Mining Service Nicehash Hacked, $60 Million in User Funds Stolen

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Dec 7, 2017 at 11:12 AM.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    11,274
    Joined:
    Aug 20, 2006
    The mining service Nicehash was reportedly hacked, with over $60 million in funds stolen. Users report that funds have been moved from their own internal Nicehash Bitcoin addresses to a single Bitcoin address controlled by an unknown party.

    Nicehash isn’t a mining pool, per se. Rather, it’s a site that allows owners of mining equipment to rent out their hashpower to buyers. Sellers of hashpower find it convenient because they don’t have to spend as much time finding the most profitable coins to mine. Buyers are happy that they don’t have to buy expensive mining equipment for what may merely be a short but intense bout of mining.
     
  2. thenapalm

    thenapalm Limp Gawd

    Messages:
    299
    Joined:
    Dec 6, 2001
    Someone is going to have to work very hard to get at the $60 million stored in a pickle jar buried in my back yard.
     
  3. bugleyman

    bugleyman Limp Gawd

    Messages:
    196
    Joined:
    Oct 27, 2010
    Tell us more. :LOL:
     
    prtzlboy and tetris42 like this.
  4. Master_shake_

    Master_shake_ 2[H]4U

    Messages:
    3,736
    Joined:
    Apr 9, 2012
  5. ir0nw0lf

    ir0nw0lf [H]ardness Supreme

    Messages:
    5,807
    Joined:
    Feb 7, 2003
    Like where said back yard is. :greedy:
     
    tetris42 likes this.
  6. Hypernova

    Hypernova 2[H]4U

    Messages:
    2,243
    Joined:
    Jan 16, 2007
    Good thing I cleaned out my account worth 0.25 BTC to lock in some profits on Monday, that was a close one.
     
    Ziontrain and buttons like this.
  7. Joust

    Joust [H]Lite

    Messages:
    100
    Joined:
    Nov 30, 2017
    $60 Million? That's like, what, 12 coins these days?
     
    RogueTadhg likes this.
  8. Imhotep

    Imhotep Limp Gawd

    Messages:
    441
    Joined:
    Feb 12, 2014
    Another inside job. Hey, its Christmas the boys at Nicehash felt like giving themselves a bonus :D
     
    face2palm and Master_shake_ like this.
  9. Joust

    Joust [H]Lite

    Messages:
    100
    Joined:
    Nov 30, 2017
    $60 million is a healthy, healthy bonus. But crime is not such a good thing.
     
  10. Bowman15

    Bowman15 [H]ard|Gawd

    Messages:
    1,042
    Joined:
    Apr 7, 2015
    Somebody accidentally hit the C button on their calculator money...
     
  11. tunatime

    tunatime 2[H]4U

    Messages:
    2,926
    Joined:
    Sep 15, 2011
    never use an online wallet learned that lessen years ago when i lost like 50 of them to some kinda hack. cold storage and only transfer to exchanges and what not to sell
     
  12. Imhotep

    Imhotep Limp Gawd

    Messages:
    441
    Joined:
    Feb 12, 2014
    It was $ 60 million yesterday morning today its more like $ 100 million.
     
  13. sfsuphysics

    sfsuphysics I don't get it

    Messages:
    12,064
    Joined:
    Jan 14, 2007
    That must have been a lot of damn pickles you ate!
     
  14. Pandur

    Pandur Limp Gawd

    Messages:
    274
    Joined:
    Apr 4, 2000
    Yeah. That's my bet to.
     
  15. tetris42

    tetris42 2[H]4U

    Messages:
    3,274
    Joined:
    Apr 29, 2014
    It's Bill from Bill & Ted!
     
  16. face2palm

    face2palm Gawd

    Messages:
    550
    Joined:
    Sep 16, 2011
    Holy shit! That really is him.
     
  17. DocFaustus

    DocFaustus 2[H]4U

    Messages:
    2,813
    Joined:
    Sep 22, 2002
    I am confused.... if someone stole ALL of those coins, how can they still have any value?

    As in, who puts that much value into a fatally broken system AFTER it is proven to be broken?
     
  18. shad0w4life

    shad0w4life Gawd

    Messages:
    577
    Joined:
    Jun 30, 2008
    The account will be heavily monitored and all transactions will have a record, so getting the money is going to be pretty hard without getting busted or an exchange allowing them to transfer funds in etc etc.

    very curious how they get their money from this as every single transaction will have a record.

    Not like holding physical money where you could gamble some in a casino, and slowly trickle it out without drawing much attention
     
  19. DocFaustus

    DocFaustus 2[H]4U

    Messages:
    2,813
    Joined:
    Sep 22, 2002
    That's exactly what I don't understand. If all transactions are traceable, it seems people can get their currency back. However, if it is untraceable, then who would continue to buy a flawed currency, hence driving the value of said currency to zero.

    Either way, I don't see how the thieves can profit from this. And if they can profit, then maybe whomever they profit from going forward deserves to get burned.

    caveat emptor
     
  20. and713

    and713 [H]Lite

    Messages:
    83
    Joined:
    Nov 5, 2009
    Had just started using their service, got me for .006 BTC, or almost 100 bucks with the huge upswing in the last couple days. Lesson learned.
     
  21. buttons

    buttons [H]ard|Gawd

    Messages:
    1,843
    Joined:
    Oct 12, 2011
    I cashed out friday, but still lost $150.. even worse i have not found a replacement pool / coin to mine that is nearly as simple, stable, profitable. I was making $35 a day when this happened. Now im making maybe $5-7 a day
     
  22. Mega6

    Mega6 n00bie

    Messages:
    46
    Joined:
    Aug 13, 2017
    Being $16.5K a coin, you don't have to leave a large trail. Also, there are online mixers to utilize - this all must be done in slowly over time in small increments. Impatient thieves get caught. A BTC miner source to trade BTC with would be ideal. Coins could be laundered with newly minted BTC in an exchange of the dirty BTC. Rinse and repeat.
     
  23. and713

    and713 [H]Lite

    Messages:
    83
    Joined:
    Nov 5, 2009
    I have no fantasy of getting my, relatively, small amount of money/BTC back, but hopefully they can catch whoever did it. Probably an inside job given the criminal record of the CTO. Hopefully the FBI/Interpol can track the BTC and catch these folks. Apparently during the first silk road sting they followed the BTC to get the guy. I doubt law enforcement will care nearly as much just about money/BTC though as a black market exchange.

    I agree, the GUI of nicehash was way better to use than anything I've found. I'm using winminer now, but it doesn't support partial GPU mining, which is a killer for me since I was normally just mining on my 2nd 980 TI while using my computer. It's all or nothing for me now.
     
  24. Burticus

    Burticus 2[H]4U

    Messages:
    2,502
    Joined:
    Nov 7, 2005
    I stand to lose zero dollars / bitcoins / meth-cash / hookerfunds
     
  25. Mega6

    Mega6 n00bie

    Messages:
    46
    Joined:
    Aug 13, 2017
    Sorry, don't trust my hard earned property to "the cloud". Never let earning accumulate, remediate earnings to a local source frequently and archive.
     
  26. and713

    and713 [H]Lite

    Messages:
    83
    Joined:
    Nov 5, 2009
  27. and713

    and713 [H]Lite

    Messages:
    83
    Joined:
    Nov 5, 2009
    Update, the livestream was only like 6 minutes and didn't answer anything.
     
  28. Riccochet

    Riccochet Necrodancer

    Messages:
    22,684
    Joined:
    Apr 11, 2007
    The dude on the right looked coked up.
     
  29. tetris42

    tetris42 2[H]4U

    Messages:
    3,274
    Joined:
    Apr 29, 2014
    That's what you think.
     
  30. Mega6

    Mega6 n00bie

    Messages:
    46
    Joined:
    Aug 13, 2017
    Remember how Cryptsy profited? Owner scammed everyone and flew the coop.
     
