Mining Service Nicehash Hacked, $60 Million in User Funds Stolen

The mining service Nicehash was reportedly hacked today, with over $60 mln in funds stolen. Users report that funds have been moved from their own internal Nicehash Bitcoin addresses to a single Bitcoin address controlled by an unknown party. The company released a statement on Reddit, saying:

“Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours. Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.

“Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.”

The company is apparently planning to resume operations, although it’s uncertain how they will retain their users following a hack of this magnitude. Nicehash wrote:

“We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity…

“While the full scope of what happened is not yet known, we recommend, as a precaution, that you change your online passwords. We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible.”

Different kind of service

Nicehash isn’t a mining pool, per se. Rather, it’s a site that allows owners of mining equipment to rent out their hashpower to buyers. Sellers of hashpower find it convenient because they don’t have to spend as much time finding the most profitable coins to mine. Buyers are happy that they don’t have to buy expensive mining equipment for what may merely be a short but intense bout of mining.

Effects on other pools

It’s unclear what, if any, effect this hack will have on other mining pools. The vast majority of cryptocurrency mining is done by users who “pool” their efforts together through a centralized service, called a mining pool. They trust the pool to pay them a percentage of every block the pool successfully mines, proportional to the amount of hashing they’ve done. Pools have been criticised in the past for creating centralization in what is intended to be a decentralized currency movement.

A great many mining pools are located in China, including some of the largest, such as AntPool, F2Pool, BTCC, BW Pool and others. Private mining pools, such as BitFury, are also significant players in the industry.