Slashdot Mirror

← Back to Stories (view on slashdot.org)

NiceHash Hacked, $62 Million of Bitcoin May Be Stolen (reddit.com)

Posted by BeauHD on from the up-in-the-air dept.

New submitter Chir breaks the news to us that the NiceHash crypto-mining marketplace has been hacked. The crypto mining pool broke the news on Reddit, where users suggest that as many as 4,736.42 BTC -- an amount worth more than $62 million at current prices -- has been stolen. The NiceHash team is urging users to change their online passwords as a result of the breach and theft.

52 of 79 comments (clear)

  1. Inside job by Anonymous Coward · · Score: 1

    Hacked by its employees more like
    1) setup trading site
    2) wait until the pot is full
    3) announce hacked
    4) keep the loot

    1. Re:Inside job by sexconker · · Score: 1

      Yup. Guaranteed inside job.

    2. Re:Inside job by indi0144 · · Score: 2

      1) not a trading site, a pool.
      2) Pot is never full, everyone cash out as soon as they can
      3) Proff of hacking?
      4) You cant just keep bitcoin you claim was stolen, the balance and transactions are open for the world to see.

  2. Re: Let me be the first but not the last to say... by Anonymous Coward · · Score: 1

    FDIC says what?

  3. Re: Let me be the first but not the last to say.. by Anonymous Coward · · Score: 1

    NiceHash you got here. Be shame if anything happened to it. /got nuthin'

  4. Re:Let me be the first but not the last to say... by sexconker · · Score: 1, Insightful

    Learn what? Not to trust others with your Bitcoin? That's been the #1 rule since day 1. Treat Bitcoin like cash.
    Putting any appreciable amount in an online wallet or exchange is just asking for it to be taken.

  5. The horse has run off... by sgage · · Score: 2

    "The NiceHash team is urging users to change their online passwords as a result of the breach and theft." ... quick! Close the barn door.

    Sheesh.

  6. Apparently that's insignificant now by poached · · Score: 1

    Seems like the bitcoin value is unfazed despite this hack. Trending at near $14000 now.

    1. Re:Apparently that's insignificant now by SlaveToTheGrind · · Score: 4, Insightful

      I think it's beyond question that the irrationality has reached a fever pitch.

    2. Re:Apparently that's insignificant now by rtb61 · · Score: 1

      Not by accident. It is happening on purpose big money keeps buying on low trading volumes, the real trick now is keeping up values whilst they dump bitcoins. The attack on bitcoin exchanges are getting far more organised, now beyond simply organised crime, now major security contracts and even governments are jumping in to take down, pretty much legally unprotected bitcoin exchanges. If you steal real currency from those exchanges a real crime, for hacking their computer systems a real time, for stealing bitcoin, not so much, how do you steal imaginary money, you sort of don't really (perhaps copyright and trade mark infringement). Sort of like wanting someone to be prosecuted for stealing monopoly money, the board game that is.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:Apparently that's insignificant now by smallfries · · Score: 1

      Interesting signs:

      1. A bunch of friends who have no interest in bitcoin were debating the energy costs last night.
      2. It's mainstream new this morning that it has spiked another $2000 dollars.
      3. Browser adverts this morning are "make $1,241 in a single day trading bitcoin!".

      So, yeah we are approaching fever pitch. Looking back at the price graph over the past year shows a dramatic acceleration in growth bursts: 2-3 months, 1.5 months, now about a single month. Higher speed of growth each time. I reckon it will pop within a month - and there is normally a dip in trading over christmas.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    4. Re:Apparently that's insignificant now by SlaveToTheGrind · · Score: 1

      It is happening on purpose big money keeps buying on low trading volumes, the real trick now is keeping up values whilst they dump bitcoins.

      Yeah, I wasn't aware of the low volumes -- that makes perfect sense. Just another confirmation that the downslope is in sight.

  7. "Theft". Heh. by xxxJonBoyxxx · · Score: 1

    What's the easiest way to make money off a bunch of people who are trusting you with their valuables? The only thing missing here is the insurance claim after the "theft"...

  8. Re:I had $10 mined there by sgage · · Score: 1

    Probably spent $10.29 in electricity doing it, too.

