I hope this post does not get deleted, because my posts were getting deleted.
Not by us, we can't delete any posts here, and if your posts got deleted on bitcointalk.org, you are probably in the wrong. Also, complaining about deleted posts is a bit rich, after your company locked up the thread started by us on your subreddit.
I am making this post on my behalf, has nothing to do with NiceHash and NiceHash is not aware of it. This is my personal view and NOT a statement from NiceHash.
So what exactly is your position in NiceHash? Owner, CEO, just another employee? Did you had any part in taking these decisions? You can't have it both ways - talking like you own (or at least run) NiceHash, then go back to just sharing your "personal view".
Let's start with timeline several months ago, before the big BTC hype, when BTC was still just around 10k. Who was mining back then? Old school miners...
Fortunately (at least from our perspective), the vast majority of miners are still old school.
Yes, NiceHash do have 3rd party EULA that every user has to confirm, but like I mentioned before, nobody was reading that. People gave jack shit about it and really didn't care. They were under complete illusion that "NiceHash is a big company, they surely must have taken care of what I am installing, no?". Perhaps if this happened and there was a court case, NiceHash could win, but that doesn't mean NiceHash would survive.
Let's just stop with all this nonsense about "corporate responsibility". The most important reason to create a corporation, is to limit the responsibility of the owner(s)! But even if we accept that you were genuinely concerned for your users, where is the huge post on your site, warning users about the latest Windows vulnerability for example? Where is the post saying "format your disks, install the latest revision of Windows 10 immediately by downloading it directly from Microsoft, and change all your passwords because of XYZ"?
And when we took a deeper look - developer gone for 1.5 months, constant attempts to push 5.5d bins, someone was doing hash checks and said these don't match (not sure why that was but as later found out - probably because of different zip files), it was just a big panic and a race with a time - if there is a malicious attempt, we need to inform users ASAP and reduce possible damage.
Posts with fake versions of PhoenixMiner have appeared on this thread for years! All of them were promptly removed by the moderators.
What changed on March 6th (besides MEGA deleting our account)? And the story about the checksums is pure BS. Of course the checksums of the fake 5.5d won't match with these that are posted by us here - that is the whole point of the checksums!
Considering how long developer did not react (it must have been like 3 days), we were sure he/she/they are not coming back and the only question remaining was: is there an exit scam or not?
Yes, we are guilty of not reacting in time. The only thing that we can say in our defense, is that none of us really subscribes to, or participates in the modern way of living our lives "online" all the time. We check our devfee hashrate for any indication of anything wrong happening multiple times a day but otherwise, we keep our work and our lives mostly offline except around the releases of the PhoenixMiner. Perhaps we were too complacent, and we have taken steps to make sure we react much faster should anything like this happens in the future.
But on Monday morning, look, developer is back! I was sure, we need to make an apology now. Even though, we never said that there is malware, we only warned users there COULD be, people panicked and simply overlooked our "COULD" word. So, my belief was to make a sorry statement at least for this indirect damage. And if you ask me, I am still sorry for this. I know what it means, if developer intentions are not harmful, and until there is name to be kept, I am sure, intentions are not harmful. I know how much damage from reduced income this must have caused. But I cannot decide for the company what statements to give out. This is not in my power and voting was against doing this. If it helps you PhoenixMiner, personally, I am sorry for this, truly I am.
A five-year-old would come up with a better apology. "I'm sorry, but it wasn't my fault anyway."
Now, let's also debate the other very suspicious events that were going on before developer reappeared and which do not make much sense and were completely unnecessary and must have been related to something else, which made the whole disappearance even more suspicious. I believe, if there were none of these activities, things would probably go into different direction, perhaps even towards official sorry statement.
