NiceHash has just posted about their security breach and yeah, it’s bad. The payment system was compromised and the contents of the Bitcoin wallet has been stolen. Translation, they got everything. The company says they’re investigating but with the nature of how Bitcoin works, its possession is 10/10ths of the law.
NiceHash suggest you change your passwords, which means hackers made their way deep enough into NiceHash servers that they can no longer guarentee accounts were compromised as well. Lets hope they were hashing passwords, not keeping them in the clear, but either way, its solid advice, change your password, especially if you were bad an used the same password elsewhere.
NiceHash says they’re fully committed to restoring the service, but at this point, public trust is exactly zero. I think they’re unlikely to recover from this.
Here’s the full statement from the subreddit.
Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours.
Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.
Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.
We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity.
We would not exist without our devoted buyers and miners all around the globe. We understand that you will have a lot of questions, and we ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service. We will endeavour to update you at regular intervals.
While the full scope of what happened is not yet known, we recommend, as a precaution, that you change your online passwords.
We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible.
Update
Here’s the official copy on their Facebook page.
