NiceHash Hacked, $62 Million of Bitcoin May Be Stolen (reddit.com) 79
New submitter Chir breaks the news to us that the NiceHash crypto-mining marketplace has been hacked. The crypto mining pool broke the news on Reddit, where users suggest that as many as 4,736.42 BTC -- an amount worth more than $62 million at current prices -- has been stolen. The NiceHash team is urging users to change their online passwords as a result of the breach and theft.
Re: Let me be the first but not the last to say... (Score:1)
FDIC says what?
Re: Let me be the first but not the last to say.. (Score:1)
NiceHash you got here. Be shame if anything happened to it. /got nuthin'
Re: (Score:2, Insightful)
Learn what? Not to trust others with your Bitcoin? That's been the #1 rule since day 1. Treat Bitcoin like cash.
Putting any appreciable amount in an online wallet or exchange is just asking for it to be taken.
Re:Let me be the first but not the last to say... (Score:4, Insightful)
Treat bitcoin like cash?
Put it in the bank and you'll still get it all back back (with interest!) if the bank gets robbed?
Re: (Score:2)
Treat bitcoin like cash? Put it in the bank and you'll still get it all back back (with interest!) if the bank gets robbed?
You put cash in a bank? Where are you, 1985?
Re: (Score:2)
You don't put cash in a bank. You give cash to a bank and they issue you an increment on your account balance.
If you put cash in a safety deposit box like in the movies to hide it for when you need to bug out / go on an international crime spree, you're a fucking retard.
Re:Let me be the first but not the last to say... (Score:5, Informative)
When mining for them, you can let it collect earned BTC payments in a virtual wallet until you 'withdraw' it, paying a fixed transaction fee that is the lowest once you have 0.15 of BTC -- about $2000.
Alternatively, you can let them pay a real external wallet directly, but you have to pay extra fees, will be paid less often, and some of the stats on their web page don't work as well. They talk about sending 1000 BTC or so every Friday which is probably to external wallets only.
They also accept bitcoin payments to purchase hashing power. Hopefully, they have just lost a wallet for handling some types of transactions and they have a lot more BTC offline somewhere to cover their internal wallets they pretty much force you to use.
Re: Let me be the first but not the last to say... (Score:1)
Most people who use NiceHash never send any coin/money to NiceHash. You just run hash calculations and get paid regularly. So in effect, what's likely happened here is that a lot of people won't receive the payment associated with their computers' last few days work. It's fortunate in this case that most aren't hit hard, and people feel relatively okay about losing something that was never fully actualized/in-hand.
One word: (Score:1)
YOINK.
Re: (Score:2)
Why you answer anonymous trolls whose knowledge of bitcoins obviously dates back to 2010. And is it confirmed that is a breach not just a simple directory find?
What I love is that someones are full bent on FUDing crypto on slashdot, and the voluntary ignorance on the matter makes every single crypto article on /. a parade of cluelessness and regret.
Interesting times when you get deeper tech discussions with 12yos on 4chan than with veterans on slashdot.
Inside job (Score:1)
Hacked by its employees more like
1) setup trading site
2) wait until the pot is full
3) announce hacked
4) keep the loot
Re: (Score:2)
Yup. Guaranteed inside job.
Re: (Score:3)
1) not a trading site, a pool.
2) Pot is never full, everyone cash out as soon as they can
3) Proff of hacking?
4) You cant just keep bitcoin you claim was stolen, the balance and transactions are open for the world to see.
The horse has run off... (Score:3)
"The NiceHash team is urging users to change their online passwords as a result of the breach and theft." ... quick! Close the barn door.
Sheesh.
Re: I had $10 mined there (Score:5, Informative)
On NiceHash, you mine hashes that are in turn sold to others for the purpose of minting new coins (and/or more sophisticated/creative purposes). NiceHash automatically selects an in-demand and valuable hash type for your system to calculate so that you can send the results back to NiceHash for sale, and you get rewarded on a regular schedule for your recent calculations. NiceHash won't assign your GPU/CPU to calculate hashes for Bitcoin, because that wouldn't pay. It will assign you hash types associated with hot altcoins, similar to what you'll see at the top of the chart a on whattomine.
Re: (Score:2)
The price of electricity, the performance of a gpu, cpu for a given result can be estimated.
So that value can be after the price of electricity is covered.
Re: (Score:2)
And you have spend more than $10 on electricity and mountain dew cluelessly FUDing crypto on this article. Your point?
Re: (Score:2)
Probably spent $10.29 in electricity doing it, too.
Re: (Score:2)
But he's going to buy a few more rigs. That way, he'll be able to make it up on volume.
Apparently that's insignificant now (Score:2)
Seems like the bitcoin value is unfazed despite this hack. Trending at near $14000 now.
Re:Apparently that's insignificant now (Score:5, Insightful)
I think it's beyond question that the irrationality has reached a fever pitch.
