NiceHash hacked?

[Kronos21]

If you really NiceHash was hacked but this is their fault. They save money on security and jeopardized the money of all users. In the beginning I even had no doubt that they were hacked. I thought they wanted to earn money from users. View. Now the price of bitcoin has decreased and maybe they will open up again.

[1714016012]

1714016012

[1714016012]

1714016012

[1714016012]

1714016012

[1714016012]

1714016012

[1714016012]

1714016012

[1714016012]

1714016012

[n00bsaibot]

Please lookup a product from IBM called Datapower, nobody has been able to hack a Datapower device to this date, nobody even knows what type of operating system it is running, if you actually try to open the box unplugged it has a battery to wipe the os clean. the only way to do hardware replacement on the box is to ship it back to IBM and they replace it for you. typical box costs about 40k and you need 30 to 40 of them for a basic configuration. The energy grid is level 3 security which essentially puts it above credit card systems and health care systems because it is a war time target. Please stop watching TV.

You are a funny guy, they must love you for that at work (since your sec skills are not up to par)  .... hack that would go against US power grid wouldn't come from bored kid in the basement but government sponsored group that (imagine this) can afford to buy and reverse engineering any type of equipment. But that is to SCI-FY and TV for you ...

I secured major power grids in the US

And just like that you've made yourself a target for terrorists

Actually I would be of no help to anyone regarding that system, my design is well understood by many security experts and locked down like a mother fuckers, basically you have one Datapower device acting as a security gateway in the DMZ, with another DataPower device acting as a mediation service inside a trusted zone. there is mutual authentication setup between the two devices. All requests must be strongly typed and registered in a product called IBM Webspehre Service Registry and Repository ... it's a bad ass architecture that's all I can tell you and to this day it has not been hacked. Southern California Edison go ahead make my day and try to hack them. They can use some free pen testing.

That is a great network layout there, completely impenetrable  .... how will your fancy IBM gateway protect you from compromised credential???

[BlomBaster]

A very strange story, a large company holds such funds in one wallet. Very strange. I hope all users have lost only small amounts

[joblo]

Please lookup a product from IBM called Datapower, nobody has been able to hack a Datapower device to this date, nobody even knows what type of operating system it is running, if you actually try to open the box unplugged it has a battery to wipe the os clean. the only way to do hardware replacement on the box is to ship it back to IBM and they replace it for you. typical box costs about 40k and you need 30 to 40 of them for a basic configuration. The energy grid is level 3 security which essentially puts it above credit card systems and health care systems because it is a war time target. Please stop watching TV.

You seem a bit too cocky for a security expert. If you were legit you would never be so confident.
Your praise of security by obsurity also diminishes any security credentials you might have.
But the killer is your failure to recognize that absent of an air gap no network is 100% secure.
There will always be human factors.

I do watch TV but I worked professionally on another critical inftastructure system with "six 9's up time"
including software upgrades. Although I am not a security expert security was always a concern. In the over 20 years
I was there the only security compromises were inside jobs or physical breach.

The biggest computer security threat ever is c/c++ and it's lack of built in array bound checking.
Imagine a world where buffer overflow exploits never existed. I don't have to imagine, I saw it.

[armenmerikyan]

Please lookup a product from IBM called Datapower, nobody has been able to hack a Datapower device to this date, nobody even knows what type of operating system it is running, if you actually try to open the box unplugged it has a battery to wipe the os clean. the only way to do hardware replacement on the box is to ship it back to IBM and they replace it for you. typical box costs about 40k and you need 30 to 40 of them for a basic configuration. The energy grid is level 3 security which essentially puts it above credit card systems and health care systems because it is a war time target. Please stop watching TV.

You are a funny guy, they must love you for that at work (since your sec skills are not up to par)  .... hack that would go against US power grid wouldn't come from bored kid in the basement but government sponsored group that (imagine this) can afford to buy and reverse engineering any type of equipment. But that is to SCI-FY and TV for you ...

