Pages:
Author

Topic: NiceHash hacked? - page 11. (Read 32068 times)

member
Activity: 644
Merit: 24
December 08, 2017, 01:26:57 AM
They where hacked on wednesday and almost 64 million usd has taken from them

NO WAY!  Really?Huh OMG?Huh  You were the first person to tell us that.  Lol ... Go back to sleep for another week.
member
Activity: 644
Merit: 24
December 08, 2017, 01:23:50 AM
Yeah no shit ... Moral obligation only.  And that is if the head of their company really doesn't have anything to do with it, but your money is still gone.  How the fuck would he ever have the $ to repay his customer for their losses, even if he wanted to?  Especially now that they are considered to be incompetent. They can't operate on rice and beans for the next several years and keep the company going, while making payments to the customer.  NH isn't the US banking system.  There isn't a bailout check in the mail.  NH is not eligible for an Obama phone.  If they do decide to open up shop again, how will they gain back the trust of everyone?  I'm guessing it will be a small percentage that would return and then NH will slowly fail.

The FBI can spend the next few years looking into it.  They may or may not try to take it for themselves somewhere along the way.  In the end, your dinero, say bye bye, muchas gracias.

newbie
Activity: 47
Merit: 0
December 08, 2017, 12:52:40 AM
They where hacked on wednesday and almost 64 million usd has taken from them
member
Activity: 98
Merit: 12
December 08, 2017, 12:47:47 AM
According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

What obligation are they bound to that says they have to pay us what is owed when coins are stolen?  They are not an insured bank, they are not a Registered Currency Exchange Business and don't have to follow the guide lines/laws of an exchange.  They don't have to follow KYC regulations.  So I'm curious, other than a "moral" obligation (which would be great to see happen), what makes them have to pay users back?  Nothing (if it wasn't them).  The only way we get money back would be if they actually catch the person whole stole the coins, then they can return "stolen" property.
member
Activity: 98
Merit: 12
December 08, 2017, 12:40:32 AM
I agree.  We did not get robbed.  They still owe us.  If a bank gets robbed that doesn't mean they stole the customer's money.  Is there a link the livestream video?  I would like to see their body language and faces as they talk. I have seen too many people commit fraud.  They are not hard to spot from day one when investigating irregularities.  Most cases of business  and financial "mismanagement" ends up being an inside job and they will lie right to your face about how a "hacker" must of cleared them out only to find out they have been squirreling away money for months and once they get caught they always try to lie out of it only to get caught by their own words.  I only lost .02 but I was expecting my payout this week to buy some XMR... oh well.  Undecided

So comparing nicehash theft to a bank robbery doesn't really equate.  If a bank gets robbed your money is FDIC insured (by the government) up to a certain amount.  That money you can get back.  Once that amount is exceeded, the bank is under no obligation to pay the remainder to you.  If the Bank is not insured, then good luck getting your balance.  If a bank runs out of money, there is nothing to pay you back with.  They simply file bankruptcy, close up shop, and good luck getting your money back in court.

The only recourse is if they can identify the person who stole the BTC and charge him.  That's who we would get restitution from.  We can hope that the Nicehash owners have a strong moral compass and can/will help in some way, but I wouldn't count on it.  We've seen too many of these type of issues occur over the last few years, and we all know how it's going to turn out.
member
Activity: 244
Merit: 10
BrownieCoins.org The Recognition Cryptocurrency
December 08, 2017, 12:15:59 AM
According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.

if my individual account had gotten compromised I would say my account got hacked but I had 2factor on my account and took every safety measure to protect my account on nicehash. It's sad because they really were in over their heads. They are probably going to go to jail for some compliance shit they did not meet. trust me the FBI will find something just to make an example out of them and move a service like this to US. hence mtGox and Coinbase. you can tell they are armatures because they are talking about developers from around the world, you know how hard it is to have a secure dev network across multiple territories. Did they ship these developers encrypted laptops with 2factor RSA auth, were these developers even background checked probably not. Like I said it's sad because they really looked like they worked their arsses off for this site and they are probably going to go to jail.
legendary
Activity: 1470
Merit: 1114
December 08, 2017, 12:05:33 AM
According to Nicehash they got robbed of our coins. If the funds were segregated there is a technical
distinction whose coins were actually stolen. But it doesn't matter, they still have an obligation to
pay users what is due.

The semantics games are getting a little stretched.
newbie
Activity: 2
Merit: 0
December 07, 2017, 11:41:25 PM
I agree.  We did not get robbed.  They still owe us.  If a bank gets robbed that doesn't mean they stole the customer's money.  Is there a link the livestream video?  I would like to see their body language and faces as they talk. I have seen too many people commit fraud.  They are not hard to spot from day one when investigating irregularities.  Most cases of business  and financial "mismanagement" ends up being an inside job and they will lie right to your face about how a "hacker" must of cleared them out only to find out they have been squirreling away money for months and once they get caught they always try to lie out of it only to get caught by their own words.  I only lost .02 but I was expecting my payout this week to buy some XMR... oh well.  Undecided
member
Activity: 244
Merit: 10
BrownieCoins.org The Recognition Cryptocurrency
December 07, 2017, 11:40:46 PM
rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

I get your point but It is technically our BTC they lost. Nicehash is under a moral and possibly legal obligation
to make it up to customers but those coins are gone. The legal ambiguity depends on whether they have a
disclaimer and whether it is enforceable in a court of law in the jurisdiction in which they operate.

