Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Bitcoin Crime Media Privacy Social Networks

NiceHash Hacked, $62 Million of Bitcoin May Be Stolen (reddit.com) 79

New submitter Chir breaks the news to us that the NiceHash crypto-mining marketplace has been hacked. The crypto mining pool broke the news on Reddit, where users suggest that as many as 4,736.42 BTC -- an amount worth more than $62 million at current prices -- has been stolen. The NiceHash team is urging users to change their online passwords as a result of the breach and theft.
This discussion has been archived. No new comments can be posted.

NiceHash Hacked, $62 Million of Bitcoin May Be Stolen

Comments Filter:
  • by Anonymous Coward

    Hacked by its employees more like
    1) setup trading site
    2) wait until the pot is full
    3) announce hacked
    4) keep the loot

    • Yup. Guaranteed inside job.

    • 1) not a trading site, a pool.
      2) Pot is never full, everyone cash out as soon as they can
      3) Proff of hacking?
      4) You cant just keep bitcoin you claim was stolen, the balance and transactions are open for the world to see.

  • by sgage ( 109086 ) on Wednesday December 06, 2017 @05:55PM (#55691425)

    "The NiceHash team is urging users to change their online passwords as a result of the breach and theft." ... quick! Close the barn door.

    Sheesh.

  • Seems like the bitcoin value is unfazed despite this hack. Trending at near $14000 now.

    • by SlaveToTheGrind ( 546262 ) on Wednesday December 06, 2017 @06:09PM (#55691487)

      I think it's beyond question that the irrationality has reached a fever pitch.

      • by rtb61 ( 674572 )

        Not by accident. It is happening on purpose big money keeps buying on low trading volumes, the real trick now is keeping up values whilst they dump bitcoins. The attack on bitcoin exchanges are getting far more organised, now beyond simply organised crime, now major security contracts and even governments are jumping in to take down, pretty much legally unprotected bitcoin exchanges. If you steal real currency from those exchanges a real crime, for hacking their computer systems a real time, for stealing bi

        • It is happening on purpose big money keeps buying on low trading volumes, the real trick now is keeping up values whilst they dump bitcoins.

          Yeah, I wasn't aware of the low volumes -- that makes perfect sense. Just another confirmation that the downslope is in sight.

      • Interesting signs:

        1. A bunch of friends who have no interest in bitcoin were debating the energy costs last night.
        2. It's mainstream new this morning that it has spiked another $2000 dollars.
        3. Browser adverts this morning are "make $1,241 in a single day trading bitcoin!".

        So, yeah we are approaching fever pitch. Looking back at the price graph over the past year shows a dramatic acceleration in growth bursts: 2-3 months, 1.5 months, now about a single month. Higher speed of growth each time. I reckon it wi

  • What's the easiest way to make money off a bunch of people who are trusting you with their valuables? The only thing missing here is the insurance claim after the "theft"...
  • The first rule of Bitcoin is: never trust anyone anywhere ever

    The second rule of Bitcoin is: keep telling yourself you're not the mark

  • by imidan ( 559239 ) on Wednesday December 06, 2017 @06:09PM (#55691483)

    What's truly bizarre to me, after looking at the Reddit thread, is all the people who are impatient that the app is shut down for 24 hours because they want to keep using it. This company just lost more than $60 million of its users' money, and the users are upset that there is a delay in them sending the company more of their money.

    What? You lost our $60 million?! Well, gosh, we'll give you more, but be more careful this time...

    • by war4peace ( 1628283 ) on Wednesday December 06, 2017 @06:33PM (#55691597)

      Well I "lost" 125 dollars there, but in reality I lost about 50 bucks which was how much the electricity bill for the miner will cost me.
      If this would have happened Saturday, my losses would have been zero.

      No biggie, only now I have to find another simple to use miner.

      • Lost like a quarter there. I tried mining on my aging desktop and despite running it for a day that's how much I "earned". Oh well, sucks for the others!

    • They lost their money, not the users. They can pay it back if they want to.
      People on reddit are mostly wanting nicehash back because their rigs are sitting idle and not earning anything.
      People that paid for hashing power are probably pissed, but I don't think you'll see too many people crying on reddit about that.

