],"tags":[18,16],"class_list":["post-5714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current_risks","tag-fraud","tag-threat"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cryptojacking in Advertising: Risks and Detection<\/title>\n<meta name=\"description\" content=\"See how cryptojacking in advertising enters ad inventory, drains CPU power, distorts metrics, and why layered detection matters.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cryptojacking in Advertising: Risks and Detection\" \/>\n<meta property=\"og:description\" content=\"See how cryptojacking in advertising enters ad inventory, drains CPU power, distorts metrics, and why layered detection matters.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/\" \/>\n<meta property=\"og:site_name\" content=\"ADEX\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/adexsaas\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-11T10:52:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-11T10:54:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/Adex-Cryptojacking-in-Advertising.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Olya Mikheeva\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@adexsaas\" \/>\n<meta name=\"twitter:site\" content=\"@adexsaas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Mikheeva\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/\"},\"author\":{\"name\":\"Olya Mikheeva\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/person\\\/c5794aef7aa28987e7019a804390ee3a\"},\"headline\":\"Cryptojacking in Advertising: How Malicious Scripts Hijack Your Users&#8217; Devices\",\"datePublished\":\"2026-06-11T10:52:37+00:00\",\"dateModified\":\"2026-06-11T10:54:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/\"},\"wordCount\":2416,\"publisher\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Adex-Cryptojacking-in-Advertising.png\",\"keywords\":[\"Fraud\",\"Threat\"],\"articleSection\":[\"Current risks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/\",\"name\":\"Cryptojacking in Advertising: Risks and Detection\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Adex-Cryptojacking-in-Advertising.png\",\"datePublished\":\"2026-06-11T10:52:37+00:00\",\"dateModified\":\"2026-06-11T10:54:19+00:00\",\"description\":\"See how cryptojacking in advertising enters ad inventory, drains CPU power, distorts metrics, and why layered detection matters.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#primaryimage\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Adex-Cryptojacking-in-Advertising.png\",\"contentUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Adex-Cryptojacking-in-Advertising.png\",\"width\":1200,\"height\":628,\"caption\":\"Adex - explains how cryptojacking in advertising uses malicious scripts to hijack user devices through ad inventory.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/cryptojacking-in-advertising\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/adex.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cryptojacking in Advertising: How Malicious Scripts Hijack Your Users&#8217; Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/\",\"name\":\"ADEX - Ad Fraud & Invalid Traffic Prevention Platform\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#organization\"},\"alternateName\":\"ADEX\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/adex.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#organization\",\"name\":\"ADEX - Ad Fraud & Invalid Traffic Prevention Platform\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/CDD2258_copy-48-1.svg\",\"contentUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/CDD2258_copy-48-1.svg\",\"width\":148,\"height\":30,\"caption\":\"ADEX - Ad Fraud & Invalid Traffic Prevention Platform\"},\"image\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/adexsaas\\\/\",\"https:\\\/\\\/x.com\\\/adexsaas\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/person\\\/c5794aef7aa28987e7019a804390ee3a\",\"name\":\"Olya Mikheeva\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g\",\"caption\":\"Olya Mikheeva\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cryptojacking in Advertising: Risks and Detection","description":"See how cryptojacking in advertising enters ad inventory, drains CPU power, distorts metrics, and why layered detection matters.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/","og_locale":"en_US","og_type":"article","og_title":"Cryptojacking in Advertising: Risks and Detection","og_description":"See how cryptojacking in advertising enters ad inventory, drains CPU power, distorts metrics, and why layered detection matters.","og_url":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/","og_site_name":"ADEX","article_publisher":"https:\/\/www.facebook.com\/adexsaas\/","article_published_time":"2026-06-11T10:52:37+00:00","article_modified_time":"2026-06-11T10:54:19+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/Adex-Cryptojacking-in-Advertising.png","type":"image\/png"}],"author":"Olya Mikheeva","twitter_card":"summary_large_image","twitter_creator":"@adexsaas","twitter_site":"@adexsaas","twitter_misc":{"Written by":"Olya Mikheeva","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#article","isPartOf":{"@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/"},"author":{"name":"Olya Mikheeva","@id":"https:\/\/adex.com\/blog\/#\/schema\/person\/c5794aef7aa28987e7019a804390ee3a"},"headline":"Cryptojacking in Advertising: How Malicious Scripts Hijack Your Users&#8217; Devices","datePublished":"2026-06-11T10:52:37+00:00","dateModified":"2026-06-11T10:54:19+00:00","mainEntityOfPage":{"@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/"},"wordCount":2416,"publisher":{"@id":"https:\/\/adex.com\/blog\/#organization"},"image":{"@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#primaryimage"},"thumbnailUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/Adex-Cryptojacking-in-Advertising.png","keywords":["Fraud","Threat"],"articleSection":["Current risks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/","url":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/","name":"Cryptojacking in Advertising: Risks and Detection","isPartOf":{"@id":"https:\/\/adex.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#primaryimage"},"image":{"@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#primaryimage"},"thumbnailUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/Adex-Cryptojacking-in-Advertising.png","datePublished":"2026-06-11T10:52:37+00:00","dateModified":"2026-06-11T10:54:19+00:00","description":"See how cryptojacking in advertising enters ad inventory, drains CPU power, distorts metrics, and why layered detection matters.","breadcrumb":{"@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#primaryimage","url":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/Adex-Cryptojacking-in-Advertising.png","contentUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/Adex-Cryptojacking-in-Advertising.png","width":1200,"height":628,"caption":"Adex - explains how cryptojacking in advertising uses malicious scripts to hijack user devices through ad inventory."},{"@type":"BreadcrumbList","@id":"https:\/\/adex.com\/blog\/cryptojacking-in-advertising\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/adex.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cryptojacking in Advertising: How Malicious Scripts Hijack Your Users&#8217; Devices"}]},{"@type":"WebSite","@id":"https:\/\/adex.com\/blog\/#website","url":"https:\/\/adex.com\/blog\/","name":"ADEX - Ad Fraud & Invalid Traffic Prevention Platform","description":"","publisher":{"@id":"https:\/\/adex.com\/blog\/#organization"},"alternateName":"ADEX","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/adex.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/adex.com\/blog\/#organization","name":"ADEX - Ad Fraud & Invalid Traffic Prevention Platform","url":"https:\/\/adex.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/adex.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2022\/05\/CDD2258_copy-48-1.svg","contentUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2022\/05\/CDD2258_copy-48-1.svg","width":148,"height":30,"caption":"ADEX - Ad Fraud & Invalid Traffic Prevention Platform"},"image":{"@id":"https:\/\/adex.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/adexsaas\/","https:\/\/x.com\/adexsaas"]},{"@type":"Person","@id":"https:\/\/adex.com\/blog\/#\/schema\/person\/c5794aef7aa28987e7019a804390ee3a","name":"Olya Mikheeva","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g","caption":"Olya Mikheeva"}}]}},"_links":{"self":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts\/5714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/comments?post=5714"}],"version-history":[{"count":14,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts\/5714\/revisions"}],"predecessor-version":[{"id":5743,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts\/5714\/revisions\/5743"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/media\/5723"}],"wp:attachment":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/media?parent=5714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/categories?post=5714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/tags?post=5714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}