It is also very unfortunate Nicehash had raised their minimum payout. That combined with the large increase in
BTC price means they were holding a lot more value at any given time making for a bigger target ragardless of
the timing.


lots of Americans got robbed the FBI is not going to let this one go my friend. If it looks like mtGox and it smells like mtGox it's probably two fingers up your haha. Someone is going to jail for sure. even if they were just careless or stupid. I don't buy that bullshit story that everything can be hacked, I secured major power grids in the US and it requires expensive equipment and all kinds of other expensive software. Don't get me wrong I really want to see them back because I liked the service and I think people are going to have a service like this in the future to connect their home datacenter for currency trading and whatever social media needs they have. It's just stupid and careless. I don't think it was an inside job, they were just in over their heads.
newbie
Activity: 5
Merit: 0
December 07, 2017, 10:54:15 PM
rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

I get your point but It is technically our BTC they lost. Nicehash is under a moral and possibly legal obligation
to make it up to customers but those coins are gone. The legal ambiguity depends on whether they have a
disclaimer and whether it is enforceable in a court of law in the jurisdiction in which they operate.

It is also very unfortunate Nicehash had raised their minimum payout. That combined with the large increase in
BTC price means they were holding a lot more value at any given time making for a bigger target ragardless of
the timing.


Please explain this technically our BTC they lost?

From what I see from the BTC address fingered as the stolen BTC, the bulk of the BTC was in 5 transfers.  Four 1k BTC transfers and then a 622 BTC transfer.  Clearly these aren't transfers from miners accounts (whether those selling hash power or buying it).  Furthermore, if you sell your hashing power the unpaid balance isn't real BTC but Nicehash's own off chain BTC which is worthless.  I use nicehash legacy miner and yesterday it showed I had a balance but couldn't connect to nicehash servers.  So I still had a balance after Nicehash got robbed of THEIR BTC and before Nicehash turned off all the servers.

Now it appears Nicehash is claiming that people like me got robbed of our BTC.  BULLSHIT.  Nicehash robbed it after they shutdown the servers which is after they got robbed of THEIR BTC.
legendary
Activity: 1470
Merit: 1114
December 07, 2017, 10:47:13 PM
It's hard to see even if they do come back how people would ever trust Nicehash again unless they make good on the balance owed.

I have to agree with that. They must reimburse to restore any trust. The're big enough, they should be able
to cover the losses and resume operating.
legendary
Activity: 1470
Merit: 1114
December 07, 2017, 10:43:44 PM
rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

I get your point but It is technically our BTC they lost. Nicehash is under a moral and possibly legal obligation
to make it up to customers but those coins are gone. The legal ambiguity depends on whether they have a
disclaimer and whether it is enforceable in a court of law in the jurisdiction in which they operate.

It is also very unfortunate Nicehash had raised their minimum payout. That combined with the large increase in
BTC price means they were holding a lot more value at any given time making for a bigger target ragardless of
the timing.
member
Activity: 238
Merit: 11
December 07, 2017, 10:43:16 PM
I am leaning towards this hack being an inside job.

Why?? well, leading up to the hack, scrypt hashrate was and still is exploding, rather than upgrade equipment and capacity they simply "upgraded" the minimum share difficulty. As they approached max capacity again with BTC price exploding and NH wallet full, the simplest solution for them, rather than deal with the hassles of hardware upgrades, troubleshooting, downtimes, complaints etc was to just pull the plug by feigning a hack and then walk away.

Just a theory , I personally hope they start back up.  Maybe they'll use the downtime to upgrade and reopen, hurray, if not ... see prior paragraph. It'll be interesting to see how it plays out


rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.

Our bitcoin was never on our own private key, what was shown were balances owed by them to us - regardless whether they recover BTC stolen this is still BTC owed to us. If they ever come back I expect a full payment - it'll be really stupid for them to ignore this amount owed to their customers.

The amount of hashpower represented by Nicehash is very significant, as seen by the difficulty dropping massively across the board or in other cases (e.g. Scrypt) a sharp spike with people moving over to backup pools - it'll be hard to see why they wouldn't have reserves to pay buyers and sellers alike.

It's hard to see even if they do come back how people would ever trust Nicehash again unless they make good on the balance owed.

member
Activity: 244
Merit: 10
BrownieCoins.org The Recognition Cryptocurrency
December 07, 2017, 09:55:31 PM
I am leaning towards this hack being an inside job.

Why?? well, leading up to the hack, scrypt hashrate was and still is exploding, rather than upgrade equipment and capacity they simply "upgraded" the minimum share difficulty. As they approached max capacity again with BTC price exploding and NH wallet full, the simplest solution for them, rather than deal with the hassles of hardware upgrades, troubleshooting, downtimes, complaints etc was to just pull the plug by feigning a hack and then walk away.

