Cryptocurrency Mining Market NiceHash Hacked, $65 Million Stolen

Recently, cryptocurrency mining marketplace NiceHash announced via social media and on its website that its service was undergoing maintenance, and as such was temporarily unavailable. Curious users started noticing unusual movements in the company’s wallet, and revealed that NiceHash had been compromised, with the company confirming the breach hours later.

Launched in 2014, NiceHash allows its users to rent their hash rate to others, serving as a cryptocurrency mining marketplace. Users who use the service noticed that, while it was down, money was being taken from their wallets associated with NiceHash.

A wallet address circulated by affected NiceHash users reveals that as many as 4,736.42 BTC – worth over $65 million at press time – has been stolen from the website’s wallet. Hours after users figured out what was going on, the company released a statement revealing that had indeed been hacked.

In it, NiceHash revealed that the security breach affected its wallet and that it is still working to verify the precise number of stolen BTC, and that as a result of the incident its operations will stop for 24 hours. The statement reads:

“Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.”

The company adds that it is committed to restoring its services with “the highest security measures at the earliest opportunity,” and uses the statement to thank its users who allowed to get to where it did. Furthermore, the announcement acknowledges that users must have a lot of questions, but clarified it will issue regular updates as information becomes available.

The full scope of the breach isn’t clear, and it isn’t known if the attackers managed to compromise user information in addition to stealing the service’s funds. NiceHash advised its users to, as a precaution, change their online passwords.

While some users have revealed they won’t be using the platform again, others have stated that they are ready to keep mining with NiceHash, but won’t trust the company to keep their funds, even if temporarily. One Reddit user in particular, who claims to be a penetration tester with security breach familiarity, claims most cryptocurrency services keep their funds in cold storage, so they can’t be accessed remotely, implying it was all an inside job by NiceHash’s operators.