  9. Serious Business by American+AC+in+Paris · · Score: 1

    The first rule of Bitcoin is: never trust anyone anywhere ever

    The second rule of Bitcoin is: keep telling yourself you're not the mark

    --

    Obliteracy: Words with explosions

    1. Re:Serious Business by viperidaenz · · Score: 1

      If you're in a mining pool, don't you have to trust the pool?
      If you're not, isn't it pretty much impossible to mine anything?

    2. Re:Serious Business by Jane+Q.+Public · · Score: 1

      No, the second rule of Bitcoin is actually 1a:

      Never leave your Bitcoins in an exchange.

  10. The users are amazing by imidan · · Score: 5, Insightful

    What's truly bizarre to me, after looking at the Reddit thread, is all the people who are impatient that the app is shut down for 24 hours because they want to keep using it. This company just lost more than $60 million of its users' money, and the users are upset that there is a delay in them sending the company more of their money.

    What? You lost our $60 million?! Well, gosh, we'll give you more, but be more careful this time...

    1. Re:The users are amazing by war4peace · · Score: 3, Informative

      Well I "lost" 125 dollars there, but in reality I lost about 50 bucks which was how much the electricity bill for the miner will cost me.
      If this would have happened Saturday, my losses would have been zero.

      No biggie, only now I have to find another simple to use miner.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:The users are amazing by mobby_6kl · · Score: 2

      Lost like a quarter there. I tried mining on my aging desktop and despite running it for a day that's how much I "earned". Oh well, sucks for the others!

    3. Re:The users are amazing by CreamyG31337 · · Score: 2

      They lost their money, not the users. They can pay it back if they want to.
      People on reddit are mostly wanting nicehash back because their rigs are sitting idle and not earning anything.
      People that paid for hashing power are probably pissed, but I don't think you'll see too many people crying on reddit about that.

  11. Re:Let me be the first but not the last to say... by viperidaenz · · Score: 3, Insightful

    Treat bitcoin like cash?
    Put it in the bank and you'll still get it all back back (with interest!) if the bank gets robbed?

  12. In an age digital currency... by CRB9000 · · Score: 2

    In an age of digital currency, the digital vaults are pilfered by digital thieves. Anonymous entities stealing anonymous currency. Now we need digital dye packs and a means of chasing the digital Bonnies and Clydes down the dusty digital backroads. The problem for the courts: If the currency is really recognized and it can't be traced, was anything really stolen? The defense raises only a slim shadow of doubt by reminding each and every juror about the pictures they lost when they last upgraded their phones. Maybe the coin is just mislaid?

  13. Re: I had $10 mined there by Anonymous Coward · · Score: 5, Informative

    On NiceHash, you mine hashes that are in turn sold to others for the purpose of minting new coins (and/or more sophisticated/creative purposes). NiceHash automatically selects an in-demand and valuable hash type for your system to calculate so that you can send the results back to NiceHash for sale, and you get rewarded on a regular schedule for your recent calculations. NiceHash won't assign your GPU/CPU to calculate hashes for Bitcoin, because that wouldn't pay. It will assign you hash types associated with hot altcoins, similar to what you'll see at the top of the chart a on whattomine.

  14. Grabs bucket of popcorn by quonset · · Score: 3, Funny

    Sits back and laughs at the comedy show.

    1. Re:Grabs bucket of popcorn by Opportunist · · Score: 1

      Pass the popcorn, here's a soda.

      I like this movie. I mean, the script's pretty predictable but it's still oddly entertaining.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Grabs bucket of popcorn by indi0144 · · Score: 1

      Oh look it finally happened, what Ive been preaching and hoping for a decade, finally happened, look at mee I was right, the massive money transfer in the last decade is fake news and thats good because I missed it and now the massive regret I deeply carry will be lessened for a couple days.

      FTFY

      What show? a bunch of noobs that can't set up a single Json file (ergo needing a point and click miner) getting their lunch money taken by a hack? Do you see Bitcoin crashing? Nicehash is not a fart in the wind in the great scheme of things. Is not an exchange, nobody sends money to NH, they are just a pool of garden variety miners.

