NiceHash hacked?

[joblo]

It's hard to see even if they do come back how people would ever trust Nicehash again unless they make good on the balance owed.

I have to agree with that. They must reimburse to restore any trust. The're big enough, they should be able
to cover the losses and resume operating.

[1713867826]

1713867826

[1713867826]

1713867826

[1713867826]

1713867826

[cpuspeed]

rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

I get your point but It is technically our BTC they lost. Nicehash is under a moral and possibly legal obligation
to make it up to customers but those coins are gone. The legal ambiguity depends on whether they have a
disclaimer and whether it is enforceable in a court of law in the jurisdiction in which they operate.

It is also very unfortunate Nicehash had raised their minimum payout. That combined with the large increase in
BTC price means they were holding a lot more value at any given time making for a bigger target ragardless of
the timing.

Please explain this technically our BTC they lost?

From what I see from the BTC address fingered as the stolen BTC, the bulk of the BTC was in 5 transfers.  Four 1k BTC transfers and then a 622 BTC transfer.  Clearly these aren't transfers from miners accounts (whether those selling hash power or buying it).  Furthermore, if you sell your hashing power the unpaid balance isn't real BTC but Nicehash's own off chain BTC which is worthless.  I use nicehash legacy miner and yesterday it showed I had a balance but couldn't connect to nicehash servers.  So I still had a balance after Nicehash got robbed of THEIR BTC and before Nicehash turned off all the servers.

Now it appears Nicehash is claiming that people like me got robbed of our BTC.  BULLSHIT.  Nicehash robbed it after they shutdown the servers which is after they got robbed of THEIR BTC.

[armenmerikyan]

rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

I get your point but It is technically our BTC they lost. Nicehash is under a moral and possibly legal obligation
to make it up to customers but those coins are gone. The legal ambiguity depends on whether they have a
disclaimer and whether it is enforceable in a court of law in the jurisdiction in which they operate.

It is also very unfortunate Nicehash had raised their minimum payout. That combined with the large increase in
BTC price means they were holding a lot more value at any given time making for a bigger target ragardless of
the timing.

lots of Americans got robbed the FBI is not going to let this one go my friend. If it looks like mtGox and it smells like mtGox it's probably two fingers up your haha. Someone is going to jail for sure. even if they were just careless or stupid. I don't buy that bullshit story that everything can be hacked, I secured major power grids in the US and it requires expensive equipment and all kinds of other expensive software. Don't get me wrong I really want to see them back because I liked the service and I think people are going to have a service like this in the future to connect their home datacenter for currency trading and whatever social media needs they have. It's just stupid and careless. I don't think it was an inside job, they were just in over their heads.

[ad5os]

I agree.  We did not get robbed.  They still owe us.  If a bank gets robbed that doesn't mean they stole the customer's money.  Is there a link the livestream video?  I would like to see their body language and faces as they talk. I have seen too many people commit fraud.  They are not hard to spot from day one when investigating irregularities.  Most cases of business  and financial "mismanagement" ends up being an inside job and they will lie right to your face about how a "hacker" must of cleared them out only to find out they have been squirreling away money for months and once they get caught they always try to lie out of it only to get caught by their own words.  I only lost .02 but I was expecting my payout this week to buy some XMR... oh well.  

[joblo]

According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

[armenmerikyan]

According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

if my individual account had gotten compromised I would say my account got hacked but I had 2factor on my account and took every safety measure to protect my account on nicehash. It's sad because they really were in over their heads. They are probably going to go to jail for some compliance shit they did not meet. trust me the FBI will find something just to make an example out of them and move a service like this to US. hence mtGox and Coinbase. you can tell they are armatures because they are talking about developers from around the world, you know how hard it is to have a secure dev network across multiple territories. Did they ship these developers encrypted laptops with 2factor RSA auth, were these developers even background checked probably not. Like I said it's sad because they really looked like they worked their arsses off for this site and they are probably going to go to jail.

[MiningDoc]

I agree.  We did not get robbed.  They still owe us.  If a bank gets robbed that doesn't mean they stole the customer's money.  Is there a link the livestream video?  I would like to see their body language and faces as they talk. I have seen too many people commit fraud.  They are not hard to spot from day one when investigating irregularities.  Most cases of business  and financial "mismanagement" ends up being an inside job and they will lie right to your face about how a "hacker" must of cleared them out only to find out they have been squirreling away money for months and once they get caught they always try to lie out of it only to get caught by their own words.  I only lost .02 but I was expecting my payout this week to buy some XMR... oh well.  

