Bitcoin Mining Hacked
6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many Nice-Hash users have expressed surprise to learn that the company’s chief technology officer recently served several years in prison for operating and reselling a massive botnet, and for creating and running ‘ Darkode,” until recently the world’s most bustling English-language cybercrime forum.
Dec 08, 2017 A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million (roughly Rs. 413 crores) worth of Bitcoin in a hack of its payment system, the latest incident to.
In December 2013, NiceHash CTO Matjaž Škorjanc was sentenced to four years, ten months in prison for creating the malware that powered the ‘ Mariposa‘ botnet. Spanish for “Butterfly,” Mariposa was a potent crime machine first spotted in 2008. Very soon after, Mariposa was estimated to have infected more than 1 million hacked computers — making it one of the largest botnets ever created. An advertisement for the ButterFly Flooder, a crimeware product based on the ButterFly Bot. ButterFly Bot, as it was more commonly known to users, was a plug-and-play malware strain that allowed even the most novice of would-be cybercriminals to set up a global operation capable of harvesting data from thousands of infected PCs, and using the enslaved systems for crippling attacks on Web sites. The ButterFly Bot kit sold for prices ranging from $500 to $2,000.
Prior to his initial arrest in Slovenia on cybercrime charges in 2010, Škorjanc was best known to his associates as “ Iserdo,” the administrator and founder of the exclusive cybercrime forum Darkode. A message from Iserdo warning Butterfly Bot subscribers not to try to reverse his code. On Darkode, Iserdo sold his Butterfly Bot to dozens of other members, who used it for a variety of illicit purposes, from stealing passwords and credit card numbers from infected machines to blasting spam emails and hijacking victim search results.
Microsoft Windows PCs infected with the bot would then try to spread the disease over MSN Instant Messenger and peer-to-peer file sharing networks. In July 2015, authorities in the United States and elsewhere, arresting several of its top members in the process. Justice Department at the time that out of 800 or so crime forums worldwide, Darkode represented “one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world.” Following Škorjanc’s arrest, Slovenian media that his mother Zdenka Škorjanc was accused of money laundering; prosecutors found that several thousand euros were sent to her bank account by her son. That case was dismissed in May of this year after prosecutors conceded she probably didn’t know how her son had obtained the money. Matjaž Škorjanc did not respond to requests for comment. But local media reports state that he has vehemently denied any involvement in the disappearance of the NiceHash stash of Bitcoins. In with Slovenian news outlet Delo.si, the NiceHash CTO described the theft “as if his kid was kidnapped and his extremities would be cut off in front of his eyes.” A roughly-translated English version of that interview has been.
According to media reports, the intruders were able to execute their heist after stealing the credentials of a user with administrator privileges at NiceHash. Less than an hour after breaking into the NiceHash servers, approximately 4,465 Bitcoins were transferred out of the company’s accounts. The bitcoins are marked but nobody selling or purchasing can spot the marking. If you steal bitcoins then trade them to someone in exchange for something, that person won’t know that the bitcoins are invalid, and frankly they aren’t invalid, they’re just being tracked by their previous owners. The previous owners get to look on, helplessly, as they move from person to person to person to person, often times with nobody except the first hop or second hop in the chain actually being part of the crime. After that it’s simply someone who sold something that the criminal wanted to purchase. Until there’s a central spot for people to check to see which bitcoins were stolen, its really just a big crapshoot whether the BTC involved in your purchase was obtained legitimately or illegitimately.
Even if something was put in place, a central clearinghouse for information about bitcoin theft, it would be a matter of ethics for the people involved in the BTC transaction to check vs. And BTC isn’t exactly a hotspot of ethical activity.
On a technical level it doesn’t matter though because transactions can’t be reversed once they’re finished. You have to catch the criminal while he’s still in possession of the BTC in order to send them back to their original owners. Not by reversing the transactions but by creating new ones. This is a defense of Brian’s article.
I’m in the Midwest. The news here is mostly politics, very little on crime and punishment, or science and electronics. As such, no coverage of the aforementioned incedent.
But it affects us all. Gives the reader a clearer picture of what’s going on in the world. Remember each news source is controlled by an editor who decides if a story is important enough to spend their resources on. Unfortunately, crime is manpower intensive, it takes a lot of reporters to cover, and sometimes they need a picture so that’s two people per article, whereas one person for a political beat where it is scheduled? “.The recycled tracking numbers are sending items and wrong items everywhere. ” I’ve seen this. I printed two Fedex labels to ship 2 packages to different places – on different dates no less, days apart – and when I looked at the photos I took of the packages w/ label after the fact I was shocked to see the exact same tracking number on 2 separately addressed packages.
I then confirmed that in the Fedex software, yep, it had somehow re-used the old tracking number. This took a few days to get settled.
“I’m sorry sir that package says it has been delivered when I track it.” – oh it was painful. Finally they found it on a shelf near Atlanta after 10 days. One thing that bothered me in that interview is his total lack of self criticism or in fact modesty – a very dangerous quality for anyone working in security.