      Now theres actual heavy shit behind the scenes of Bitcoin, shit that have the potential to crash the whole bubble to $1 but you would not know about it since you are evidently clueless about the whole matter. I bet it hurts to try to actually be informed about it.

      Full disclaimer: I dont own a single bitcoin and Id love to see it crash too.

    3. Re:Grabs bucket of popcorn by jwhyche · · Score: 2

      You know, I keep hearing how bitcoin is supposed to be this secure system. But yet it seems a new exchange is hacked every week and a assload of bitcoins is stolen. So my question is "how can i trust a currency that can't even secure its own financial hubs?"

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    4. Re:Grabs bucket of popcorn by Gussington · · Score: 1

      You know, I keep hearing how bitcoin is supposed to be this secure system.

      From where? Bitcoin is like cash, if you leave it in someone else's care and they lose it you are screwed. This has always been the case.

      But yet it seems a new exchange is hacked every week and a assload of bitcoins is stolen

      Less Exchanges have been hacked than Banks have been robbed, but it goes with the territory. Exchanges are for exchanging, you should never leave your money there, this is pretty standard advice.

      So my question is "how can i trust a currency that can't even secure its own financial hubs?"

      You shouldn't trust any financial 'hub'. The whole finance industry is run by sharks regardless of the currency they use. Right now the Federal Reserve is printing money and devaluing the money in your pocket as we speak. Do you trust that?

    5. Re:Grabs bucket of popcorn by jwhyche · · Score: 2

      This has always been the case

      No it hasn't. Banks are backed by insurance and regulations. If a bank is hacked or robbed I don't lose any of my personal money. It will be covered by insurance. I also have other legal options open to me. You don't have that with bitcoin or exchanges. If a exchange collapses or hacked your money is gone, end of story.

      The whole finance industry is run by sharks regardless of the currency they use. Right now the Federal Reserve is printing money and devaluing the money in your pocket as we speak. Do you trust that?

      That would be problem if it was true. The Federal Reserve doesn't print money just to print money. In the US and other western countries the monetary supply is carefully controlled. Most new dollars being printed are being used to replace a old dollar taken out of circulation. They do print a little overage to make up for destroyed and horded bills but that is a not a major problem. For a example of what happens when the government prints money with out control look no farther than Zimbabwe.

      In fact the federal reserve as been ordering pretty much the same number of bills over the last 10 years. There are some spikes and dips depending on the year but it all seems to average out. Even when they order more bills it doesn't mean those bills go in the circulation. If you read the following article you will see there are no $2 bills ordered in 2017 or for 2018. That is because there are enough still in storage from the 2016 bill run to cover those years.

      https://www.federalreserve.gov...

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    6. Re:Grabs bucket of popcorn by Opportunist · · Score: 1

      You know what? Fewer N1-Rockets have exploded in their entire history than cars crash every HOUR in the US alone.

      I'd still prefer traveling by car...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:Grabs bucket of popcorn by Gussington · · Score: 1

      If a bank is hacked or robbed I don't lose any of my personal money.

      Because they're not stealing your cash. Once you make a deposit, it's the banks money and you only own a number in a computer.
      This 'protection' is of course was brought about specifically because for all time prior to it, if a bank did get robbed it was your money that went missing.

      In the US and other western countries the monetary supply is carefully controlled. Most new dollars being printed are being used to replace a old dollar taken out of circulation.

      Oh wow, you really believe that? Google 'Quantitative Easing' and get an education. This is precisely why decentralised currency is in the news every day now. A lot of people have had enough of govt and banks fucking with our money.

    8. Re:Grabs bucket of popcorn by jwhyche · · Score: 2

      Oh good grief. I believe it because its true. Please take the tin foil hat off and come out of the basement.

      An I looked that up. That is nothing more than another tool to control the economy and keep things from getting out of hand.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    9. Re:Grabs bucket of popcorn by crimson+tsunami · · Score: 1

      Printing physical notes has little relationship to the supply of money in the economy. The vast majority of money is numbers in a computer somewhere.

    10. Re:Grabs bucket of popcorn by Gussington · · Score: 1

      That is nothing more than another tool to control the economy

      Like the GFC. You'll excuse me and millions of others if we don't want to buy into that...