I secured major power grids in the US

And just like that you've made yourself a target for terrorists

Actually I would be of no help to anyone regarding that system, my design is well understood by many security experts and locked down like a mother fuckers, basically you have one Datapower device acting as a security gateway in the DMZ, with another DataPower device acting as a mediation service inside a trusted zone. there is mutual authentication setup between the two devices. All requests must be strongly typed and registered in a product called IBM Webspehre Service Registry and Repository ... it's a bad ass architecture that's all I can tell you and to this day it has not been hacked. Southern California Edison go ahead make my day and try to hack them. They can use some free pen testing.

That is a great network layout there, completely impenetrable  .... how will your fancy IBM gateway protect you from compromised credential???

I don't think IBM sells products to any old hacker specifically the latest Datapower products, so go fuck yourself, how do you think we secure the nukes you moron. stop talking nonsense you have not even worked on a secured network let alone secure a network.

[armenmerikyan]

Please lookup a product from IBM called Datapower, nobody has been able to hack a Datapower device to this date, nobody even knows what type of operating system it is running, if you actually try to open the box unplugged it has a battery to wipe the os clean. the only way to do hardware replacement on the box is to ship it back to IBM and they replace it for you. typical box costs about 40k and you need 30 to 40 of them for a basic configuration. The energy grid is level 3 security which essentially puts it above credit card systems and health care systems because it is a war time target. Please stop watching TV.

You seem a bit too cocky for a security expert. If you were legit you would never be so confident.
Your praise of security by obsurity also diminishes any security credentials you might have.
But the killer is your failure to recognize that absent of an air gap no network is 100% secure.
There will always be human factors.

I do watch TV but I worked professionally on another critical inftastructure system with "six 9's up time"
including software upgrades. Although I am not a security expert security was always a concern. In the over 20 years
I was there the only security compromises were inside jobs or physical breach.

The biggest computer security threat ever is c/c++ and it's lack of built in array bound checking.
Imagine a world where buffer overflow exploits never existed. I don't have to imagine, I saw it.

Yes I am cocky because I saved the world more energy than fucken Elon Musk. Look up my resume on LinkedIn. Armen Merikyan. I didn't say I was a security expert I design the architecture that was reviewed by multiple security experts and actually taken as a blueprint for other energy companies to follow.

not gonna comment on this topic anymore, you guys watched to much TV and believe to much bullshit, regarding this hack they should of had encrypted laptops for the developers and 2factor authentication setup for the VPN which they probably did neither also you must run background check on anyone that is going to work on the system. With a third party phishing services to test and make sure none of your developers are stupid enough to open random emails. there are people that know how to do a job and then their are armatures yes i said Arm-atures 

[Sledge0001]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

I am hopeful that the stolen funds and associated wallet is blacklisted at this point and that NH will recover from this eventually.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

In any event I am ready for NH to fire up their servers again and get back to business. They can do a pay share until all of the funds are recovered or are covered but lets get back to it!

[BenRickert]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

I am hopeful that the stolen funds and associated wallet is blacklisted at this point and that NH will recover from this eventually.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

In any event I am ready for NH to fire up their servers again and get back to business. They can do a pay share until all of the funds are recovered or are covered but lets get back to it!

....accept BTC.

[Sledge0001]

But if it can be stolen as we all now it can I would say it is not hack proof.

[joblo]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

I belive they said his PC was compromised. That's probably how they obtained his credentials then used those credentials
to launch the attack from the dev's PC with no security red flags. This kind of thing happens all the time and as long as
people are allowed to connect with their PCs, likely Windows, it will always be a threat.

The security failure was the dev had access to all the funds without any control. No single individual should have
that access, and especially not from an insecure PC.

I would expect that from a basement pool operator but not from an organisation like Nicehash.

I also wans't thrilled about them bragging about how many billions they mined, and how users would have to help
them recover. If they were so successful they can eat the cost of reimbursing users without our help.
Only then will trust be restored.

[dlezama]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

I belive they said his PC was compromised. That's probably how they obtained his credentials then used those credentials
to launch the attack from the dev's PC with no security red flags. This kind of thing happens all the time and as long as
people are allowed to connect with their PCs, likely Windows, it will always be a threat.

