Topic: [ANN] NiceHash.com - sell & buy hash rate cloud mining service / multipool - page 87. (Read 794394 times)

Hello

What gtm used nicehash?

I need to know the hour of my the paid in my country

Niki on reddit confirmed that my loss what due to your faulty code, security issue.

https://www.reddit.com/r/NiceHash/comments/5cb1a4/nicehash_made_me_lose_022_btc_i_ask_for_a_refund/

BEWARE GUYS. SUDDENLY YOUR ACCOUNT MIGHT GET HACKED AND EVEN IF YOU SPOT THE HACK AND CHANGE YOUR PASSWORD OR EVEN 2FA THE HACKER WILL STILL BE LOGGED IN AND WILL BE SOMEHOW USING YOUR 2FA TO MINE.

I d really like to see more mining option besides Zcash and Ether. I ve been using Nicehash for months and these re only 2 coins I have ever been able to mine. Are there any plans for enabling users to mine something else, like multipool?

Hello.
nicehash. You add new updates to CLAYMORE ZCash AMD GPU Miner v4.0 ??

Miners pass new updated CLAYMORE ZCash AMD GPU Miner v4.0
But after that the Course  start to fall and the force twice, my miner  is no longer profitable at all..

I was still trying to manually connect your pool nice ... I did not get. Saw a new miner or tell me how to set up pool CLAYMORE in ZCash AMD GPU Miner v4.0

Can you explain why there are no simple basic protections:

1. When password is changed, site must force all logged in users out. SIMPLEST RULE.
2. When someone wants to set a 2FA, an email verification should be needed. SIMPLEST RULE #2.
3. I deactivated hacker's 2FA with your code and created my own 2FA, but hacker WAS ABLE TO RENT HASH SOMEHOW. HOW CAN THIS BE IF THERE ARE NO SECURITY BREACHES?
4. I opened a withdrawel request, he could have cancelled and battled me again by putting orders, but he didn't, or more importantly HE COUDLN'T.
5. I informed nicehash of the hack when only 0.02 was gone, they didn't LOCK THE ACCOUNT. Every other exchange or renting service out there locks the account immidietly.
6. Why nicehash doesn't have basic protection safe guard to protect their costumer's funds?

So basically you are lying infront of everyone reading. HACKER WAS ABLE TO PUT AN ORDER EVEN WHEN I RESETTED 2FA AND PUT IN ON MY PHONE. You are either working with the hackers and hoping no one will notice or be loud enough or you just don't care about your costumer's funds.

I SPOTTED HACK WITH A MINIMAL LOSE, ONLY 0.02. AND THATS ON ME, MY RESPONSBILITY. BUT THAN I CHANGED MY PASSWORD AND EMAILED TO YOU IMMIDIETLY. After that, IT IS YOUR RESPONSIBILITY.

You are no different than those "hacker Russians" if you keep on insisting that your faulty, poorly coded weak system just helps HACKERS STEAL THE FUNDS. There is even no IP notification.

I demand a compensation of my stolen funds THAT ARE CAUSED BY YOUR FAULTS and you to accept responsbility and correct your site's mistake. I will not stop following this and will be informing everyone, everywhere. You can't get away with this.

Which sites (that leak db of u/p or had a hack)?

There was no security breach, only certain accounts were hacked by some russians, because people were using same u/p as on other sites (that leak db of u/p or had a hack). Never EVER use same u/p on sites. BTW, if your 2FA is active, you cannot make withdraw or place an order without the code, so you are basically locked.

There is something definetly wrong here.

They have sent me 2FA secret code so I deactivated the hacker's 2FA and activated one from my own personal phone where I haven't used on nicehash for 2FA before.

GUESS WHAT HAPPENED? HACKER STILL WAS ABLE TO RENT HASH! WITHOUT HAVING ACCESS TO MY PHONE'S 2FA.

There is a huge security leak and all the funds on the site in completely insecure. Someone found a backdoor and renting hash from people.

I'm %100 sure of this and will start a detailed thread in Scam Accusations later today as hacker could have easily withdrew my btc, instead he opened orders and he didn't get logged out when I changed the password 3 times, there is no way he accessed my account with a password. Also I tried to withdraw the remaining btc which was 0.023 and he didn't cancel it. He could have if he really was in the account.

I urge everyone to withdraw your bitcoins from this website as it is way insecure.

yes, something is wrong with the site's 2FA.... how is it I am able to log in without entering 2FA (I have 2FA enabled)

edit: and who is renting 20ph/s?!

There is something so wrong with this.

1- Hacker didnt withdraw btc, he rather mined. Why?
2- Hacker couldnt cancel my withdraw request. Even tho we were actively battling - he putting orders and Im cancelling them.

Nicehash you are either working these guys or they are somehow using your database to perform certain actions.

OK. THIS IS DEFINETLY A SECURITY LEAK. I CHANGED MY PASSWORD 3 TIMES AND MY 2FA 2 TIMES. HE STILL SOMEHOW IS LOGGED IN AND MINING. IT SEEMS TO ME THAT HIS HAS HAPPENED BEFORE LATELY AS THE DWARFPOOL ADDRESS IS MINED A LOT.

https://dwarfpool.com/eth/address?wallet=0x9358544c863873a25c4cc2d6f98588524774b385

THIS IS YOUR FAULT NICEHASH. TAKE RESPONSIBILITY. CLOSE YOUR SECURITY LEAK AND UPGRADE YOUR CODE TO A MODERN SECURE WEBSITE WHERE USERS ARE ASKED EMAIL VERIFICATION FOR SETTING 2FA AND PREVIOUSLY LOGGED IN USERS ARE FORCED OUT WHEN PASSWORD IS CHANGED.

