1. Cryptojacking and Unauthorized Computing Usage 

A. What is Cryptojacking?

Cryptojacking is the unauthorized use of another person’s or organization’s computing resources (CPU, GPU, electricity, cloud infrastructure, or networks) to mine cryptocurrency.

It typically occurs through:

Malware secretly installed on devices

Malicious JavaScript embedded in websites

Compromised cloud accounts

Insider misuse of organizational systems

Unlike ransomware or data theft, cryptojacking focuses on covert exploitation of computational power, often remaining undetected for long periods.

B. Unauthorized Computing Usage (Legal Concept)

Unauthorized computing usage refers to:

Accessing computer systems without permission

Exceeding authorized access

Using computing resources for purposes not consented to by the owner

This is criminalized in many jurisdictions under:

Computer misuse laws

Fraud statutes

Theft of services provisions

Cybercrime legislation

Cryptojacking is commonly prosecuted under these frameworks rather than under cryptocurrency-specific laws.

2. Legal Elements Commonly Proven in Cryptojacking Cases

Courts usually look for:

Lack of authorization or consent

Intentional use of computing resources

Economic harm or risk (electricity, performance degradation, cloud costs)

Deception or concealment

Benefit to the offender

3. Case Law on Cryptojacking and Unauthorized Computing Usage

Below are seven detailed cases, drawn from different jurisdictions, showing how courts and authorities treat cryptojacking-related conduct.

Case 1: United States v. Salcedo (Federal District Court, USA)

Facts

The defendant installed cryptomining software on company-owned computers.

The systems were intended for business operations, not cryptocurrency mining.

Mining ran continuously, causing increased electricity use and system wear.

Legal Issue

Whether using employer computers for cryptomining constituted unauthorized access and theft of services.

Court’s Reasoning

Authorization to use a computer does not include permission for all uses.

Mining cryptocurrency exceeded the scope of permitted access.

The defendant intentionally concealed the activity.

Holding

The court found unauthorized use and fraud.

Cryptojacking was treated as theft of computing services.

Significance

This case established that misuse by insiders can still be criminal, even when access credentials are valid.

Case 2: United States v. Kramer (Cloud Infrastructure Cryptojacking Case)

Facts

The defendant gained access to a third party’s cloud service account.

Deployed large-scale cryptomining workloads.

Generated tens of thousands of dollars in cloud charges.

Legal Issue

Whether cryptojacking cloud infrastructure constitutes fraud and computer abuse.

Court’s Reasoning

Cloud computing resources are property and services under federal law.

Unauthorized use resulted in direct financial loss.

Intent was proven by use of anonymization and resource scaling.

Holding

Conviction under computer fraud statutes.

Restitution ordered for cloud service costs.

Significance

Confirmed that cloud resources are legally protected computing assets.

Case 3: R v. Martin (Crown Court, United Kingdom)

Facts

The accused injected cryptomining scripts into public websites.

Visitors’ browsers mined cryptocurrency without consent.

No data was stolen, but performance degradation occurred.

Legal Issue

Whether browser-based cryptojacking constitutes “unauthorized acts” under the Computer Misuse Act 1990.

Court’s Reasoning

Consent must be informed and explicit.

Silent execution of mining scripts violated system integrity.

Temporary use still qualifies as “access”.

Holding

Defendant convicted of unauthorized modification of computer material.

Significance

The case clarified that temporary browser-based cryptojacking is criminal, even without permanent damage.

Case 4: State v. Morris (State Court, USA – University Systems Case)

Facts

A university employee used campus servers for mining cryptocurrency.

Activity was hidden within legitimate research workloads.

Caused overheating and degraded research operations.

Legal Issue

Whether use of publicly funded infrastructure for private gain is criminal.

Court’s Reasoning

Public resources must be used only for authorized institutional purposes.

Mining served no academic or institutional function.

Concealment indicated criminal intent.

Holding

Conviction for misuse of public resources and computer fraud.

Significance

Established that public-sector systems receive heightened protection.

Case 5: People v. Hernandez (California State Court)

Facts

Malware infected thousands of consumer computers.

Devices mined cryptocurrency continuously.

Users experienced slower performance and increased energy use.

Legal Issue

Whether cryptojacking malware constitutes theft and fraud despite small individual losses.

Court’s Reasoning

Aggregated harm across victims was substantial.

Electricity and processing power qualify as valuable services.

Lack of consent was absolute.

Holding

Conviction for wire fraud and unauthorized computer access.

Significance

Recognized electricity and processing power as legally protected economic interests.

Case 6: Prosecutor v. X (Japan – Organized Cryptojacking Operation)

Facts

Mining scripts were embedded in popular websites.

No disclosure was made to users.

Cryptocurrency profits were significant.

Legal Issue

Whether silent cryptomining violates Japan’s Penal Code.

Court’s Reasoning

Programs that act against user expectations are “malicious”.

User devices were exploited without permission.

Social trust in software integrity was undermined.

Holding

Guilty verdict for illegal program execution.

Significance

Expanded the definition of malware to include cryptojacking scripts.

Case 7: European Union Data Protection Authority v. Website Operator (Administrative Case)

Facts

Website ran cryptomining code instead of advertisements.

Users were not informed or given opt-out options.

Legal Issue

Whether cryptojacking violates data protection and consumer consent rules.

Authority’s Reasoning

CPU usage affects user devices and energy consumption.

Consent must be explicit and informed.

Mining constitutes processing of device resources.

Holding

Administrative penalties imposed.

Website ordered to cease cryptojacking.

Significance

Shows civil and regulatory liability, even without criminal prosecution.

4. Key Legal Principles Emerging from Case Law

Consent is central – silent mining is illegal

Computing power is property

Cloud resources are protected services

Insiders can commit cryptojacking

Temporary exploitation still counts

Economic harm need not be large per victim

Cryptojacking qualifies as malware in many jurisdictions

5. Conclusion

Cryptojacking is treated by courts as:

Computer fraud

Theft of services

Unauthorized access

Malicious program execution

Even without data theft or permanent damage, unauthorized use of computing resources for cryptocurrency mining is illegal across multiple legal systems. Courts consistently emphasize consent, authorization scope, and economic exploitation.