  • In an age of digital currency, the digital vaults are pilfered by digital thieves. Anonymous entities stealing anonymous currency. Now we need digital dye packs and a means of chasing the digital Bonnies and Clydes down the dusty digital backroads. The problem for the courts: If the currency is really recognized and it can't be traced, was anything really stolen? The defense raises only a slim shadow of doubt by reminding each and every juror about the pictures they lost when they last upgraded their phones
  • by quonset ( 4839537 ) on Wednesday December 06, 2017 @06:37PM (#55691619)

    Sits back and laughs at the comedy show.

    • Pass the popcorn, here's a soda.

      I like this movie. I mean, the script's pretty predictable but it's still oddly entertaining.

      • by jwhyche ( 6192 )

        You know, I keep hearing how bitcoin is supposed to be this secure system. But yet it seems a new exchange is hacked every week and a assload of bitcoins is stolen. So my question is "how can i trust a currency that can't even secure its own financial hubs?"

        • You know, I keep hearing how bitcoin is supposed to be this secure system.

          From where? Bitcoin is like cash, if you leave it in someone else's care and they lose it you are screwed. This has always been the case.

          But yet it seems a new exchange is hacked every week and a assload of bitcoins is stolen

          Less Exchanges have been hacked than Banks have been robbed, but it goes with the territory. Exchanges are for exchanging, you should never leave your money there, this is pretty standard advice.

          So my question is "how can i trust a currency that can't even secure its own financial hubs?"

          You shouldn't trust any financial 'hub'. The whole finance industry is run by sharks regardless of the currency they use. Right now the Federal Reserve is printing money and devalu

          • by jwhyche ( 6192 )

            This has always been the case

            No it hasn't. Banks are backed by insurance and regulations. If a bank is hacked or robbed I don't lose any of my personal money. It will be covered by insurance. I also have other legal options open to me. You don't have that with bitcoin or exchanges. If a exchange collapses or hacked your money is gone, end of story.

            The whole finance industry is run by sharks regardless of the currency they use. Right now the Federal Reserve is printing money and devaluing the money in your pocket as we speak. Do you trust that?

            That would be problem if it was true. The Federal Reserve doesn't print money just to print money. In the US and other western countries the monetary supply is carefully controlle

            • If a bank is hacked or robbed I don't lose any of my personal money.

              Because they're not stealing your cash. Once you make a deposit, it's the banks money and you only own a number in a computer.
              This 'protection' is of course was brought about specifically because for all time prior to it, if a bank did get robbed it was your money that went missing.

              In the US and other western countries the monetary supply is carefully controlled. Most new dollars being printed are being used to replace a old dollar taken out of circulation.

              Oh wow, you really believe that? Google 'Quantitative Easing' and get an education. This is precisely why decentralised currency is in the news every day now. A lot of people have had enough of govt and banks fucking with our m

              • by jwhyche ( 6192 )

                Oh good grief. I believe it because its true. Please take the tin foil hat off and come out of the basement.

                An I looked that up. That is nothing more than another tool to control the economy and keep things from getting out of hand.

                • That is nothing more than another tool to control the economy

                  Like the GFC. You'll excuse me and millions of others if we don't want to buy into that...

            • Printing physical notes has little relationship to the supply of money in the economy. The vast majority of money is numbers in a computer somewhere.
          • You know what? Fewer N1-Rockets have exploded in their entire history than cars crash every HOUR in the US alone.

            I'd still prefer traveling by car...

    • Oh look it finally happened, what Ive been preaching and hoping for a decade, finally happened, look at mee I was right, the massive money transfer in the last decade is fake news and thats good because I missed it and now the massive regret I deeply carry will be lessened for a couple days.

      FTFY

      What show? a bunch of noobs that can't set up a single Json file (ergo needing a point and click miner) getting their lunch money taken by a hack? Do you see Bitcoin crashing? Nicehash is not a fart in the wind in the great scheme of things. Is not an exchange, nobody sends money to NH, they are just a pool of garden variety miners.

