Cybersecurity firm Darktrace has detected clandestine crypto mining under way on the networks of around 1,000 of its 5,000 clients in the last six months, the company’s chief executive said during a presentation at MIT Technology Review’s EmTech Digital conference in San Francisco.

“It’s a very big problem,” said Nicole Eagan, head of the business, which is based in San Francisco and Cambridge, UK, and specializes in using artificial intelligence to discover and respond to data breaches.

In one notable case, Darktrace picked up on puzzling traffic patterns within a European bank, including servers that seemed to be connecting from an IP address in the company’s data center. When they inspected it in person, by physically tracing cables, its experts realized that a rogue employee had set up a “cypto mining side business” under the floorboards.

Other security firms have also raised alarm bells about surreptitious cryptocurrency mining in recent months. In January, Check Point warned that “cryptojacking” programs like Coinhive and Crypto-Loot have become some of the most prevalent forms of malware online. It estimated that as many as 55 percent of organizations globally have been affected by such efforts (see “Forget viruses or spyware—your biggest cyberthreat is greedy currency miners”).