Cyberthieves loot tens of millions in bitcoin from NiceHash cryptocurrency marketplace
Cyberthieves loot tens of millions in bitcoin from NiceHash cryptocurrency marketplace

Cyberthieves have raided the coffers of cryptomining marketplace NiceHash, apparently stealing tens of millions of dollars in bitcoin after compromising its payment system and online wallet.

In response, NiceHash has temporarily ceased all operations. The company's home page on Thursday featured a “Service Unavailable” message, along with an official press release.

“Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days,” the company asserts in the release. “In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.”

NiceHash also says it is “working to verify the precise number of BTC taken,” but according to CoinDesk and other reports, users have already been sharing an anonymous wallet address that likely belongs to the perpetrator containing 4,736 bitcoins, which as of mid-afternoon on Thursday was worth close to $76 million. CoinDesk also referenced posts on Reddit from users whose NiceHash-affiliated wallets were emptied.

Cryptocurrency exchanges, marketplaces, and initial coin offerings continue to represent a highly alluring target for cybercriminals who see an opportunity to steal a virtual fortune in crypto funds, especially bitcoin, whose value has been rapidly inflating. As of Dec. 7, 2017, one bitcoin is currently worth more than $16,000.

“As a rule, extortionists and other cybercriminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well protected,” said Igal Zeifman, security evangelist at Imperva, who recently wrote in his company's Q3 report that bitcoin exchanges are among the 10 most-attacked types of websites. "Attackers can make a lot of money when attacking crypto exchanges due to factors such as the anonymity of the cryptocurrencies, [which provides an] ability to get rid of the stolen goods with limited risk."

Imperva reported that 73.9 percent of bitcoin exchanges and related sites that use its company's cloud-based application delivery platform were targeted by distributed denial of service attacks in Q3. “The DDoS attacks we mitigated could have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders had tried in the past,” said Zeifman, in emailed comments. 

“Unlike classic attacks where hackers get a hold of sensitive data which can lead to fraudulent activity, the actual value of the breach is usually vague and is constructed from fines, PR issues, etc. This is not the case for cryptocurrency hacks, or blockchain in general, where the attack can be immediately evaluated in exact money value,” said Guy Peer, VP of research and development and co-founder at Dyadic Security. “That's because hacking into a cryptocurrency system and being able to use the crypto secrets – private keys, in technical terms – is exactly like breaking into a bank safe and carrying out the gold.”

Matt Walmsley, EMEA director at Vectra Networks, noted that cryptocurrency exchanges are not subject to the same stringent security regulations that traditional financial institutions such as banks are. Therefore, “If you are risk averse, transfer deposits made to your bitcoin wallet to a hard currency account with a bank,” said Walmsley.

However, he added, "Many exchanges may limit the amount you can transfer in one instance and you may not be able to empty your account, so buyers beware.”