So comparing nicehash theft to a bank robbery doesn't really equate.  If a bank gets robbed your money is FDIC insured (by the government) up to a certain amount.  That money you can get back.  Once that amount is exceeded, the bank is under no obligation to pay the remainder to you.  If the Bank is not insured, then good luck getting your balance.  If a bank runs out of money, there is nothing to pay you back with.  They simply file bankruptcy, close up shop, and good luck getting your money back in court.

The only recourse is if they can identify the person who stole the BTC and charge him.  That's who we would get restitution from.  We can hope that the Nicehash owners have a strong moral compass and can/will help in some way, but I wouldn't count on it.  We've seen too many of these type of issues occur over the last few years, and we all know how it's going to turn out.

[MiningDoc]

According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

What obligation are they bound to that says they have to pay us what is owed when coins are stolen?  They are not an insured bank, they are not a Registered Currency Exchange Business and don't have to follow the guide lines/laws of an exchange.  They don't have to follow KYC regulations.  So I'm curious, other than a "moral" obligation (which would be great to see happen), what makes them have to pay users back?  Nothing (if it wasn't them).  The only way we get money back would be if they actually catch the person whole stole the coins, then they can return "stolen" property.

[carlos64]

They where hacked on wednesday and almost 64 million usd has taken from them

[gotminer]

Yeah no shit ... Moral obligation only.  And that is if the head of their company really doesn't have anything to do with it, but your money is still gone.  How the fuck would he ever have the $ to repay his customer for their losses, even if he wanted to?  Especially now that they are considered to be incompetent. They can't operate on rice and beans for the next several years and keep the company going, while making payments to the customer.  NH isn't the US banking system.  There isn't a bailout check in the mail.  NH is not eligible for an Obama phone.  If they do decide to open up shop again, how will they gain back the trust of everyone?  I'm guessing it will be a small percentage that would return and then NH will slowly fail.

The FBI can spend the next few years looking into it.  They may or may not try to take it for themselves somewhere along the way.  In the end, your dinero, say bye bye, muchas gracias.

[gotminer]

They where hacked on wednesday and almost 64 million usd has taken from them

NO WAY!  Really? OMG?  You were the first person to tell us that.  Lol ... Go back to sleep for another week.

[armenmerikyan]

According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

What obligation are they bound to that says they have to pay us what is owed when coins are stolen?  They are not an insured bank, they are not a Registered Currency Exchange Business and don't have to follow the guide lines/laws of an exchange.  They don't have to follow KYC regulations.  So I'm curious, other than a "moral" obligation (which would be great to see happen), what makes them have to pay users back?  Nothing (if it wasn't them).  The only way we get money back would be if they actually catch the person whole stole the coins, then they can return "stolen" property.

stop talking out of your ars, you don't know shit about the company and EU regulations, if they even failed on basic regulatory checks they can go to jail. the question is about negligence and that means jail time buddy. Like I said I really want the service back but authorities don't give a shit they just want to put someone in jail and get their Brownie Coins(plugging Brownie Coins here)

[joblo]

If they got robbed of 64 Million it's their own stupidity they had that much in a hot wallet.

Regarding legalities it has to do with the laws in their jurisdiction. Contrary to what many
Americans would like to believe, if that jurisdiction is not the US the FBI can do nothing
until the perps step foot in the US, unless they are willing to kidnap them on foreign soil.

[armenmerikyan]

If they got robbed of 64 Million it's their own stupidity they had that much in a hot wallet.

Regarding legalities it has to do with the laws in their jurisdiction. Contrary to what many
Americans would like to believe, if that jurisdiction is not the US the FBI can do nothing
until the perps step foot in the US, unless they are willing to kidnap them on foreign soil.

I don't think it's that simple. You been watching too much TV

[Cereberus]

I don't want to blame Nicehash although they are the only responsible to be blamed on. I don't want any reimbursement  but I only hope they come back with the highest possible security like they claim. I have had enough of Winminer paying me half of what Nicehash used to pay me and honestly mining on pools is a PAITA , lots of converting to do while I love being paid directly in Bitcoin most of the time.

[n00bsaibot]

........ I don't buy that bullshit story that everything can be hacked, I secured major power grids in the US and it requires expensive equipment and all kinds of other expensive software. Don't get me wrong I really want to see them back because I liked the service and I think people are going to have a service like this in the future to connect their home datacenter for currency trading and whatever social media needs they have. It's just stupid and careless. I don't think it was an inside job, they were just in over their heads.