So, after the announcement was made, there was immediate FUD by Josip Juhas, that NiceHash has pushed malicious 5.5d binaries to all NiceHash users and that this is just a campaign to fix own mistake. I have asked Josip to take this statement down, because it was not true. It was not true according to the source code, which is publicly available and everyone can analyze and confirm that this could not have happened unless the real developer pushed these bins on Mega.nz. Also, not a single user reported getting 5.5d bins and nobody reported anything about being infected. But Josip Juhas continued pushing this FUD to the point so others have copied his statement, including Alchemy from RedPandaMining and this statement was then spread by RedPandaMining all around the community through his YouTube channel. Besides that, someone (definitely not developer) also started massive shill campaign on all social media posting either this exact same FUD about 5.5d binaries being pushed or diversion - some events from NiceHash's history to discredit NiceHash warning as false and as something you really don't have to worry about. I cannot prove who was behind this campaign, but if developer wasn't available, then I would guess it was definitely NOT the developer. And the developer would be the only one having interest doing that. So who else would be doing that? I still don't know, but if I'd have to point my finger I'd say Josip Juhas. It fits his profile. Why?
OK, let unpack this. You obviously have a beef with this person, and you may very well have good reasons for this. So, let's set the record straight: we don't have any business with him, the only association is that we added link to minerstat in our main post after he asked us nicely in a PM - the same as with the other few links in our first post. None of them paid us with fiat, crypto, or in any other way, all they did was to tell us "Hey, we are featuring your miner on our site/service/whatever since forever, would you add a small link to us?". After a quick check of the website or service in question, we did add a link. We can't do detailed background check or ask them for they real identities, nor do we want to. We never received any complains about these services being untrustworthy, or malicious.
With that being said,
why can't you admit that you have created this shitstorm yourself? The hysterical blog post of your site was indicative of something much more serious than "
the developer of PhoenixMiner disappeared, and his MEGA account was deleted". Given your past security record, a lot of people probably thought that there must be something that you are not telling them, like mistakenly pushing the fake version of PhoenixMiner on their PCs, and then trying to absolve yourself of any responsibility.
So, you have to either admit your employees are grossly incompetent, or that you had created this FUD campaign for other reasons. We don't think your employees are that incompetent.
Let me tell you something about Josip Juhas, aka minerstat owner. Josip Juhas was convicted two times in Slovenia and spend some time in prison.
...
How do I know this? Josip Juhas once worked for NiceHash. He resigned somewhere in the middle of 2017. He wasn't fired, he resigned, let me make this very clear.
Let us get this straight. You knew about his criminal past, yet you hired him? Well, this sure seems to be a recurring theme in NiceHash! In contrast, none of the people on our team were ever convicted, or even accused of any criminal activity. It's probably part of the reason why we can't find common ground - your environment and values are quite different than ours.
So, be very careful when you deal with him. Never make any business with him. Better not even talk to him.
...
And regarding Josip Juhas. Well, we can just hope that he doesn't murder us all... because after all... he could be capable doing that.
Don't worry, we are not making any business with him (in case your concern is genuine). However the same goes for you. Your attempts to make us reveal our real identities were quite chilling. After all this, can you blame us that we don't want to reveal our identities? We don't have a problem with our respective governments knowing our identities, as we pay all required taxes, but we won't risk our well-being just so that you can have piece of mind by knowing who we are.
So, what will happen now in the future? NiceHash Miner will introduce some way of putting PhoenixMiner back in, it just isn't going to be automatic download by NiceHash. That is just way too risky. When people manually insert miners in, then NiceHash cannot be responsible for anything malicious if it ever happened. Similar destiny awaits all other anonymous miners. We don't hate PhoenixMiner and we did not want to destroy PhoenixMiner. This is just malicious talk. There was a risky situation and we had to take extraordinary action to protect NiceHash.
Nothing changes for us too. We will warn people to be cautious when doing business with NiceHash. There are just too much shady things connected to your company - people with past criminal activity, security breaches, theft of huge amount of BTC, not taking any responsibility for preventing 51% attacks on the weaker coins through your service (how hard could it be to detect the mined coin by the DAG epoch, and to sound the alarm if someone tries to mine XYZ with more than 51% of the current network hash?).
Finally, let's just stop with this BS, as it benefits no one. Everyone can make their own conclusions, and we are are sure that most miners have much better things to do with their time than reading about this storm in a teacup. We know we do.