Just a theory , I personally hope they start back up.  Maybe they'll use the downtime to upgrade and reopen, hurray, if not ... see prior paragraph. It'll be interesting to see how it plays out


rather than give part of the company away and raise funds let's just take the money we have to give to the customers and restart the service. They lost their money I am not sure why they keep saying it's our bitcoins they lost.
sr. member
Activity: 342
Merit: 250
December 07, 2017, 08:32:40 PM
I am leaning towards this hack being an inside job.

Why?? well, leading up to the hack, scrypt hashrate was and still is exploding, rather than upgrade equipment and capacity they simply "upgraded" the minimum share difficulty. As they approached max capacity again with BTC price exploding and NH wallet full, the simplest solution for them, rather than deal with the hassles of hardware upgrades, troubleshooting, downtimes, complaints etc was to just pull the plug by feigning a hack and then walk away.

Just a theory , I personally hope they start back up.  Maybe they'll use the downtime to upgrade and reopen, hurray, if not ... see prior paragraph. It'll be interesting to see how it plays out
full member
Activity: 420
Merit: 110
December 07, 2017, 08:28:10 PM
No one on these sites with access to wallets has heard of 2 factor authentication?  I mean even if you get someones credentials you would have to get access to the fido key or to google authenticator or some variation of that.  That message needs to be broadcast that if you fail to do basic things to protect customers you will be sued into the ground... 
NH was sending out notifications to activate 2Authy just before the deed. I thought that as curious.
jr. member
Activity: 54
Merit: 2
December 07, 2017, 08:23:22 PM
So I am looking at the wallet address a few days later still pissed and now I see there are several small deposits into the wallet.  I am curious to wonder where are these coming from?  Could this hacker now be mining some data from nicehash to hack other wallets that were linked to nicehash that maybe have easy passwords or the same password that their nicehash users used?  I am going to double check that whatever nicehash password I used is DEAD!  Here is the link to the wallet if you want to look for yourself.

https://bitinfocharts.com/bitcoin/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq

I assume those transactions are designed to tag that address somehow
newbie
Activity: 2
Merit: 0
December 07, 2017, 08:13:12 PM
So I am looking at the wallet address a few days later still pissed and now I see there are several small deposits into the wallet.  I am curious to wonder where are these coming from?  Could this hacker now be mining some data from nicehash to hack other wallets that were linked to nicehash that maybe have easy passwords or the same password that their nicehash users used?  I am going to double check that whatever nicehash password I used is DEAD!  Here is the link to the wallet if you want to look for yourself.

https://bitinfocharts.com/bitcoin/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq
member
Activity: 98
Merit: 10
December 07, 2017, 07:56:58 PM
so much hate for nicehash...

It was the easiest way to setup mining and bring in BTC. I can't think of any other simpler way to download 1 software, and bring in 100 dollars worth of bitcoin every month on a 5 year old gaming computer.

100% correct.  When I first started mining I used Nicehash while I learned the ropes.  I realized it was more profitable to mine to a pool directly but didn't know enough.  Still though, I can see why so many people continued to use it.  You didn't have to mess around with a bunch of different altoin exchanges or following the markets to be sure the the coins you were mining weren't crashing, or checking to see if difficulty and hashrate was rising at an extreme rate.  Strangely you don't see this much hate for Nemos Miner, Multipoolminer, Zpool, or anything else.  I can assure everyone that ZPool is more responsible for killing profitability than Nicehash.
Zpool....flat out thieves. I wonder how many of these butthurt screamers still have currency sitting in other wallets.....like Coinbase.....which BTW is down right now.

Dude I know. I have some fiat in coinbase that I put right after LTC doubled. Not much barely 4 digis. Such terrible timing and now I'm scared shitless but I'm keeping them in coinbase until BTC or LTC drop again. I don't want to buy at these prices and coinbase exchage rate is ridiculous too.

Coinbase is up and running just fine (just used it)... site must be overwhelmed with transaction requests
sr. member
Activity: 1008
Merit: 297
Grow with community
December 07, 2017, 07:53:42 PM
Sound's like an inside job if you ask me. All these recent hacks always have such weak excuses too, like "someone stole someones credentials". Well first thing that should not be enough for someone to be able to hack in and send all the BTC off, there should have been several layers with each one limited to what it could do.

I have to agree. Devs should never be allowed access to live systems.

Where I used to work only support engineers were allowed to login to customer sites and only
with express permission and supervision including logging. Devs were never allowed, they could
watch and advise but never toch the keyboard.

It wasn't all about security, support engineers had specific training on what not to do when logged in to a customer
site, devs are used to a lab where anything goes.


Their security is really trash if one stolen credential could move all the BTC. They should have implemented proper security measures like 3-of-5 multisig for that amount they are dealing with daily.

whats so frustrating is that there were lousy or worse no security for withdrawing A HUGE amount, it is so basic for every financial institutions that for every BIG amounts of withdrawal there are approvals needed, at least to interrupt the attempt.
Pages:
Jump to: