Bitcoin exchange NiceHash hacked, $68 million stolen

Users are watching the attacker's wallet address like hawks, waiting for any movement of their stolen coins.
Written by Charlie Osborne, Contributing Writer

Bitcoin mining platform and exchange NiceHash has been hacked, leaving investors short of close to $68 million in BTC.


As the price of Bitcoin continues to rocket, surging past the $14,500 mark at the time of writing, cyberattackers have once again begun hunting for a fresh target to cash in on in this lucrative industry.

Banks and financial institutions have long cautioned that the volatility of Bitcoin and other cryptocurrency makes it a risky investment, but for successful attackers, the industry potentially provides a quick method to get rich -- much to the frustration of investors.

Unfortunately, it seems that one such criminal has gone down this path, compromising NiceHash servers and clearing the company out.

In a press release posted on Reddit, on Wednesday, NiceHash said that all operations will stop for the next 24 hours after their "payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen."

NiceHash said it was working to "verify" the precise amount of BTC stolen, but according to a wallet which allegedly belongs to the attacker -- traceable through the blockchain -- 4,736.42 BTC was stolen, which at current pricing equates to $67,867,781.

"Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days," NiceHash says. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency."

"We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity," the trading platform added.

The company has also asked users to change their online passwords as a precaution. NiceHash says the "full scope" of the incident is unknown.

"We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible," the company added.

Inconvenience is an understatement -- especially as so much was left in a single wallet -- but the moment those coins shift, we may know more about the fate of the stolen investor funds.

Speaking to ZDNet, Tyler Moffitt, Senior Threat Research Analyst at Webroot commented:

"This hack is a lesson for the community to ensure that when mining for a pool, to always have payouts trigger at the smallest amount. Even though there are fees associated with using the minimum payout, having the amount sitting in the mining pools wallet is risky.

It doesn't take much for mining pool operators to keep these types of wallets secure. If you don't, this is what can happen. It will be a huge uphill battle for NiceHash to overcome this breach as it's very damaging to its brand."

See also: Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets

In related news this week, Steam has stopped accepting Bitcoin as payments on the game distribution platform. The company said the volatility of the coin, together with a rise in transaction fees which can now reach up to $20 per transaction, has made the payment option "untenable" for now.

ZDNet has contacted NiceHash and will update if we hear back.

Best gifts: Top tech for co-workers

Previous and related coverage

    Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets

    Popular malware updates have highlighted a growing trend in targeting Bitcoin stashes.

    JPMorgan calls Bitcoin 'fraud' only for use by criminals and North Koreans

    JPMorgan boss Jamie Dimon has not minced his words when it comes to the cryptocurrency.

    Vietnam bans payments in Bitcoin and other cryptocurrencies

    Those who continue accepting payments in cryptocurrency face heavy fines.

      Editorial standards