Nicehash Traces 75 Million Dollar Hack To Single Bitcoin Address, Promises To Relaunch Soon

Several days ago “Andrej_ID” of Nicehash released a stunning glimpse into the future of crime. In the old days we’d see police officers and detectives in long coats combing through a crime scene, trying to glean every clue possible. Today the “paper trail” is fully digital, weaving its way through Bitcoin addresses, exchanges, mining pools and more.

It appears that 4,736.43 BTC, worth about $75 million USD, has gone into a single address – 1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq. Currently 4,000.01 BTC ($64 million USD) sits in the wallet, with two big withdrawals made in the past two days… 72 BTC today and 664 BTC yesterday.

Andrej points out on Reddit that 12VkDG5PSo5Qh6Lzjje72eCvVwrTwdiuFK was the main middle address used during the hack (marked red in the image below). Check out the full SVG file for a detailed anatomy of the hack.


Speculation about the perpetrator is rife, including a possible inside job. As a (previously active) user of Nicehash, I’m sad to see this happen but we are talking about cryptocurrency… today’s mega-cyberwarfare battlezone.

Nicehash isn’t deterred though, and on their homepage they promise to re-launch the service soon:

“The support we have received from our community during this crisis has been immense. We are truly moved by the tens of thousands of messages from our community of miners. We understand why everyone is upset, and we are truly sorry.

We want you to start earning money again as soon as possible. We are taking all the necessary steps to re-establish our systems with the highest possible levels of security to contain and defeat any possible future attacks.

Although we initially stopped the service for 24 hours, it turned out we require more time. Good news is that we are in the final stages of a rebuilding NiceHash into the most robust and secure marketplace for hashing power.

Your bitcoins were stolen and we are working with international law enforcement agencies to identify the attackers and recover the stolen funds. We understand it may take some time and we are working on a solution for all users that were affected.”

Keep in mind that Nicehash was primarily a mining pool, not an exchange of any kind. However, this hack happened after Nicehash started expanding the availability of its own online wallets. Mining pools usually pay out any coins mined by pool contributors after a certain threshold, reducing the amount of coins held (and hence prone to theft).

But Nicehash implemented their own online wallet system recently and encouraged miners to keep their earned coins in it. In other words, Nicehash seems to have wanted you to keep your earned coins with them for longer periods of time, adding to the suspicion of a possible insider waiting for this implementation before stealing any coins.

The thief is still at large. Are we heading into the dystopian crime-noir cyberpunk future long predicted by sci-fi authors? Or are we already there? Let me know your thoughts below.

Image credits: andrea-prieto/flickr, andrej_ID, s.raman

  • Sunil Raman

    To clarify, I use the term “traces” to indicate that Nicehash found the BTC address “paper trail”. However identifying and apprehending the culprit(s) are another story altogether. Anyway, I definitely feel like I want to do a VR 2017 Roundup article next, Lord willing by early next week! Cheers.

    • Villz

      nice nice!

    • Pseudo Intellectual

      Good work!

    • Sunil Raman

      Updated title to clarify further that Nicehash traced the BTC address not the person involved AFAIK.

  • Pseudo Intellectual

    Nice original content!

  • Sunil Raman

    @gubjedi:disqus @ShaunWalshIsRetarded:disqus Thanks 🙂

    • Pseudo Intellectual

      By the way what is the safest exchange with less fee?

      • Sunil Raman

        Wow at this point I really don’t know, everything seems doubtful at this point! You’ll need to research a lot especially for your particular country and situation.

        • Pseudo Intellectual

          I could not trust any exchange right now as I am concern with my privacy.

      • Sunil Raman

        I’ve used in the past but I cannot vouch for it specifically since the cryptoworld is in a lot of flux at the moment!

  • forextor

    Nah.. you used the word ‘traces’ as a clickbait… this article offers nothing new than what we already know.

    • Sunil Raman

      In the spirit of integrity, I have edited the title to what I think is interesting but reasonable.

  • Pseudo Intellectual
  • Sunil Raman

    Hey all I’m going on holiday in several days, will be out of the loop for a while. Take care and Lord willing catch you on the flip side ie. next year.

    • Enjoy 😀

      • Sunil Ramanᴴᵒˡᶦᵈᵃʸᴹᵒᵈᵉ

        Thanks mate 🙂