  15. Re:I had $10 mined there by AHuxley · · Score: 1

    AC re "You spent more than that on just the electricity to run the damn things."
    The price of electricity, the performance of a gpu, cpu for a given result can be estimated.
    So that value can be after the price of electricity is covered.

    --
    Domestic spying is now "Benign Information Gathering"
  16. Re: Let me be the first but not the last to say... by Anonymous Coward · · Score: 1

    Most people who use NiceHash never send any coin/money to NiceHash. You just run hash calculations and get paid regularly. So in effect, what's likely happened here is that a lot of people won't receive the payment associated with their computers' last few days work. It's fortunate in this case that most aren't hit hard, and people feel relatively okay about losing something that was never fully actualized/in-hand.

  17. Re:Let me be the first but not the last to say... by CreamyG31337 · · Score: 5, Informative

    When mining for them, you can let it collect earned BTC payments in a virtual wallet until you 'withdraw' it, paying a fixed transaction fee that is the lowest once you have 0.15 of BTC -- about $2000.
    Alternatively, you can let them pay a real external wallet directly, but you have to pay extra fees, will be paid less often, and some of the stats on their web page don't work as well. They talk about sending 1000 BTC or so every Friday which is probably to external wallets only.
    They also accept bitcoin payments to purchase hashing power. Hopefully, they have just lost a wallet for handling some types of transactions and they have a lot more BTC offline somewhere to cover their internal wallets they pretty much force you to use.

  18. One word: by Anonymous Coward · · Score: 1

    YOINK.

  19. Bitcoin is not for amateurs by Orgasmatron · · Score: 5, Insightful

    Back when bitcoin went over a dollar for the first time, I noticed that people were unusually willing to steal it. For your own personal safety, you should absolutely not draw attention to your possession of bitcoin. If you do, you will be targeted. Not just drivebys and portscans, but actual they-are-after-me targeted.

    If you are unable to create distance between your identity and your identity as a bitcoin holder, like if you are doing a public project involving bitcoin, you absolutely positively must not let your security be amateur shit.

    The first thing you must do is establish ironclad multilayer operational security. If you don't know what that is, or don't know what it means in a bitcoin project, stop - you are not tall enough for this ride. That is actually intended to be a bit less offensive than it sounds at first. It just means that you are too young (inexperienced) to have good odds.

    There is no reason to have 10 bitcoins in an online wallet, much less 4600. Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.

    Yes, people should be processing transactions of that size, not computers. Ideally, the never-online signing computer software would print out the candidate transaction in a format that puts the recipient addresses and amounts in the exact same location as the request sheet so that you can visually diff the two (hold them up to a strong light to make sure they are the same) before unlocking the key and passing it on to the next signing agent.

    Never-online? Yup, there should be no electronic communication between the computer that occasionally has the signing keys decrypted in memory and the rest of the world. There are Free (and free) options for generating barcodes and QR codes and hardware scanners that can read them as keyboard input or virtual character device input. Generate the payment online, print it as a QR code. Scan it on the signing computer. Verify the transaction (human job!) Scan the key, type the passphrase to decrypt it. The signing computer can then print the signed or partially signed transaction as another QR code that you can take back to the online computer for sending (or sending to the next signer).

    If your security plan is not at least this good, you should under no circumstances be handing bitcoin that doesn't wholly belong to you and that you aren't willing to lose.

    On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.

    --
    See that "Preview" button?
    1. Re:Bitcoin is not for amateurs by sheramil · · Score: 1

      Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.

      what's the point of digital currency if you have to render it as patterns of ink smeared over dead trees and then pay someone to take it somewhere?

    2. Re:Bitcoin is not for amateurs by indi0144 · · Score: 2

      BTC holders pray for (someones else) bitcoins to be stolen and lost forever. This is a pool, you cant just really have people on shift 24/7 pushing payments whenever a single miner reach the payment threshold.

      Your anal security protocol is worth exactly shit if some kid just stumbled upon the stacked wallet in the directory and just had to copy the private keys.

      You are aware that ALL PKs of ALL bitcoin wallets are already available online right? You just need some massive amount of luck to find one with a balance but they are out there, open for the world.

    3. Re:Bitcoin is not for amateurs by Orgasmatron · · Score: 1

      What nonsense are you talking about?

