NiceHash hacked?

[dlezama]

watched that livestream... fu.k them all

simple message..if we dontrecover that BTC...u get nothing....
yeee...we lost all..., they never can get that BTC back from that adress......

It was pathetic. So someone stole a dev credentials, logged in and directed the payment system to his account. They call that a "highly sophisticated attack"...

[1714807400]

1714807400

[1714807400]

1714807400

[1714807400]

1714807400

[1714807400]

1714807400

[1714807400]

1714807400

[Za1n]

watched that livestream... fu.k them all

simple message..if we dontrecover that BTC...u get nothing....
yeee...we lost all..., they never can get that BTC back from that adress......

It was pathetic. So someone stole a dev credentials, logged in and directed the payment system to his account. They call that a "highly sophisticated attack"...

Sound's like an inside job if you ask me. All these recent hacks always have such weak excuses too, like "someone stole someones credentials". Well first thing that should not be enough for someone to be able to hack in and send all the BTC off, there should have been several layers with each one limited to what it could do.

I always avoided Nicehash for the most part, but did mine a few of the up and coming coins on there once in awhile. I didn't have a large amount in my wallet, but no one likes to see this happen to anyone and it always seems like the same weak security excuse. If they even did file a report with the authorities, they should all be subjected to intense scrutiny from law enforcement over the next several months as I just have a bad feeling one or more of their employees is involved.

[Raimy]

The bigger guy of the two (the one doing all of the talking) looked like he could hardly contain himself. At times it looked almost as if he was smiling, as if he was thinking "I cannot believe we are getting away with this, we are going to be so f**king rich".

The smaller dude looked just as guilty, they probably think they are being clever with all these updates and videos to throw everyone off. If they did get in touch with law enforcement the first ones they should be looking into is those two clowns.

[Sjeikz]

The bigger guy of the two (the one doing all of the talking) looked like he could hardly contain himself. At times it looked almost as if he was smiling, as if he was thinking "I cannot believe we are getting away with this, we are going to be so f**king rich".

The smaller dude looked just as guilty, they probably think they are being clever with all these updates and videos to throw everyone off. If they did get in touch with law enforcement the first ones they should be looking into is those two clowns.

Excactly what I thought.

[joblo]

Sound's like an inside job if you ask me. All these recent hacks always have such weak excuses too, like "someone stole someones credentials". Well first thing that should not be enough for someone to be able to hack in and send all the BTC off, there should have been several layers with each one limited to what it could do.

I have to agree. Devs should never be allowed access to live systems.

Where I used to work only support engineers were allowed to login to customer sites and only
with express permission and supervision including logging. Devs were never allowed, they could
watch and advise but never toch the keyboard.

It wasn't all about security, support engineers had specific training on what not to do when logged in to a customer
site, devs are used to a lab where anything goes.

[kahc]

Sound's like an inside job if you ask me. All these recent hacks always have such weak excuses too, like "someone stole someones credentials". Well first thing that should not be enough for someone to be able to hack in and send all the BTC off, there should have been several layers with each one limited to what it could do.

I have to agree. Devs should never be allowed access to live systems.

Where I used to work only support engineers were allowed to login to customer sites and only
with express permission and supervision including logging. Devs were never allowed, they could
watch and advise but never toch the keyboard.

It wasn't all about security, support engineers had specific training on what not to do when logged in to a customer
site, devs are used to a lab where anything goes.

Their security is really trash if one stolen credential could move all the BTC. They should have implemented proper security measures like 3-of-5 multisig for that amount they are dealing with daily.

[Longsnowsm]

No one on these sites with access to wallets has heard of 2 factor authentication?  I mean even if you get someones credentials you would have to get access to the fido key or to google authenticator or some variation of that.  That message needs to be broadcast that if you fail to do basic things to protect customers you will be sued into the ground... 

[RealKariverson]

so much hate for nicehash...

It was the easiest way to setup mining and bring in BTC. I can't think of any other simpler way to download 1 software, and bring in 100 dollars worth of bitcoin every month on a 5 year old gaming computer.