You must be a poor security expert than    there is not such thing as hack proof system, but there are measures that can be taken to make hack extremely difficult to execute. One of only ways to protect your self is to "unplug the cord" but even then there are ways of penetrating systems ...... hacks do not require expensive equipment but extensive knowledge of equipment in place and its vulnerabilities, possible 0 day knowledge or having someones credentials (which NH team confirmed already was used in this hack). How did "they" obtained credentials, it remains to be seen.

I don't want to blame Nicehash although they are the only responsible to be blamed on. I don't want any reimbursement  but I only hope they come back with the highest possible security like they claim. I have had enough of Winminer paying me half of what Nicehash used to pay me and honestly mining on pools is a PAITA , lots of converting to do while I love being paid directly in Bitcoin most of the time.

It will be nice to see them recover and pay put peoples balances but there will be a looooooot of trust issues if they re-surface. Why dont you mine singles and leave winminer and other pools alone?

[Mikanoshi]

I secured major power grids in the US

And just like that you've made yourself a target for terrorists

[BenRickert]

If they got robbed of 64 Million it's their own stupidity they had that much in a hot wallet.

Regarding legalities it has to do with the laws in their jurisdiction. Contrary to what many
Americans would like to believe, if that jurisdiction is not the US the FBI can do nothing
until the perps step foot in the US, unless they are willing to kidnap them on foreign soil.

I don't think it's that simple. You been watching too much TV

Actually, since they were not transacting in USD, the FBI is going to have a difficult jurisdictional challenge. This is how " Onecoin" ( scam) avoided prosecution in the USA. They always denominated their currency balances in Pound Sterling. As soon as something transacts in USD, boom, US jurisdiction. There is a heavy burden on these two cats to make good on those stolen funds. If like you say, they were out of compliance, (which they almost certainly were) their only hope of avoiding being locked up is to give full restitution to their client base. This thing is FAR from settled. I believe one of their "engineers" started riding dirty and colluded with someone to extract the BTC. Notice they said that 45:00 before the successful penetration using someone's "secure computer", they tried to hack into the system and failed. Sounds like the use of the secure system was a last ditch desperation move to grab the cash. This was FAR from a sophisticated and well planned operation. It was a clusterfuck. If not, that money would be already washed and gone. These idiots didn't even get it out of the wallet it went to. It sure doesn't seem like these two cats were involved knowingly.

[armenmerikyan]

........ I don't buy that bullshit story that everything can be hacked, I secured major power grids in the US and it requires expensive equipment and all kinds of other expensive software. Don't get me wrong I really want to see them back because I liked the service and I think people are going to have a service like this in the future to connect their home datacenter for currency trading and whatever social media needs they have. It's just stupid and careless. I don't think it was an inside job, they were just in over their heads.

You must be a poor security expert than    there is not such thing as hack proof system, but there are measures that can be taken to make hack extremely difficult to execute. One of only ways to protect your self is to "unplug the cord" but even then there are ways of penetrating systems ...... hacks do not require expensive equipment but extensive knowledge of equipment in place and its vulnerabilities, possible 0 day knowledge or having someones credentials (which NH team confirmed already was used in this hack). How did "they" obtained credentials, it remains to be seen.

I don't want to blame Nicehash although they are the only responsible to be blamed on. I don't want any reimbursement  but I only hope they come back with the highest possible security like they claim. I have had enough of Winminer paying me half of what Nicehash used to pay me and honestly mining on pools is a PAITA , lots of converting to do while I love being paid directly in Bitcoin most of the time.

It will be nice to see them recover and pay put peoples balances but there will be a looooooot of trust issues if they re-surface. Why dont you mine singles and leave winminer and other pools alone?

Please lookup a product from IBM called Datapower, nobody has been able to hack a Datapower device to this date, nobody even knows what type of operating system it is running, if you actually try to open the box unplugged it has a battery to wipe the os clean. the only way to do hardware replacement on the box is to ship it back to IBM and they replace it for you. typical box costs about 40k and you need 30 to 40 of them for a basic configuration. The energy grid is level 3 security which essentially puts it above credit card systems and health care systems because it is a war time target. Please stop watching TV.

[armenmerikyan]

I secured major power grids in the US

And just like that you've made yourself a target for terrorists

Actually I would be of no help to anyone regarding that system, my design is well understood by many security experts and locked down like a mother fuckers, basically you have one Datapower device acting as a security gateway in the DMZ, with another DataPower device acting as a mediation service inside a trusted zone. there is mutual authentication setup between the two devices. All requests must be strongly typed and registered in a product called IBM Webspehre Service Registry and Repository ... it's a bad ass architecture that's all I can tell you and to this day it has not been hacked. Southern California Edison go ahead make my day and try to hack them. They can use some free pen testing.