NiceHash Hacked? Company Moves 56 Million in BTC During Outage
This morning, NiceHash — a company that rents its users’ hardware out to people speculating on altcoin mining — announced a service outage on its social media accounts. Shortly after, users took the firm to task over their online balances being drained.
A Devastating Hack?
As the alleged outage takes place, addresses previously linked to NiceHash have been identified as cashing out 4700 BTC. At press time, the service is still down and NiceHash has yet to release a statement addressing hacking allegations.
The company’s “maintenance” follows site downtime and revisions to the service’s API on the 2nd and 4th of December, leading some to think that the update may have opened security holes that allowed an attacker to steal the company’s hot bitcoin balance.
While details on the situation are scarce, the address the balance was sent to has been identified, with a grand total of 4736.42 BTC deposited to it at 7 A.M. — just moments before the NiceHash shutdown announcement.
The only acknowledgment of the issue has been the company’s initial post and a splash page on the company’s website exclaiming that they’re doing maintenance:
Speculation Mounts as NiceHash Stays Mum
While users are panicking over the uncertainty, it is still possible that NiceHash simply moved their funds to a cold wallet while they figure things out on their end.
Still, the lack of response from the company is causing serious unrest in their user base:
Why is my nicehash wallet zero? I checked the transactions on a 3rd party website and my balance was zeroed out.
— Bonus Legit (@LegitBonus) December 6, 2017
Ok so this was sent out 3+ Hours ago. Do we have an update on when it will be back up. Scheduled maintenance is one thing, but being down for 6+ hours is another thing all together. It'd be nice to have a bit more communication with your users. Give us a high level of whats up
— Shrekopher (@Shrekopher) December 6, 2017
Even assuming the company has everything under control and no funds have been lost, this situation teaches a lesson as old as Bitcoin — trusting people with your coins and private keys is never a good idea.
A petition for lower withdrawal thresholds from the NiceHash install base once this situation resolves wouldn’t be surprising, and legal actions would certainly ensue if fears of hacking are proven true.
UPDATE: NiceHash Confirms Breach
In a new press release just released to the community, NiceHash is now acknowledging a security breach has in fact taken place.
Our worst fears have been confirmed:
“Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours.
Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.
Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.
We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity.”
Beyond recommending changing passwords, NiceHash has no other answers for its users right now. It’s an absolutely devastating blow that will make today the worst day of the affected hodlers lives thus far.
Bitsonline will continue to cover this situation as more information becomes available. Please reach out below if you’ve been affected in this hack.
Images courtesy NiceHash, Twitter