      A mining pool can make small payouts directly in the generation transaction. Large payouts can wait. I'm guessing that if you took a vote of the people who lost their funds, they would have preferred a 48-hour delay for large payments over losing everything.

      The keys are not "out there" in any meaningful sense. We can't even list them, much less check them or store them.

      Schneier:

      One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

              Given that k = 1.38e-16 erg/degree Kelvin, and that the ambient temperature of the universe is 3.2 degree Kelvin, an ideal computer running at 3.2 degree K would consume 4.4e-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

              Now, the annual energy output of our sun is about 1.21e41 ergs. This is enough to power about 2.7e56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

              But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

              These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

      --
      See that "Preview" button?
    4. Re:Bitcoin is not for amateurs by indi0144 · · Score: 1

      Yeah yeah, Im aware of the mind gobbling numbers. Im also aware that the chances are not 0.
      Maybe you are not aware of the Large Bitcoin Collider CHECKING trillions of PKs.
      Maybe you are not aware of the handfuls of people that have found stacked wallets out of randomness.

      All that nerd speak does not invalidate my point that the PKs are out there, no one needs to store them all to stumble upon a single one, you dont need to generate them all to sequentially crawl ranges like the LBC does.

      the 1543894523164215938980946466782505438037834190387665391768068841886908819925 pages of dinamically generated PK pairs in directory.io are what? I dont see how anyone needs 20 years of CS and cryptography PhDs to click "get lucky" and end on Satoshis wallet, as irrational as it is, do not underestimate luck.

      Also, thats not how Nicehash works.

    5. Re: Bitcoin is not for amateurs by silverdirk · · Score: 1

      He said it required a massive amount of luck, not effort. If you set your finite improbability generator to 1:2^256 you could crack them all open on your next lunch break.

      --
      Mark of the Coder fades from you. You perform Opening on World of Warcraft. Warcraft crits GPA for 4. GPA dies.
  20. Re:I had $10 mined there by Hognoxious · · Score: 1

    But he's going to buy a few more rigs. That way, he'll be able to make it up on volume.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  21. Deflation helps the pepole who WEREN'T robbed. by Ungrounded+Lightning · · Score: 1

    On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.

    The theft of bitcoin from the fools, even if it's eventually spent (no earlier than the owner would have spent it), doesn't negatively affect the other owners of bitcoin. They still have theirs. They might take notice of the thefts and try to keep their bitcoin in a more secure storage, but unless and until THEY're robbed, they still have their currency.

    If the stolen bitcoin is lost, the rest of the bitcoin just deflated. So its value went UP. The same is true, to a lesser extent, if the thieves hold onto it for a while while it "cools off" (longer than the owner would have held it) before they spend it.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  22. Re: BitCoin is Garbage by indi0144 · · Score: 1

    Why you answer anonymous trolls whose knowledge of bitcoins obviously dates back to 2010. And is it confirmed that is a breach not just a simple directory find?

    What I love is that someones are full bent on FUDing crypto on slashdot, and the voluntary ignorance on the matter makes every single crypto article on /. a parade of cluelessness and regret.

    Interesting times when you get deeper tech discussions with 12yos on 4chan than with veterans on slashdot.

  23. Re:I had $10 mined there by indi0144 · · Score: 1

    And you have spend more than $10 on electricity and mountain dew cluelessly FUDing crypto on this article. Your point?

  24. Re:Let me be the first but not the last to say... by Gussington · · Score: 1

    Treat bitcoin like cash? Put it in the bank and you'll still get it all back back (with interest!) if the bank gets robbed?

    You put cash in a bank? Where are you, 1985?

  25. Stolen property by TFAFalcon · · Score: 1

    Does anyone know if laws about dealing with stolen property have ever been applied to bitcoin? Since the stolen coins are now in a single, known wallet wouldn't anyone that is ever paid using those coins be guilty of knowingly receiving stolen property?

  26. Re:Let me be the first but not the last to say... by sexconker · · Score: 1

    You don't put cash in a bank. You give cash to a bank and they issue you an increment on your account balance.
    If you put cash in a safety deposit box like in the movies to hide it for when you need to bug out / go on an international crime spree, you're a fucking retard.