The security failure was the dev had access to all the funds without any control. No single individual should have
that access, and especially not from an insecure PC.

I would expect that from a basement pool operator but not from an organisation like Nicehash.

I also wans't thrilled about them bragging about how many billions they mined, and how users would have to help
them recover. If they were so successful they can eat the cost of reimbursing users without our help.
Only then will trust be restored.

Their incompetence is incredible, I think they actually are a "basement pool operator" that just found itself managing millions of dollars. An immature industry where anyone can make it big and become market leader.
Besides the obvious stupidity of making all the money available to single devs, they didn't need to have all this money in the first place. It is entirely possible to build a service like this minimizing the amount of money held at any given time, after all their business is (was) to connect buyers and sellers, not becoming a bank.

[armenmerikyan]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

I am hopeful that the stolen funds and associated wallet is blacklisted at this point and that NH will recover from this eventually.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

In any event I am ready for NH to fire up their servers again and get back to business. They can do a pay share until all of the funds are recovered or are covered but lets get back to it!

The WORLD IS FLAT. End of story. hahahahahaha this is too funny, did you work as a developer for nice hash ?

[armenmerikyan]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

I am hopeful that the stolen funds and associated wallet is blacklisted at this point and that NH will recover from this eventually.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

In any event I am ready for NH to fire up their servers again and get back to business. They can do a pay share until all of the funds are recovered or are covered but lets get back to it!

The WORLD IS FLAT. End of story. hahahahahaha this is too funny, did you work as a developer for nice hash ?

Actually "Nothing" is hack proof. When you have Nothing it can not be hacked because it doesn't exist. I see, your brain works it's just that your conscious mind is misinterpreting the actual thoughts being generated by your subconscious self. It's almost as if you are missing out on the meaning of your own thoughts

[n00bsaibot]

Please lookup a product from IBM called Datapower, nobody has been able to hack a Datapower device to this date, nobody even knows what type of operating system it is running, if you actually try to open the box unplugged it has a battery to wipe the os clean. the only way to do hardware replacement on the box is to ship it back to IBM and they replace it for you. typical box costs about 40k and you need 30 to 40 of them for a basic configuration. The energy grid is level 3 security which essentially puts it above credit card systems and health care systems because it is a war time target. Please stop watching TV.

You are a funny guy, they must love you for that at work (since your sec skills are not up to par)  .... hack that would go against US power grid wouldn't come from bored kid in the basement but government sponsored group that (imagine this) can afford to buy and reverse engineering any type of equipment. But that is to SCI-FY and TV for you ...

I secured major power grids in the US

And just like that you've made yourself a target for terrorists

Actually I would be of no help to anyone regarding that system, my design is well understood by many security experts and locked down like a mother fuckers, basically you have one Datapower device acting as a security gateway in the DMZ, with another DataPower device acting as a mediation service inside a trusted zone. there is mutual authentication setup between the two devices. All requests must be strongly typed and registered in a product called IBM Webspehre Service Registry and Repository ... it's a bad ass architecture that's all I can tell you and to this day it has not been hacked. Southern California Edison go ahead make my day and try to hack them. They can use some free pen testing.

That is a great network layout there, completely impenetrable  .... how will your fancy IBM gateway protect you from compromised credential???

I don't think IBM sells products to any old hacker specifically the latest Datapower products, so go fuck yourself, how do you think we secure the nukes you moron. stop talking nonsense you have not even worked on a secured network let alone secure a network.

Temper, temper .... no answers but insults in return Mr. Big Shoot, good 'ol US (redneck) way 

[Sledge0001]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

I am hopeful that the stolen funds and associated wallet is blacklisted at this point and that NH will recover from this eventually.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

In any event I am ready for NH to fire up their servers again and get back to business. They can do a pay share until all of the funds are recovered or are covered but lets get back to it!

The WORLD IS FLAT. End of story. hahahahahaha this is too funny, did you work as a developer for nice hash ?

No, I am not a developer. No,  I don't work for nicehash...