100% correct.  When I first started mining I used Nicehash while I learned the ropes.  I realized it was more profitable to mine to a pool directly but didn't know enough.  Still though, I can see why so many people continued to use it.  You didn't have to mess around with a bunch of different altoin exchanges or following the markets to be sure the the coins you were mining weren't crashing, or checking to see if difficulty and hashrate was rising at an extreme rate.  Strangely you don't see this much hate for Nemos Miner, Multipoolminer, Zpool, or anything else.  I can assure everyone that ZPool is more responsible for killing profitability than Nicehash.

Zpool....flat out thieves. I wonder how many of these butthurt screamers still have currency sitting in other wallets.....like Coinbase.....which BTW is down right now.

Dude I know. I have some fiat in coinbase that I put right after LTC doubled. Not much barely 4 digis. Such terrible timing and now I'm scared shitless but I'm keeping them in coinbase until BTC or LTC drop again. I don't want to buy at these prices and coinbase exchage rate is ridiculous too.

[EpicJimmy5]

Someone did try to get into my account a month back, luckily, I withdrew everything before they could get in. Also, 2FA is a good thing to do.

[BitBot.V2]

The bigger guy of the two (the one doing all of the talking) looked like he could hardly contain himself. At times it looked almost as if he was smiling, as if he was thinking "I cannot believe we are getting away with this, we are going to be so f**king rich".

The smaller dude looked just as guilty, they probably think they are being clever with all these updates and videos to throw everyone off. If they did get in touch with law enforcement the first ones they should be looking into is those two clowns.

The "smaller dude" as you put it, has already served time for hacking/malware. I have no judgement whether he was a part of this or not, although I would assume he is a decent coder ( hey, at least his father hires good developers!). I know if I were to try and use someones login credentials to pull this off, I would have certainly tried for his, at the very least for the comedy factor.

[Deathwing]

I actually remembered that isn't this NiceHash 2nd or 3rd time getting hacked? I know that the accounts were hacked a while back and some accounts were accessed. After that they implemented 2FA, well sad that Nicehash is gone, forever.

[leonix007]

Sound's like an inside job if you ask me. All these recent hacks always have such weak excuses too, like "someone stole someones credentials". Well first thing that should not be enough for someone to be able to hack in and send all the BTC off, there should have been several layers with each one limited to what it could do.

I have to agree. Devs should never be allowed access to live systems.

Where I used to work only support engineers were allowed to login to customer sites and only
with express permission and supervision including logging. Devs were never allowed, they could
watch and advise but never toch the keyboard.

It wasn't all about security, support engineers had specific training on what not to do when logged in to a customer
site, devs are used to a lab where anything goes.

Their security is really trash if one stolen credential could move all the BTC. They should have implemented proper security measures like 3-of-5 multisig for that amount they are dealing with daily.

whats so frustrating is that there were lousy or worse no security for withdrawing A HUGE amount, it is so basic for every financial institutions that for every BIG amounts of withdrawal there are approvals needed, at least to interrupt the attempt.

[n00bsaibot]

so much hate for nicehash...

It was the easiest way to setup mining and bring in BTC. I can't think of any other simpler way to download 1 software, and bring in 100 dollars worth of bitcoin every month on a 5 year old gaming computer.

100% correct.  When I first started mining I used Nicehash while I learned the ropes.  I realized it was more profitable to mine to a pool directly but didn't know enough.  Still though, I can see why so many people continued to use it.  You didn't have to mess around with a bunch of different altoin exchanges or following the markets to be sure the the coins you were mining weren't crashing, or checking to see if difficulty and hashrate was rising at an extreme rate.  Strangely you don't see this much hate for Nemos Miner, Multipoolminer, Zpool, or anything else.  I can assure everyone that ZPool is more responsible for killing profitability than Nicehash.

Zpool....flat out thieves. I wonder how many of these butthurt screamers still have currency sitting in other wallets.....like Coinbase.....which BTW is down right now.

Dude I know. I have some fiat in coinbase that I put right after LTC doubled. Not much barely 4 digis. Such terrible timing and now I'm scared shitless but I'm keeping them in coinbase until BTC or LTC drop again. I don't want to buy at these prices and coinbase exchage rate is ridiculous too.

