It had to happen eventually – a major cryptocurrency mining marketplace has been attacked in a sophisticated, coordinated hack.
In the early hours of yesterday morning US Central time, NiceHash was dealt a potentially crippling blow. Details are still coming in, but thanks to the nature of the business, many facts have already been confirmed.
While the attack itself was highly sophisticated, the access point was incredibly simple. An employee’s computer was compromised (methodology still being confirmed) and an alert was created asking users to change their passwords. The passwords were then noted and the hacker waited patiently until a critical mass of information had been achieved.
Later, and over the course of several hours, the attacker or attackers then syphoned off approximately 4700 bitcoins and placed them in an account. This equates to around US$78 million in the single account. At the moment, that account has not been touched and the bitcoin is still sitting there – frustratingly close and completely inaccessible.
NiceHash CEO Marco Kobeal took to Facebook to apologise to customers and the greater blockchain community. To his credit, he was open and honest about the shortcomings of the system and how they need to improve in the future. He was humble, clearly authentic and genuinely apologetic.
But NiceHash got hacked – and that is completely unacceptable.
For a mining marketplace to have any flaws at all is like a painter saying that they can do everything but paint – the one thing they have to be good at, they were not. Security is the only thing allowing the blockchain to have as much credibility as it does, and it is expected that faith in bitcoin will take a hit, along with values.
The bizarre thing is that this breach wasn’t picked up until several hours later, after reports of emptied wallets and suspicious downtime had been reported. Rather than acting quickly, NiceHash chose to analyse first and act afterwards. The time this took is not clear yet, but it is certain that even a minute of analysis could have cost hundreds of thousands of dollars.
Police are now conducting a forensic analysis and the likelihood of NiceHash remaining a viable business is surely questionable now.