  31. Semantics

    Semantics 2[H]4U

    Messages:
    3,157
    Joined:
    May 18, 2010
    Sell it all to venezuela i hear they're interested
     
  32. Omegas

    Omegas [H]ardForum Junkie

    Messages:
    9,610
    Joined:
    Jan 19, 2007
    My guess is neither of them have slept at all since the first SHTF phone call.
     
  33. TwistedAegis

    TwistedAegis [H]ardForum Junkie

    Messages:
    8,824
    Joined:
    Oct 7, 2009
    Does running a math program that generates digits and watching the digits' worth go up 1,000,000% count as hard work?
     
    Spartacus likes this.
  34. odditory

    odditory [H]ardness Supreme

    Messages:
    4,226
    Joined:
    Dec 23, 2007
    You are a little confused. This wasn't a blockchain failure. The US dollar likewise doesn't lose value just because a bank gets robbed.

    Perhaps you don't follow cryptocurrency or care to learn how it works at a basic level, but to anyone actually involved in crypto and mining, this was an inside job where the greasy slovenian owners of Nicehash cashed out the system's float of $60M - and by cashed out I mean this was too strategically timed to be coincidence -- BTC at ATH and right before the anticipated CME pump&dump next week.

    And they pretended to be "hacked", gave it a day, then went and cried on cam with looks of deep concern while trying to suppress laughter as they invited kiddie miners back to repeat the cycle all over again.

    It's brilliant actually.
     
    Last edited: Dec 7, 2017 at 6:43 PM
  35. Kdawg

    Kdawg Limp Gawd

    Messages:
    366
    Joined:
    Aug 12, 2017
    does anyone ever get their money back when digital currency is stolen?

    This is why I don't use bitcoin. There's no accountability.
    Also, selling coins is an excessive burden, and you are at the mercy of the huge volatility.
    I read that it takes up to a week to sell your shit, and your sell price is based on the bitcoin value the minute your transaction clears.
    In the meantime, your bitcoin could take a huge dump in value, and perhaps have no way to cancel the transaction in time.

    The other part of me is saying why the fuck didn't I buy $10000 in January. I'd have $160000 right now, driving a nice car.
     
    Last edited: Dec 7, 2017 at 6:58 PM
  36. MrDeaf

    MrDeaf [H]Lite

    Messages:
    105
    Joined:
    Jun 9, 2017
    Running coin miners is a managerial position. You don't have to work at all, until something dun fuck up and you have to go fix it.



    So there has been a lot of bitcoin thefts recently.
    Pointing fingers, at this point in time, would be pure speculation, but the scale of all this feels like it is a state level hacking group.
    And I can think of only one nation that is strapped for cash, but with the resources to run such a (sophisticated) hacking group.
     
  37. and713

    and713 [H]Lite

    Messages:
    83
    Joined:
    Nov 5, 2009
    That dude is Matjaz Skorjanc, a dude who did 5 years for creating the Mariposa botnet, and got a bunch of other people arrested too back in 2010 while running a dark web forum. I really wish I had known this going in with nicehash, Linus on LinusTechTips recommended the service so I figured it was legit. That's what I get for not doing my own due diligence.
     
  38. Mega6

    Mega6 n00bie

    Messages:
    46
    Joined:
    Aug 13, 2017
    Does investing in equipment and hours of personal time count as hard work when you get a 30 fold increase in value and had fun doing it? Probably not.
     
    Last edited: Dec 7, 2017 at 7:47 PM
  39. Delicieuxz

    Delicieuxz Limp Gawd

    Messages:
    295
    Joined:
    May 11, 2016
    I don't know if this is related, but my Origin account details were apparently sold on a hacked gaming account site shortly after the Nicehash hack. I use many different passwords for various different sites, which aren't simple and guessable, and I haven't written down or shared them anywhere, but not all of them are different from each other. It's possible that I had a Nicehash account (I have various crypto-coin accounts that I used to use, not sure whether I had one at Nicehash), and that my account details were acquired from that hack.

    I was able to get my account back from Origin easily, and I also got all the personal details of the person who bought the hacked details for my Origin account. I posted their personal details on LTT, though the thread was deleted. Guess I won't bother posting them here.