NiceHash, a cryptocurrency mining marketplace, confirmed that its security has been breached and “the contents of the NiceHash Bitcoin wallet have been stolen.” Its users said in online forums that their balances are zero and that more than $60 million was moved to a Bitcoin wallet on December 6.
CEO Marko Kobal and co-founder Sasa Koh appeared on a Facebook video recording to address user’s concerns. Kobal said the hack was made by using the credentials of a NiceHash engineer and that they’re conducting a forensic investigation with law enforcements. He added that more information will be given in the coming days.
Reuters also reported that NiceHash head of marketing Andrej P. Škraba said that the hack was “a highly professional attack with sophisticated social engineering.”
Later in the day, WikiTribune was in contact with company adviser Andrej Nabergoj, who said that NiceHash was “assessing the situation and working with the authorities.” WikiTribune initially identified Nabergoj as CEO, but he subsequently clarified his position.
A press release from NiceHash was later posted on Reddit and Twitter, which said that the company’s security has been breached.
Cryptocurrencies are digital assets that run on a technology called blockchain – a decentralised ledger that allows for anonymous and secure peer-to-peer transactions. Mining is the process of adding transaction records to the blockchain.
More than $60 million from NiceHash users has apparently been moved to a single external wallet pointing to this address.
This security breach of NiceHash makes it one of the biggest cryptocurrency breaches ever. The biggest hack was in 2014, when Mt. Gox, then the world’s largest Bitcoin exchange, lost $460 million, as reported by Wired. The second biggest breach of a Bitcoin exchange platform was Bitfinex in 2016, which had $77 million stolen.
The company’s first tweet regarding maintenance was posted early December 6, and it posted another four hours afterwards, which only added to the concerns expressed on social media by people identifying themselves as NiceHash customers. Users on the Reddit page also said that the company stopped responding to support queries around a day or two ago.