Re: (Score:2)
Not by accident. It is happening on purpose big money keeps buying on low trading volumes, the real trick now is keeping up values whilst they dump bitcoins. The attack on bitcoin exchanges are getting far more organised, now beyond simply organised crime, now major security contracts and even governments are jumping in to take down, pretty much legally unprotected bitcoin exchanges. If you steal real currency from those exchanges a real crime, for hacking their computer systems a real time, for stealing bi
Re: (Score:2)
It is happening on purpose big money keeps buying on low trading volumes, the real trick now is keeping up values whilst they dump bitcoins.
Yeah, I wasn't aware of the low volumes -- that makes perfect sense. Just another confirmation that the downslope is in sight.
Re: (Score:2)
Interesting signs:
1. A bunch of friends who have no interest in bitcoin were debating the energy costs last night.
2. It's mainstream new this morning that it has spiked another $2000 dollars.
3. Browser adverts this morning are "make $1,241 in a single day trading bitcoin!".
So, yeah we are approaching fever pitch. Looking back at the price graph over the past year shows a dramatic acceleration in growth bursts: 2-3 months, 1.5 months, now about a single month. Higher speed of growth each time. I reckon it wi
"Theft". Heh. (Score:2)
Serious Business (Score:2)
The first rule of Bitcoin is: never trust anyone anywhere ever
The second rule of Bitcoin is: keep telling yourself you're not the mark
Re: (Score:2)
If you're in a mining pool, don't you have to trust the pool?
If you're not, isn't it pretty much impossible to mine anything?
Re: (Score:2)
Never leave your Bitcoins in an exchange.
The users are amazing (Score:5, Insightful)
What's truly bizarre to me, after looking at the Reddit thread, is all the people who are impatient that the app is shut down for 24 hours because they want to keep using it. This company just lost more than $60 million of its users' money, and the users are upset that there is a delay in them sending the company more of their money.
What? You lost our $60 million?! Well, gosh, we'll give you more, but be more careful this time...
Re:The users are amazing (Score:4, Informative)
Well I "lost" 125 dollars there, but in reality I lost about 50 bucks which was how much the electricity bill for the miner will cost me.
If this would have happened Saturday, my losses would have been zero.
No biggie, only now I have to find another simple to use miner.
Re: (Score:3)
Lost like a quarter there. I tried mining on my aging desktop and despite running it for a day that's how much I "earned". Oh well, sucks for the others!
Re: (Score:3)
They lost their money, not the users. They can pay it back if they want to.
People on reddit are mostly wanting nicehash back because their rigs are sitting idle and not earning anything.
People that paid for hashing power are probably pissed, but I don't think you'll see too many people crying on reddit about that.
In an age digital currency... (Score:2)
Grabs bucket of popcorn (Score:4, Funny)
Sits back and laughs at the comedy show.
Re: (Score:2)
Pass the popcorn, here's a soda.
I like this movie. I mean, the script's pretty predictable but it's still oddly entertaining.
Re: (Score:3)
You know, I keep hearing how bitcoin is supposed to be this secure system. But yet it seems a new exchange is hacked every week and a assload of bitcoins is stolen. So my question is "how can i trust a currency that can't even secure its own financial hubs?"
Re: (Score:2)
You know, I keep hearing how bitcoin is supposed to be this secure system.
From where? Bitcoin is like cash, if you leave it in someone else's care and they lose it you are screwed. This has always been the case.
But yet it seems a new exchange is hacked every week and a assload of bitcoins is stolen
Less Exchanges have been hacked than Banks have been robbed, but it goes with the territory. Exchanges are for exchanging, you should never leave your money there, this is pretty standard advice.
So my question is "how can i trust a currency that can't even secure its own financial hubs?"
You shouldn't trust any financial 'hub'. The whole finance industry is run by sharks regardless of the currency they use. Right now the Federal Reserve is printing money and devalu
Re: (Score:3)
This has always been the case
No it hasn't. Banks are backed by insurance and regulations. If a bank is hacked or robbed I don't lose any of my personal money. It will be covered by insurance. I also have other legal options open to me. You don't have that with bitcoin or exchanges. If a exchange collapses or hacked your money is gone, end of story.
The whole finance industry is run by sharks regardless of the currency they use. Right now the Federal Reserve is printing money and devaluing the money in your pocket as we speak. Do you trust that?
That would be problem if it was true. The Federal Reserve doesn't print money just to print money. In the US and other western countries the monetary supply is carefully controlle
Re: (Score:2)
If a bank is hacked or robbed I don't lose any of my personal money.
Because they're not stealing your cash. Once you make a deposit, it's the banks money and you only own a number in a computer.
This 'protection' is of course was brought about specifically because for all time prior to it, if a bank did get robbed it was your money that went missing.
In the US and other western countries the monetary supply is carefully controlled. Most new dollars being printed are being used to replace a old dollar taken out of circulation.
Oh wow, you really believe that? Google 'Quantitative Easing' and get an education. This is precisely why decentralised currency is in the news every day now. A lot of people have had enough of govt and banks fucking with our m
Re: (Score:3)
Oh good grief. I believe it because its true. Please take the tin foil hat off and come out of the basement.
An I looked that up. That is nothing more than another tool to control the economy and keep things from getting out of hand.