      Now theres actual heavy shit behind the scenes of Bitcoin, shit that have the potential to crash the whole bubble to $1 but you would not know about it since you are evident

  • by Orgasmatron ( 8103 ) on Wednesday December 06, 2017 @07:20PM (#55691807)

    Back when bitcoin went over a dollar for the first time, I noticed that people were unusually willing to steal it. For your own personal safety, you should absolutely not draw attention to your possession of bitcoin. If you do, you will be targeted. Not just drivebys and portscans, but actual they-are-after-me targeted.

    If you are unable to create distance between your identity and your identity as a bitcoin holder, like if you are doing a public project involving bitcoin, you absolutely positively must not let your security be amateur shit.

    The first thing you must do is establish ironclad multilayer operational security. If you don't know what that is, or don't know what it means in a bitcoin project, stop - you are not tall enough for this ride. That is actually intended to be a bit less offensive than it sounds at first. It just means that you are too young (inexperienced) to have good odds.

    There is no reason to have 10 bitcoins in an online wallet, much less 4600. Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.

    Yes, people should be processing transactions of that size, not computers. Ideally, the never-online signing computer software would print out the candidate transaction in a format that puts the recipient addresses and amounts in the exact same location as the request sheet so that you can visually diff the two (hold them up to a strong light to make sure they are the same) before unlocking the key and passing it on to the next signing agent.

    Never-online? Yup, there should be no electronic communication between the computer that occasionally has the signing keys decrypted in memory and the rest of the world. There are Free (and free) options for generating barcodes and QR codes and hardware scanners that can read them as keyboard input or virtual character device input. Generate the payment online, print it as a QR code. Scan it on the signing computer. Verify the transaction (human job!) Scan the key, type the passphrase to decrypt it. The signing computer can then print the signed or partially signed transaction as another QR code that you can take back to the online computer for sending (or sending to the next signer).

    If your security plan is not at least this good, you should under no circumstances be handing bitcoin that doesn't wholly belong to you and that you aren't willing to lose.

    On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.

    • On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.

      The theft of bitcoin from the fools, even if it's eventually spent (no earlier than the owner would have spent it), doesn't negatively affect the other owners of bitcoin. They still have theirs. They might take notice of the thefts and try to keep their bitcoin in a more secure storage, but unless

    • Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.

      what's the point of digital currency if you have to render it as patterns of ink smeared over dead trees and then pay someone to take it somewhere?

    • BTC holders pray for (someones else) bitcoins to be stolen and lost forever. This is a pool, you cant just really have people on shift 24/7 pushing payments whenever a single miner reach the payment threshold.

      Your anal security protocol is worth exactly shit if some kid just stumbled upon the stacked wallet in the directory and just had to copy the private keys.

      You are aware that ALL PKs of ALL bitcoin wallets are already available online right? You just need some massive amount of luck to find one with a b

      • What nonsense are you talking about?

        A mining pool can make small payouts directly in the generation transaction. Large payouts can wait. I'm guessing that if you took a vote of the people who lost their funds, they would have preferred a 48-hour delay for large payments over losing everything.

        The keys are not "out there" in any meaningful sense. We can't even list them, much less check them or store them.

        Schneier [schneier.com]:

        One of the consequences of the second law of thermodynamics is that a certain amount of

        • Yeah yeah, Im aware of the mind gobbling numbers. Im also aware that the chances are not 0.
          Maybe you are not aware of the Large Bitcoin Collider CHECKING trillions of PKs.
          Maybe you are not aware of the handfuls of people that have found stacked wallets out of randomness.

          All that nerd speak does not invalidate my point that the PKs are out there, no one needs to store them all to stumble upon a single one, you dont need to generate them all to sequentially crawl ranges like the LBC does.

          the 15438945231642159

        • He said it required a massive amount of luck, not effort. If you set your finite improbability generator to 1:2^256 you could crack them all open on your next lunch break.

  • Does anyone know if laws about dealing with stolen property have ever been applied to bitcoin? Since the stolen coins are now in a single, known wallet wouldn't anyone that is ever paid using those coins be guilty of knowingly receiving stolen property?

Power corrupts. And atomic power corrupts atomically.

Working...