He says NiceHash did nothing wrong, other than not excluding ANY kind of human factor (which I doubt is ever truly possible), yet going from a compromised developer computer to a hacked main production server still reeks of a lack of operational security. And on the question of why the coins were not in cold storage he vaguely mentions some operational difficulties with that – if I were the journalist I would ask him how come they couldn’t ever figure out that bit? Was it a lack of caution or just a lack of competence? Or perhaps just the standard startup mentality, let’s earn money first and think about details later? He also says for example that ‘It was an outside job because no Slovenian would be capable of this level of hacking’ – as a Slovenian professional programmer I’m just a tiny bit insulted at this as I’ve met some crazily competent Slovenian professionals in my career and while I don’t know that any of them are actually malicious hackers, I feel that that statement speaks loads about his ego. Finally, he laments about ‘his human rights being violated’ because he wasn’t allowed to own the company himself due to his criminal past (his father owns it officially). I don’t know the law enough to go into whether he should have that right after serving his due in prison or not, but invoking ‘human rights’ seems way too theatrical at that point, especially since many people just lost a lot of money through your fault – what about their ‘human rights’?
In any case, the guy did not come off as ready to own up to his mistakes or sincerely learning from them. I would keep a healthy distance from him in any matter having to do with security. I’m still not seeing a legitimate (not in the legal sense, but in the practical sense) need or use for bitcoin. As this case highlights they seem less secure than our current banking system which at least has some protection for consumers (varies according to where you are I guess). While it is undoubtedly an innovative and cool piece of tech, its use so far seems to be for speculation (read, gambling) and illicit purchases under the cover of legitimate (in the legal sense) purchasing which would probably be better served using normal currency. Maybe I’m missing something? You are not relying on a third party and can decide exactly how much to send without opening the door to your whole account.
For merchants it also eliminates the risk of charge backs associate with credit card payments. Centralising data is a massive security risk, nice hash was a centralised service hence why it was able to be hacked. So the flaw of the decentralised currency is when it has to go through a trusted third party very ironic don’t you think! I think 99% of the use is legitimate albeit for speculation, with the $ still being number 1 for all illicit purchases 😉. Is cash better? Sure, but it’s easily stolen from anyone carrying it or their hiding places. And the value of government cash can rapidly decline, as we see in Venezuela and much of the third world.
Or asset forfeiture, simply by traveling through the wrong county with a bunch of cash. (Really, look it up). Are banks better? Scenario #1: Sure, but they’re backed in government currency and governments sometimes collapse.
(Don’t laugh. Look at Venezuela; they had food until recently). Scenario #2: Good luck hiring a legal defense when your government confiscates your bank accounts over a tax “misunderstanding.” It happens, so don’t scoff. Is gold better? Sure, a thief finds your stash. Or some environmental regulation is deleted and it’s cheaper to mine for gold. Or a new source is found in some third world country with cheap labor.
Having crypto-currency in an imaginary wallet is clearly a risky way to handle some of your wealth. But so is having a box of cash in your bedroom, all your money in a bank, or a few gold coins in your freezer. The only safe thing is to diversify your wealth, spreading it in more than one kind of currency and precious objects. Maybe invest in a few Shekels, Pounds, and a little gold, for now. You never know. “In December 2013, NiceHash CTO Matjaž Škorjanc was sentenced to four years, ten months in prison”. I don’t math well, but if you carry the one and square the root, my math says that he should’ve still been in prison at the time of the theft.
So prison from January 2014 to October 2018. It’s not October 2018 yet. This bullsh”t about “early release for good behavior” is nonsense. If you get 4 years and 10 months, YOU SHOULD DO 4 YEARS AND 10 MONTHS.
Bitcoin Mining Hack 2016
I would solicit the bitcoin from the Appeals Board of the prison this adidas track suit wearing h4x0r was released from. There’s so much scamming and theft right now in the cryptocurrency space that it’s almost comical. I mine crypto currencies with hardware and there’s such high demand that we are literally paying for stuff we won’t even get for 4-5 months out. So then there’s space for new technology which promises to do that same that may or may not ever materialize with minimum orders of 5-10 at $1500-$1800 paid in advance.
SO then you’ve got that scam (or potential for it) and you’ve got people claiming to have hardware, charging markups ($500-$2000) and they just never ship. I’ve started ordering single units from the ones that seem legit just to test the water and not take on too much risk. The crypto space is like the wild west on all sides. @Brooke: Yep, almost ALL are scams except for the manufacturers like Bitmain, Pinidea, etc. There seems to be non-ending amounts of websites plastered on the internet offering mining rigs at really good prices accepting only crypto’s and would bet 100% are just scams! Even off places like ebay you have both parties trying to scam each other if paying with or without crypto’s. One party tries to pay using a stolen account or if they pay legally they use the miner for a month or two and then say it was defective and try to return for a refund so they get mine for free while the return is best.
Free Online Bitcoin Mining
Then Nicehash gets hacked with what they initially called a very sophisticated attack. Turns out its most likely an inside job. BTW: I like baikalminer.com and their new algo’s! Lots of scam sites already offering their miner so be sure to only buy direct from the manufacturer.