My point was very clear however even to the brainless... So let me attempt to explain it to you... Every network, server or computer system can be hacked. If you think otherwise you are a fool.

[HELLOFF]

Play nice kiddies... NOTHING IS HACK PROOF. End of story.

Now.... Let's stay on the subject.

I am hopeful that the stolen funds and associated wallet is blacklisted at this point and that NH will recover from this eventually.

The engineer whose credentials were obtained and used on the other hand no doubt is a major person of interest. I did find it intriguing though that they said several credentials were tried which would elude to someone that had an intricate knowledge of their staff.

In any event I am ready for NH to fire up their servers again and get back to business. They can do a pay share until all of the funds are recovered or are covered but lets get back to it!

The WORLD IS FLAT. End of story. hahahahahaha this is too funny, did you work as a developer for nice hash ?

Actually "Nothing" is hack proof. When you have Nothing it can not be hacked because it doesn't exist. I see, your brain works it's just that your conscious mind is misinterpreting the actual thoughts being generated by your subconscious self. It's almost as if you are missing out on the meaning of your own thoughts

It seems to me that already every user develops Paranoia in the sense that someone can hack someone or have already been hacked. Of course, you do not always want to lose what you earn so hard, but with today's technologies you can not save what someone is interested in.

[BitBustah]

Every network, server or computer system can be hacked. If you think otherwise you are a fool.

I agree. Accepting that you can only come to one conclusion:

Holding 60 000 000+ euro (or 70 000 000+ if you want) in a HOT wallet is PURE NEGLIGENCE.



I really hope some fat cat will sue them. As a community we can not let stuff like this happen.

Even if it turns out that they are not behind this theft, they sure as hell did very little to prevent it. Come on people, 60000000 euro or 70000000 USD. Those who are defending NH and asking for a restart are obviously people that either:
- didn't loose any/a lot of money.
- or are rich/near rich in real life.

That's all I have to say about it.

[Fedrey]

Every network, server or computer system can be hacked. If you think otherwise you are a fool.

I agree. Accepting that you can only come to one conclusion:

Holding 60 000 000+ euro (or 70 000 000+ if you want) in a HOT wallet is PURE NEGLIGENCE.



I really hope some fat cat will sue them. As a community we can not let stuff like this happen.

Even if it turns out that they are not behind this theft, they sure as hell did very little to prevent it. Come on people, 60000000 euro or 70000000 USD. Those who are defending NH and asking for a restart are obviously people that either:
- didn't loose any/a lot of money.
- or are rich/near rich in real life.

That's all I have to say about it.

proceeding from all the above, it is necessary to draw conclusions that a person who has an attractive possession or income will always attract the attention of those who want to get it all. Thus, the risks of being hacked increase. Therefore, I completely agree with you that such figures are a very tasty morsel for hackers.

[Sledge0001]

I agree. Accepting that you can only come to one conclusion:

Holding 60 000 000+ euro (or 70 000 000+ if you want) in a HOT wallet is PURE NEGLIGENCE.


[/quote]

Ignorance is no excuse right! They should have had a few safety valves built in for sure.

[MiningDoc]

According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

What obligation are they bound to that says they have to pay us what is owed when coins are stolen?  They are not an insured bank, they are not a Registered Currency Exchange Business and don't have to follow the guide lines/laws of an exchange.  They don't have to follow KYC regulations.  So I'm curious, other than a "moral" obligation (which would be great to see happen), what makes them have to pay users back?  Nothing (if it wasn't them).  The only way we get money back would be if they actually catch the person whole stole the coins, then they can return "stolen" property.

stop talking out of your ars, you don't know shit about the company and EU regulations, if they even failed on basic regulatory checks they can go to jail. the question is about negligence and that means jail time buddy. Like I said I really want the service back but authorities don't give a shit they just want to put someone in jail and get their Brownie Coins(plugging Brownie Coins here)

I wasnt talking about if they go to jail or not.  Not sure where that even came from.  The only thing i said is that they wont be under any obligation to pay back users for funds that were stolen.  Look at all the companies that claimed theft, and the law suits filed.  Has anyone gotten restitution?