Re: (Score:2)
That is nothing more than another tool to control the economy
Like the GFC. You'll excuse me and millions of others if we don't want to buy into that...
Re: (Score:2)
Re: (Score:2)
You know what? Fewer N1-Rockets have exploded in their entire history than cars crash every HOUR in the US alone.
I'd still prefer traveling by car...
Re: (Score:2)
Oh look it finally happened, what Ive been preaching and hoping for a decade, finally happened, look at mee I was right, the massive money transfer in the last decade is fake news and thats good because I missed it and now the massive regret I deeply carry will be lessened for a couple days.
FTFY
What show? a bunch of noobs that can't set up a single Json file (ergo needing a point and click miner) getting their lunch money taken by a hack? Do you see Bitcoin crashing? Nicehash is not a fart in the wind in the great scheme of things. Is not an exchange, nobody sends money to NH, they are just a pool of garden variety miners.
Now theres actual heavy shit behind the scenes of Bitcoin, shit that have the potential to crash the whole bubble to $1 but you would not know about it since you are evident
Bitcoin is not for amateurs (Score:5, Insightful)
Back when bitcoin went over a dollar for the first time, I noticed that people were unusually willing to steal it. For your own personal safety, you should absolutely not draw attention to your possession of bitcoin. If you do, you will be targeted. Not just drivebys and portscans, but actual they-are-after-me targeted.
If you are unable to create distance between your identity and your identity as a bitcoin holder, like if you are doing a public project involving bitcoin, you absolutely positively must not let your security be amateur shit.
The first thing you must do is establish ironclad multilayer operational security. If you don't know what that is, or don't know what it means in a bitcoin project, stop - you are not tall enough for this ride. That is actually intended to be a bit less offensive than it sounds at first. It just means that you are too young (inexperienced) to have good odds.
There is no reason to have 10 bitcoins in an online wallet, much less 4600. Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.
Yes, people should be processing transactions of that size, not computers. Ideally, the never-online signing computer software would print out the candidate transaction in a format that puts the recipient addresses and amounts in the exact same location as the request sheet so that you can visually diff the two (hold them up to a strong light to make sure they are the same) before unlocking the key and passing it on to the next signing agent.
Never-online? Yup, there should be no electronic communication between the computer that occasionally has the signing keys decrypted in memory and the rest of the world. There are Free (and free) options for generating barcodes and QR codes and hardware scanners that can read them as keyboard input or virtual character device input. Generate the payment online, print it as a QR code. Scan it on the signing computer. Verify the transaction (human job!) Scan the key, type the passphrase to decrypt it. The signing computer can then print the signed or partially signed transaction as another QR code that you can take back to the online computer for sending (or sending to the next signer).
If your security plan is not at least this good, you should under no circumstances be handing bitcoin that doesn't wholly belong to you and that you aren't willing to lose.
On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.
Deflation helps the pepole who WEREN'T robbed. (Score:2)
On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.
The theft of bitcoin from the fools, even if it's eventually spent (no earlier than the owner would have spent it), doesn't negatively affect the other owners of bitcoin. They still have theirs. They might take notice of the thefts and try to keep their bitcoin in a more secure storage, but unless
Re: (Score:2)
Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.
what's the point of digital currency if you have to render it as patterns of ink smeared over dead trees and then pay someone to take it somewhere?
Re: (Score:3)
BTC holders pray for (someones else) bitcoins to be stolen and lost forever. This is a pool, you cant just really have people on shift 24/7 pushing payments whenever a single miner reach the payment threshold.
Your anal security protocol is worth exactly shit if some kid just stumbled upon the stacked wallet in the directory and just had to copy the private keys.
You are aware that ALL PKs of ALL bitcoin wallets are already available online right? You just need some massive amount of luck to find one with a b
Re: (Score:2)
What nonsense are you talking about?
A mining pool can make small payouts directly in the generation transaction. Large payouts can wait. I'm guessing that if you took a vote of the people who lost their funds, they would have preferred a 48-hour delay for large payments over losing everything.
The keys are not "out there" in any meaningful sense. We can't even list them, much less check them or store them.
Schneier [schneier.com]:
Re: (Score:2)
Yeah yeah, Im aware of the mind gobbling numbers. Im also aware that the chances are not 0.
Maybe you are not aware of the Large Bitcoin Collider CHECKING trillions of PKs.
Maybe you are not aware of the handfuls of people that have found stacked wallets out of randomness.
All that nerd speak does not invalidate my point that the PKs are out there, no one needs to store them all to stumble upon a single one, you dont need to generate them all to sequentially crawl ranges like the LBC does.
the 15438945231642159
Re: Bitcoin is not for amateurs (Score:1)
He said it required a massive amount of luck, not effort. If you set your finite improbability generator to 1:2^256 you could crack them all open on your next lunch break.
Stolen property (Score:2)
Does anyone know if laws about dealing with stolen property have ever been applied to bitcoin? Since the stolen coins are now in a single, known wallet wouldn't anyone that is ever paid using those coins be guilty of knowingly receiving stolen property?