NiceHash is a popular cryptocurrency-mining marketplace. Or at least it was. Now, the company’s future has been thrown into turmoil after experiencing a devastating hack that has many in the crypto community reeling.
So how could this happen? What comes next?
And, perhaps most importantly, are the attackers going to be able to get away with their nefariously-gained trove with no consequences?
We’ll debrief you on the major details.
Breach occurs on Wednesday, Dec. 9th
Early in the morning on December 9th, users tried to visit the NiceHash marketplace only to find that the site was down from an apparent outage.
Sites crash from time to time, so no one in the community raised the alarm just yet. And people were further unconcerned thanks to the initial perception that the outage was related to NiceHash’s API maintenance efforts a few days prior.
Anxiety skyrocketed, however, after it was discovered that ~4700 bitcoins were being withdrawn from BTC addresses directly controlled by NiceHash while the marketplace was still down.
Yet while users began to freak out, NiceHash remained initially silent.
Speculation begins to mount as rage swirls
The in the absence of official confirmation as to what was occurring, some hoped for the best, but many suspected in their heart of hearts that a breach was ongoing.
One narrative that gained traction in the early hours of the episode was that NiceHash might have just been moving company funds into a secure cold wallet while they resolved the outage.
Other, less-trusting users speculated that NiceHash’s Chief Technical Officer Matjaz Skorjanc could be behind the attack. Skorjanc was jailed seven years ago after unleashing a devastating botnet upon 12 million computers.
In that light, would’ve presumably had the requisite skill to pull off this current attack. But to be clear: neither Skorjanc nor anyone else has been directly tied to this attack yet while investigations into the incident are still premature.
NiceHash confirms attack
The moment affected users had been dreading finally arrived. In the early evening hours of that same day, NiceHash released an official statement declaring that an attack had in fact occurred:
“Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours […] Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.”
At press time, the estimated number of stolen bitcoins is upwards of 4,655.25.
Presently, these bitcoins are worth around ~$68 million USD, making this NiceHash breach the fourth most severe bitcoin hack in the cryptocurrency ecosystem’s early lifespan.
Attackers could have trouble with stolen coins, though
Short of reimbursing affected users out-of-pocket, the mining firm doesn’t have any clear prospects for returning the compromised coins.
There may be a small silver lining in the whole catastrophic episode, though, as it’s possibe these stolen bitcoins will be blacklisted by the community, making them potentially worthless going forward.
Per a new MONEY report, NiceHash has reported the apparent hacker’s BTC address to the industry’s cryptocurrency exchanges so that the funds might be blocked from being cashed out going forward.
In this sense, the attacker might have to get creative to enjoy their “spoils.”
Featured Image via Fotolia