In early 2023, CrowdStrike identified the first Dero cryptojacking campaign targeting Kubernetes infrastructure, leveraging Dero's privacy-focused cryptocurrency features to appeal to cryptojacking groups. The campaign exploited Kubernetes clusters with anonymous access enabled, using a Docker image hosted on Docker Hub to deploy a "pause" binary for mining. Concurrently, a modified Monero cryptojacking campaign was detected, which targeted the same Kubernetes vulnerabilities and actively removed Dero-related processes to mine Monero instead. CrowdStrike's Falcon platform plays a critical role in defending against such sophisticated cryptojacking operations, using advanced machine learning and behavior-based indicators to detect and mitigate threats in real-time. The campaigns illustrate the ongoing battle between cryptojacking groups exploiting misconfigured Kubernetes environments, emphasizing the need for robust cloud-native application protection capabilities.