Science

Bitcoin Stolen: How NiceHash Was Robbed Of $78 Million and What's Next

A highly orchestrated heist hits a popular bitcoin mining service.

by Danny Paez
Flickr / perspec_photo88

The advent of cryptocurrency has created an all new kind of bank heist. Instead of ski masks and bags of cash, now they’re pulled off online by highly sophisticated hackers trying to get their hands on millions of dollars worth of bitcoins.

NiceHash, a Slovenian cryptocurrency mining marketplace that sells its computers’ processing power to miners, has become the most recent victim of one of these robberies. On Wednesday, the Bitcoin mining service was targeted by an unknown group of cyber-criminals that lifted 4,736 bitcoins — worth about $78 million — from their servers.

The web service has halted operations as a result and released a somber update through Facebook Live.

“A hacker or group of hackers were able to infiltrate our internal systems through a compromised company computer,” said Marko Kobal, CEO of NiceHash, in the live stream. “We’re still conducting a forensic analysis on how the affected computer was actually compromised.”

NiceHash

Kobal goes on to explain that in a window of three to four hours the attackers were able to use a NiceHash engineer’s credentials to access their network using a VPN. From there they were able to “simulate the workings of [NiceHash’s] payment systems,” which allowed them to siphon thousands of bitcoins.

This isn’t the first time millions of dollars’ worth of cryptocurrency has been stolen from online services in the sector. Just last month Tether, a startup that lets users exchange digital tokens pegged to currencies like the dollar or yen, got hit by attackers that lifted $31 million from their digital wallet.

And back in 2014, Mt. Gox, a bitcoin exchange that once handled over 70 percent of all bitcoin transactions in the world, was robbed of 850,000 bitcoins — or $450 million at the time. That remains perhaps the most infamous bitcoin heist of them all, and the attack forced the exchange to close up shop.

Even though NiceHash, Tether, and Mt. Gox provided completely different services within the cryptocurrency sector, they have one thing in common: really fat digital wallets. That made all of them a huge target for hacker groups that can pretty much pull of these heists without a trace.

“These exchanges are not in my opinion secure,” security analyst Avivah Litan told Reuters. “You don’t know what their security is like behind the scenes.”

The most popular cryptocurrency marketplace, Coinbase, states on its website that 98 percent of customer funds are stored offline. Disconnecting wallets from the Internet entirely would seem to be able to stop the sort of attack that affect NiceHash, but it is wise to never underestimate the ingenuity of hackers.

These cyber-robberies don’t seem to be dissuading people from getting into cryptocurrencies, as the price of Bitcoin continues to soar. But this exponential growth in value will undoubtedly attract more hackers trying to make away with a digital fortune.

For now, the ball is in the court of services like NiceHash. As cryptocurrency gets more and more popular, companies need to start stepping up security measures if they’re going to have millions of dollars parked in their computers.