NiceHash hacked



  • I saw this today when I looked at my mining page:

    Service Unavailable

    Official press release regarding the NiceHash security breach

    Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours.

    Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.

    Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.

    We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity.

    We would not exist without our devoted buyers and miners all around the globe. We understand that you will have a lot of questions, and we ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service. We will endeavour to update you at regular intervals.

    While the full scope of what happened is not yet known, we recommend, as a precaution, that you change your online passwords.

    We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible.


  • admin

    @rds WOW!



  • @haitch ,

    I just read a comment on discord the hack was 4700 BTC. About $100 USD was mine. :)


  • admin

    @rds 4,700? In a hot wallet - asking for trouble. US$65M



  • @haitch , don't know the details but you're right, I never keep too much in any online wallet, I use paper for the bulk of my crypto holdings. I would like to see a paper scheme for Burst as well.



  • @rds its possible to create essentuly a papper wallet for burst but requiers some initial pre set up to be sure there are no digital traces left.



  • @gibsalot , Not sure how that works. I never saw any documentation on how a Burst address is generated.

    That being said, BTC and ETH are well documented as to how to create paper without any online presence.

    Each has a private key format which is just a 64 digit hex number. The algorithm to generate an address is well documented for both. I even wrote a little stand alone Python program to generate ETH and BTC addresses from a random 64 digit hex number. I don't use it anymore because I like the 18 word BIP44, multi coin address generator as seen on Coinomi recovery site.

    Burst needs more transparency for their technicals.



  • @rds to get as close as you can to a paper wallet with burst you will need preferbly a computer with a fresh OS install, setup trusted security, and run get a local wallet running , then write out your pass phrase on paper and type it into local wallet no copy paste. activate that wallet address, write down its address . then logg out and wipe the comp clean agin to erase all digital trace of the pass phrase ... then all you need to do is send burst or assets to that address and keep the writen passphrase ( paper wallet ) safe. and basicly never logg into it . unless you go throu the same process when logging in to eliminate any digital trace when you logg in then just burn that address and create another one. what sucks is you cant do a hardware wallet for burst because of the way its setup ... essentuly your public key is the address , but the private key is not a wallet.dat file like other coins burst private key is the passphrase.



  • @gibsalot , thanks for the explanation, it is close but not true paper.

    As an aside, this looks like the address that received the NiceHash hack.

    1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq

    First transaction was 7 minutes after midnight for .01 BTC, then 10 minutes later, 4600 BTC then 3 or 4 transactions over the next 16 hours scraping any dribbling coin.



  • @rds yea not a true paper wallet but as close as you can git with burst.



  • This post is deleted!


  • This post is deleted!


  • @rds said in NiceHash hacked:

    @haitch , don't know the details but you're right, I never keep too much in any online wallet, I use paper for the bulk of my crypto holdings. I would like to see a paper scheme for Burst as well.

    I second the that motion for Burst......!!!!!!



  • @rds said in NiceHash hacked:

    @haitch ,

    I just read a comment on discord the hack was 4700 BTC. About $100 USD was mine. :)

    Yikkkkeessss



  • @rds Luckily I have just lost 37$.Work of one procesor for 2 weeks...pitty but not tragic.I wonder if they repay us back at some point.



  • @ip85 ,

    From what I read the hack may be actual NiceHash personal accounts. I never setup a personal account with them and specify a Jaxx wallet address for my earnings. So maybe their IOU for my upcoming payout will be honored? We'll see. A few weeks of CPU/GPU mining lost, worst case. At least my equipment is 10 degrees cooler now.



  • @rds i did not had account with them.Just coinomi wallet set up for payout every couple of weeks.I used one of my xeons to do some work.Well i will try to set up monero not thru NH.It was just an addition for zec operation anyway.



  • never used an internal wallet with them, fees too high, but I would still mine there, still kid-friendly than everyone else,

    WinMiner is just a piece of crap. tbh, I turn it on and my computer turns into a pixelated confetti



  • @gibsalot @rds just liked to add to what gibs said that you can even get the address and activate the wallet if you are offline, you just have to had fully synced your chain previously to this... This makes possible to not use any password when you are online, increasing your security by hundreds...

    A paper wallet system is perfectly possible and an hardware one is provably possible too even if there is no wallet.dat file... The wallet.dat file is mostly used for recoverys and that is the part where Burst fails a bit because there is no way of recovering your wallets by any chance (except bruteforcing obviously xP)



  • @rds same