[ANN] NiceHash.com - sell & buy hash rate cloud mining service / multipool

[scyth33]

yes, something is wrong with the site's 2FA.... how is it I am able to log in without entering 2FA (I have 2FA enabled)

edit: and who is renting 20ph/s?!

[olcaytu2005]

yes, something is wrong with the site's 2FA.... how is it I am able to log in without entering 2FA (I have 2FA enabled)

edit: and who is renting 20ph/s?!

There is something definetly wrong here.

They have sent me 2FA secret code so I deactivated the hacker's 2FA and activated one from my own personal phone where I haven't used on nicehash for 2FA before.

GUESS WHAT HAPPENED? HACKER STILL WAS ABLE TO RENT HASH! WITHOUT HAVING ACCESS TO MY PHONE'S 2FA.

There is a huge security leak and all the funds on the site in completely insecure. Someone found a backdoor and renting hash from people.

I'm %100 sure of this and will start a detailed thread in Scam Accusations later today as hacker could have easily withdrew my btc, instead he opened orders and he didn't get logged out when I changed the password 3 times, there is no way he accessed my account with a password. Also I tried to withdraw the remaining btc which was 0.023 and he didn't cancel it. He could have if he really was in the account.

I urge everyone to withdraw your bitcoins from this website as it is way insecure.

[NiceHashSupport]

yes, something is wrong with the site's 2FA.... how is it I am able to log in without entering 2FA (I have 2FA enabled)

edit: and who is renting 20ph/s?!

There is something definetly wrong here.

They have sent me 2FA secret code so I deactivated the hacker's 2FA and activated one from my own personal phone where I haven't used on nicehash for 2FA before.

GUESS WHAT HAPPENED? HACKER STILL WAS ABLE TO RENT HASH! WITHOUT HAVING ACCESS TO MY PHONE'S 2FA.

There is a huge security leak and all the funds on the site in completely insecure. Someone found a backdoor and renting hash from people.

I'm %100 sure of this and will start a detailed thread in Scam Accusations later today as hacker could have easily withdrew my btc, instead he opened orders and he didn't get logged out when I changed the password 3 times, there is no way he accessed my account with a password. Also I tried to withdraw the remaining btc which was 0.023 and he didn't cancel it. He could have if he really was in the account.

I urge everyone to withdraw your bitcoins from this website as it is way insecure.

There was no security breach, only certain accounts were hacked by some russians, because people were using same u/p as on other sites (that leak db of u/p or had a hack). Never EVER use same u/p on sites. BTW, if your 2FA is active, you cannot make withdraw or place an order without the code, so you are basically locked.

[Aplayer]

Which sites (that leak db of u/p or had a hack)?

[olcaytu2005]

Can you explain why there are no simple basic protections:

1. When password is changed, site must force all logged in users out. SIMPLEST RULE.
2. When someone wants to set a 2FA, an email verification should be needed. SIMPLEST RULE #2.
3. I deactivated hacker's 2FA with your code and created my own 2FA, but hacker WAS ABLE TO RENT HASH SOMEHOW. HOW CAN THIS BE IF THERE ARE NO SECURITY BREACHES?
4. I opened a withdrawel request, he could have cancelled and battled me again by putting orders, but he didn't, or more importantly HE COUDLN'T.
5. I informed nicehash of the hack when only 0.02 was gone, they didn't LOCK THE ACCOUNT. Every other exchange or renting service out there locks the account immidietly.
6. Why nicehash doesn't have basic protection safe guard to protect their costumer's funds?

So basically you are lying infront of everyone reading. HACKER WAS ABLE TO PUT AN ORDER EVEN WHEN I RESETTED 2FA AND PUT IN ON MY PHONE. You are either working with the hackers and hoping no one will notice or be loud enough or you just don't care about your costumer's funds.

I SPOTTED HACK WITH A MINIMAL LOSE, ONLY 0.02. AND THATS ON ME, MY RESPONSBILITY. BUT THAN I CHANGED MY PASSWORD AND EMAILED TO YOU IMMIDIETLY. After that, IT IS YOUR RESPONSIBILITY.

You are no different than those "hacker Russians" if you keep on insisting that your faulty, poorly coded weak system just helps HACKERS STEAL THE FUNDS. There is even no IP notification.

I demand a compensation of my stolen funds THAT ARE CAUSED BY YOUR FAULTS and you to accept responsbility and correct your site's mistake. I will not stop following this and will be informing everyone, everywhere. You can't get away with this.

[mrxzmey]

Hello.
nicehash. You add new updates to CLAYMORE ZCash AMD GPU Miner v4.0 ??

Miners pass new updated CLAYMORE ZCash AMD GPU Miner v4.0
But after that the Course  start to fall and the force twice, my miner  is no longer profitable at all..

I was still trying to manually connect your pool nice ... I did not get. Saw a new miner or tell me how to set up pool CLAYMORE in ZCash AMD GPU Miner v4.0

[crazyivan]

I d really like to see more mining option besides Zcash and Ether. I ve been using Nicehash for months and these re only 2 coins I have ever been able to mine. Are there any plans for enabling users to mine something else, like multipool?

[olcaytu2005]

Niki on reddit confirmed that my loss what due to your faulty code, security issue.

https://www.reddit.com/r/NiceHash/comments/5cb1a4/nicehash_made_me_lose_022_btc_i_ask_for_a_refund/

BEWARE GUYS. SUDDENLY YOUR ACCOUNT MIGHT GET HACKED AND EVEN IF YOU SPOT THE HACK AND CHANGE YOUR PASSWORD OR EVEN 2FA THE HACKER WILL STILL BE LOGGED IN AND WILL BE SOMEHOW USING YOUR 2FA TO MINE.

[Joemid]

Hello

What gtm used nicehash?

I need to know the hour of my the paid in my country

[ShooterXD]

Niki on reddit confirmed that my loss what due to your faulty code, security issue.

https://www.reddit.com/r/NiceHash/comments/5cb1a4/nicehash_made_me_lose_022_btc_i_ask_for_a_refund/

BEWARE GUYS. SUDDENLY YOUR ACCOUNT MIGHT GET HACKED AND EVEN IF YOU SPOT THE HACK AND CHANGE YOUR PASSWORD OR EVEN 2FA THE HACKER WILL STILL BE LOGGED IN AND WILL BE SOMEHOW USING YOUR 2FA TO MINE.

Maybe you have some spyware, and this got your nicehash password.

Sorry about your loss

[TR8888]

Damn Nicehash, Your servers are shit.

I have 13 rigs connected and 3-4 of them constantly disconnect

08:03:07:859   139c   ZEC: Stratum - Cannot connect to equihash.eu.nicehash.com:3357
08:03:07:859   139c   ZEC: Stratum - Failed to connect, retry in 20 sec...
08:03:27:865   139c   ZEC: Stratum - connecting to 'equihash.eu.nicehash.com' <37.58.117.214> port 3357

Sort this shit out.

[olcaytu2005]

Niki on reddit confirmed that my loss what due to your faulty code, security issue.

https://www.reddit.com/r/NiceHash/comments/5cb1a4/nicehash_made_me_lose_022_btc_i_ask_for_a_refund/

BEWARE GUYS. SUDDENLY YOUR ACCOUNT MIGHT GET HACKED AND EVEN IF YOU SPOT THE HACK AND CHANGE YOUR PASSWORD OR EVEN 2FA THE HACKER WILL STILL BE LOGGED IN AND WILL BE SOMEHOW USING YOUR 2FA TO MINE.

Maybe you have some spyware, and this got your nicehash password.

Sorry about your loss

Read the incident, this has nothing to do with spyware. They refuse to answer even though they have confirmed an issue on their side. UNTIL THEY DO A FULL EXPLANATION AND COMPENSATE STAY AWAY FROM THIS SCAMMERS AS THE HACKERS WERE ALSO SUPPOSEDLY RUSSIANS.

Scam accusation thread: https://bitcointalk.org/index.php?topic=1677837.0

Please support so same thing won't happen to you. You might suddenly lose all your btc and can't do anything about it even if you change your password or 2FA.

[thedreamer]

..or don't keep a lot of BTC in the wallet and use them as it is needed.

IF it is truly accessed by someone, even if you have 2FA on, it is an internal job, almost always as it is nearly impossible to hack a desktop AND
a mobile device at the same time for the same person.

[nicehash]

Hello,

@olcaytu2005

First of all we would like to say that security and user satisfaction is of course very important to us. We are working very hard to provide an excellent service for hundreds thousands of users and we are doing this job for several years.
 
In this particular case the accusations and complaints from user olcaytu2005 are over reacted and also false. You all know that 2FA protection is standard and essential when dealing with funds. Also protecting your account with proper passwords and making sure your password is changed over a particular period of time adds additional level of security to your account. olcaytu2005 hasn't followed these standard practices and this is why his account got hacked and funds were lost.

If 2FA would be enabled from the begging, this would not happen and no funds would be lost.

Regarding the particular issue with changing passwords and still active open concurrent sessions. There was indeed a particular specific issue in this case and we've already added additional layer of protection to make sure this kind of scenarios would not happen again. Nevertheless, once again we have to say that even with this exceptions nobody could do any harm to your account if you would enable 2FA right after you registered your account or before you started dealing with funds on your account.

It is also very important to note that our system was not compromised or hacked. It was just the user's account by someone stealing/guessing his login credentials from his personal computer or other sources.

As far as refunds are concerned - any business or institution that has to do anything with financial transactions clearly states no refunds on any kind of financial loss. No matter who's fault is it in the end - this is also clear from our Terms of use, available on our website. Since we care a lot for our users satisfaction we have still done some refunds and compensations in the past for various kind of issues that were an actual result of service issues - for example, order was charged but not placed properly due to system overload, etc.. But we will never do any refunds due to user's faults. If we would do this then anybody could say that he needs some kind of refunds for thousands of possible issues you can make up.

Therefore - once again - olcaytu2005, we are very sorry for the funds you've lost and understand your situation, but unfortunately a refund in this case is not possible since you didn't follow standard security practices such as enabling 2FA before doing any kind of operations with funds. Thank you for understanding.


Best regards,
NiceHash team.

[alucard20724]

when is silentarmy v5 going to be incorporated into nicehash miner?  and are you looking into incorporating the gains that clamore has?.. when's the next update?

[olcaytu2005]

..or don't keep a lot of BTC in the wallet and use them as it is needed.

IF it is truly accessed by someone, even if you have 2FA on, it is an internal job, almost always as it is nearly impossible to hack a desktop AND
a mobile device at the same time for the same person.

That is what Im thinking.

They've sent me a 2FA reset code and I deactivated hacker's 2FA and put my own 2FA. But guess what, hacker was still ABLE TO put orders...

Niki on reddit confirmed that my loss what due to your faulty code, security issue.

Niki (from general support team) answered with this:

we already fixed the raised security issue

(singular)
To your

When password is changed, site must force all logged in users out.

(singular)
As this is fixed, there are no other security issues. Even this one is not critical and would not lead to your loss of funding in any possible way as attacker would only be able to see your past order(s) and not make them.

To make an order or to withdraw the funds you need to access 2FA.
And there is no way for anyone to hack 2FA, so it must be a leak caused by a malware on your device(s).

So, the security issue that caused those who previously logged in out, costed me 0.22 btc. Because I changed my password when I spotted the hack. Take responsibility.

@nicehash, you are accepting that your site's security code was broken but you deny to take responsibility. This show how unprofessional you are. I answered you in my scam accusation thread and I'll let everyone know that you are either working with the hackers (due to the fact that hacker was able to put orders even after I resetted 2FA) or you don't take responsibility for your fault.


TO EVERYONE READING THIS: THEY HAVE ACTUALLY CORRECTED THE ISSUE AND NOW THE WEBSITE FORCES YOU OUT. AS IT SHOULD BE. BUT I LOST MONEY DUE TO THIS ISSUE.

[PublicP2poolNode]

I'm wanting to set up a p2pool node.
What state is westhash server located so I can set up a VPs as close as possible?

[salve80]

Hi
I'm new here and i have some questions about nicehash.
for a short time i rent 0.035 Phash/s for 1h and i paid 0.016 btc if i look to the main-page, but
if i go to details, there is 0.0007 btc?! ... why that?
do i pay extra for order, cancel, change limit,... ?!?
for 0.016btc i should get 0.035 Phash/s for about 11h and not 1h ?

take a look here


please help.
salve

EDIT:
After i checked the real refund in the history, it looks ok now..
the result on the order-page is not entirely correct.
but the main result is right! 


btw.. nicehash is cool!

[salve80]

It's hard to help you with no additional information regarding the order. It would be best if you send more details to info@nicehash.com and we'll help you out.

But it might be that you didn't set a limit or you set wrong limit on your order.

Down at chart, where you see 0.00072607 - it's how much you spent at the given time.
We have no cancellation fees. On cancelled order, we return the remaining funds to your NiceHash wallet.
We only take some order fee and fixed non-refundable fee of 0.0001 BTC and that's all.

It would be best that you send us your ORDER ID so we can investigate this for you.

ok i sent it to info@nicehash.com

[skyline_king]

I need some help if anyone can do that...
I set up zcash worker a supernova and set it up same way any other worker set up my order on nice hash bit I keep getting difficultly is to low. I then set worker pass as d=8192 and I am still getting same thing. So any help would be great