NO!!!!!

1) YOU SHOULD UPGRADE YOUR 2000 PHP CODE OF YOUR WEBSITE AND ACTUALLY FORCE THOSE WHO ARE PREVIOUSLY LOGGED IN OUT WHEN A PASSWORD IS CHANGED.
2) YOU SHOULD ALSO BLOCK OTHER IPS WHEN YOU ARE INFORMED OF THE HACK, EVEN BLOCK THE ACCOUNT.
3) YOU SHOULD ASK FOR A EMAIL CONFIRMATION AS ALL THE OTHER WEBSITES IN THE WORLD DOES WHEN A USER TRIES TO PUT 2FA TO HIS ACCOUNT.

I'LL CHASE THIS TO THE END AND WILL GIVE YOU A NEGATIVE TRUST IF YOU DON'T TAKE RESPONSIBILITY AS YOU SHOULD!

Here is what happened for those who wants to read:

So here is the deal, I was renting hash for Zcash and Zclassic for the past couple of days. I had 0.24 btc left in my account. Today I decided to check my account and saw that there was an open order that wasn't by me.
The hacker put a 2fa code, WHICH CAN'T BE DONE WITH EMAIL CONFIRMATION ANY WHERE IN THE WORLD EXCEPT THE POORLY CODED NICEHASH INTERFACE, and I was unable to withdraw my btc immidietly. I changed my password from a fresh computer due to the risk of having a keylogger on my computer.
GUESS WHAT?! Poorly coded nicehash website didn't force previously logged in people to logout after a password reset. What a joke?! Is this 2001 dial up internet years all over again?
So, while I thought I was safe because I changed my password and the regular website behaviour is to force everyone else out that is logged in with previous password. I went to bed. Woke up to see if nicehash responded my email.
They asked me to send certain amount of btc to my deposit address to verify its actually me. And I did. Than wanted check if my deposit was in wallet page.
I noticed my 0.22 was fully gone. Poorly coded nicehash website didn't force previously logged in hacker, neither did the support blocked his IP even though they have been INFORMED that it was a hacker.
I request a refund of my hardly earned 0.22 BTC. I accept that the first hack was my responsibility but the rest security leaks was caused by nicehash's poor coding.

This is a fucking job, here is the mail I recieved:


I URGE EVERYONE. USING NICEHASH IS NOT SAFE. THEY DON'T HAVE EVEN THE SIMPLEST PROTECTIONS. THEY DON'T ASK EMAIL CONFIRMATION FOR SETTING 2FA AND WHEN YOU CHANGE YOUR PASSWORD THE HACKER WILL NOT BE FORCED OUT. THIS IS A VERY UNPROFESSIONAL CODED WEBSITE.

We are very sorry for the funds that you've lost. You should always enable 2FA before doing any kind of operations with the funds on your account to prevent such scenarios. You should also keep your account secure all the time (https://www.nicehash.com/index.jsp?p=news&id=108)

Once again, please make sure to keep 2FA enabled all the time when doing any kind of operations with any kind of funds in your account.


Best regards,
NiceHash team.

GOOD FUCKING JOB NICEHASH. I LOST 0.22 BTC BECAUSE OF YOU.

Today I discovered there was an order that wasn't mine. Someone hacked my account and put 2FA so I wasnt able to stop him. I immidietly changed my password from a fresh computer incase I had keylogger.

Had 0.24 in the beginning but managed to save the account with 0.22

Even though I messaged them from literally everywhere, they responded very late and asked to send some btc to the deposit address of the account. I did that and still nothing!

BECAUSE OF THE POORLY CODED WEBSITE, EVEN THOUGH I CHANGED MY ACCOUNT'S PASSWORD FUCKING TWICE, hacker was able to STAY LOGGED IN.

I REQUEST THE REFUND OF MY LOST 0.22 BTC BECAUSE OF THE POOR CODE OF THE WEBSITE. HOW IS IT POSSIBLE THAT SOMEONE STAYS LOGGED IN EVEN THOUGH I CHANGED MY PASSWORD.

ALSO IN WHAT WORLD CAN YOU SET 2FA WITHOUT MAIL CONFIRMATION?!

I CHANGED MY PASSWORD AGAIN BUT THE HACKER STILL KEEPS PUTTING ORDERS. SO HE STAYS LOGGED IN EVEN THO THE PASSWORD CHANGED. WHAT A FUCKING JOKE!

Once a block is found with the nicehash pool, how long is it expected to remain in the pending status? Two blocks were found this afternoon, and one is over 4 hours old, but still pending.

Hey, my account was hacked. Hacker put a 2fa but I was able to reset my password through my email (different passwords with nicehash account, thank God). I pm'ed you and emailed support. Please help.

It seems as though either the payouts are slow and/or the stats are delayed. They updated the stats page, and it's a lot easier to navigate now.

12:00 miner, was not included in the standings! Woke restarted miner, everything is taken into account? How so?

and I can not log in the pool shows no authorization. constantly. have many this problem as I see it.

It seems that nicehash stopped paying out zcash sometime this morning ~8:30 AM EST. This is frustrating as over 500 sol/s hash power goes to waste.