Coinbase is up and running just fine (just used it)... site must be overwhelmed with transaction requests

[ad5os]

So I am looking at the wallet address a few days later still pissed and now I see there are several small deposits into the wallet.  I am curious to wonder where are these coming from?  Could this hacker now be mining some data from nicehash to hack other wallets that were linked to nicehash that maybe have easy passwords or the same password that their nicehash users used?  I am going to double check that whatever nicehash password I used is DEAD!  Here is the link to the wallet if you want to look for yourself.

https://bitinfocharts.com/bitcoin/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq

[trackers]

So I am looking at the wallet address a few days later still pissed and now I see there are several small deposits into the wallet.  I am curious to wonder where are these coming from?  Could this hacker now be mining some data from nicehash to hack other wallets that were linked to nicehash that maybe have easy passwords or the same password that their nicehash users used?  I am going to double check that whatever nicehash password I used is DEAD!  Here is the link to the wallet if you want to look for yourself.

https://bitinfocharts.com/bitcoin/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq

I assume those transactions are designed to tag that address somehow

[BenRickert]

No one on these sites with access to wallets has heard of 2 factor authentication?  I mean even if you get someones credentials you would have to get access to the fido key or to google authenticator or some variation of that.  That message needs to be broadcast that if you fail to do basic things to protect customers you will be sued into the ground... 

NH was sending out notifications to activate 2Authy just before the deed. I thought that as curious.

[TXSteve]

I am leaning towards this hack being an inside job.

Why?? well, leading up to the hack, scrypt hashrate was and still is exploding, rather than upgrade equipment and capacity they simply "upgraded" the minimum share difficulty. As they approached max capacity again with BTC price exploding and NH wallet full, the simplest solution for them, rather than deal with the hassles of hardware upgrades, troubleshooting, downtimes, complaints etc was to just pull the plug by feigning a hack and then walk away.

Just a theory , I personally hope they start back up.  Maybe they'll use the downtime to upgrade and reopen, hurray, if not ... see prior paragraph. It'll be interesting to see how it plays out

[armenmerikyan]

I am leaning towards this hack being an inside job.

Why?? well, leading up to the hack, scrypt hashrate was and still is exploding, rather than upgrade equipment and capacity they simply "upgraded" the minimum share difficulty. As they approached max capacity again with BTC price exploding and NH wallet full, the simplest solution for them, rather than deal with the hassles of hardware upgrades, troubleshooting, downtimes, complaints etc was to just pull the plug by feigning a hack and then walk away.

Just a theory , I personally hope they start back up.  Maybe they'll use the downtime to upgrade and reopen, hurray, if not ... see prior paragraph. It'll be interesting to see how it plays out

rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

[nazzer]

I am leaning towards this hack being an inside job.

Why?? well, leading up to the hack, scrypt hashrate was and still is exploding, rather than upgrade equipment and capacity they simply "upgraded" the minimum share difficulty. As they approached max capacity again with BTC price exploding and NH wallet full, the simplest solution for them, rather than deal with the hassles of hardware upgrades, troubleshooting, downtimes, complaints etc was to just pull the plug by feigning a hack and then walk away.

Just a theory , I personally hope they start back up.  Maybe they'll use the downtime to upgrade and reopen, hurray, if not ... see prior paragraph. It'll be interesting to see how it plays out

rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

Our bitcoin was never on our own private key, what was shown were balances owed by them to us - regardless whether they recover BTC stolen this is still BTC owed to us. If they ever come back I expect a full payment - it'll be really stupid for them to ignore this amount owed to their customers.

The amount of hashpower represented by Nicehash is very significant, as seen by the difficulty dropping massively across the board or in other cases (e.g. Scrypt) a sharp spike with people moving over to backup pools - it'll be hard to see why they wouldn't have reserves to pay buyers and sellers alike.

It's hard to see even if they do come back how people would ever trust Nicehash again unless they make good on the balance owed.

[joblo]

rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

I get your point but It is technically our BTC they lost. Nicehash is under a moral and possibly legal obligation
to make it up to customers but those coins are gone. The legal ambiguity depends on whether they have a
disclaimer and whether it is enforceable in a court of law in the jurisdiction in which they operate.

It is also very unfortunate Nicehash had raised their minimum payout. That combined with the large increase in
BTC price means they were holding a lot more value at any given time making for a bigger target ragardless of
the timing.