Bitcoin, and by extension most cyptocurrencies, thrive in a marketplace where anonymity is key. Transactions between wallets are difficult to trace back, and even more challenging (read: impossible) to reverse in the case of theft. Which is why yesterday’s big hack of Nicehash – a mining pool that made it as easy as pie to set up your PC to mine Bitcoin – is frightening. Not only because of the amount taken, but because of how little can be done.
Things were sketchy early yesterday morning. Most Nicehash miners might have noticed that their rigs were whisper quiet. I noticed it too, and quickly saw that the program was running but actually doing nothing. The Nicehash website was also down, with the company stating some problems with routine maintenance. But as the day went on and nothing was solved, it became apparent what had actually happened. Nicehash had been compromised, and it didn’t take long for users to see that their wallets had been emptied out.
Overnight, Nicehash put out a statement confirming the theft. While Nicehash hasn’t confirmed the amount lost, reports (and a quick look at the public transfer) suggest that a whopping 4700 Bitcoin had been seized, which is worth over $65 million right now. Given that the wallet the funds were transferred to is new, the account history is next to impossible to use to try to track down the culprit. And given the finality of the transaction, it’s hard to see Nicehash getting it back. The company could do something with an offline backup, but it seems more likely that your funds are gone.
Which isn’t too terrible if you weren’t using Nicehash to actually store your profits. Like many will advise you to do, dedicated wallets and even offline paper wallets are ideal to store amounts of Bitcoin you might see as damaging to lose. Storing all the profits on Nicehash’s own wallet meant that you were just as vulnerable to an attack on their entire service. If you didn’t, it’s probably only your unpaid balance that is gone. Nicehash would only pay out once you had mined 1% of a Bitcoin, so if you had anything unpaid you can probably kiss that goodbye.
It’s a scary reminder of how easily Bitcoin can be transferred and disappear, given the decentralised nature of the currency and the anonymity of its users. If anything it’s a lesson to new users on how to better secure their funds past a simple sign-up process. But even when Nicehash returns, will anyone trust it again?
Last Updated: December 7, 2017