Looking into the proliferation of crypto-mining malware, Palo Alto’s Josh Grunzweig discovered information on around 630,000 malicious samples, 3,773 emails used to connect with mining pools, and 2,995 mining pool URLs. The researcher also identified 2,341 Monero (XMR) wallets, 981 Bitcoin (BTC) wallets, 131 Electroneum (ETN) wallets, 44 Ethereum (ETH) wallets, and 28 Litecoin (LTC) wallets. In addition to the 2,341 Monero wallets extracted from the analyzed sample set, he also managed to determine the mining pools used, and discovered that, of the top ten mining pools used by this malware, all but one allows for anonymous viewing of statistics based off of the wallet as an identifier. “By querying the top eight mining pools for all 2,341 Monero addresses, I was able to determine exactly how much Monero has been mined historically with a high degree of accuracy. By querying the mining pools themselves, instead of the blockchain, we’re able to say exactly how much has been mined without the fear of the data being polluted by payments to those wallets via other sources,” he notes.