Several days ago “Andrej_ID” of Nicehash released a stunning glimpse into the future of crime. In the old days we’d see police officers and detectives in long coats combing through a crime scene, trying to glean every clue possible. Today the “paper trail” is fully digital, weaving its way through Bitcoin addresses, exchanges, mining pools and more.
It appears that 4,736.43 BTC, worth about $75 million USD, has gone into a single address – 1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq. Currently 4,000.01 BTC ($64 million USD) sits in the wallet, with two big withdrawals made in the past two days… 72 BTC today and 664 BTC yesterday.
Andrej points out on Reddit that 12VkDG5PSo5Qh6Lzjje72eCvVwrTwdiuFK was the main middle address used during the hack (marked red in the image below). Check out the full SVG file for a detailed anatomy of the hack.
Speculation about the perpetrator is rife, including a possible inside job. As a (previously active) user of Nicehash, I’m sad to see this happen but we are talking about cryptocurrency… today’s mega-cyberwarfare battlezone.
Nicehash isn’t deterred though, and on their homepage they promise to re-launch the service soon:
“The support we have received from our community during this crisis has been immense. We are truly moved by the tens of thousands of messages from our community of miners. We understand why everyone is upset, and we are truly sorry.
We want you to start earning money again as soon as possible. We are taking all the necessary steps to re-establish our systems with the highest possible levels of security to contain and defeat any possible future attacks.
Although we initially stopped the service for 24 hours, it turned out we require more time. Good news is that we are in the final stages of a rebuilding NiceHash into the most robust and secure marketplace for hashing power.
Your bitcoins were stolen and we are working with international law enforcement agencies to identify the attackers and recover the stolen funds. We understand it may take some time and we are working on a solution for all users that were affected.”
Keep in mind that Nicehash was primarily a mining pool, not an exchange of any kind. However, this hack happened after Nicehash started expanding the availability of its own online wallets. Mining pools usually pay out any coins mined by pool contributors after a certain threshold, reducing the amount of coins held (and hence prone to theft).
But Nicehash implemented their own online wallet system recently and encouraged miners to keep their earned coins in it. In other words, Nicehash seems to have wanted you to keep your earned coins with them for longer periods of time, adding to the suspicion of a possible insider waiting for this implementation before stealing any coins.
The thief is still at large. Are we heading into the dystopian crime-noir cyberpunk future long predicted by sci-fi authors? Or are we already there? Let me know your thoughts below.
Image credits: andrea-prieto/flickr, andrej_ID, s.raman