NiceHash cryptomining exchange hacked; everythings gone

Share on Twitter
Share on Google+
Share on LinkedIn
Share on Reddit
NiceHash buyers and miners, change your passwords immediately if you haven’t already been ransacked: the cryptomining exchange that describes itself as the world’s largest marketplace for mining digital currencies has been vacuumed out.
Late Wednesday night, NiceHash said that it was suspending its operations for at least 24 hours because of a security breach.
Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken. Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency
According to CoinDesk, a site specializing in cryptocurrency news and information, news of the breach comes on the heels of an hours-long outage and reports from a multitude of users that their NiceHash-associated wallets had been emptied. NiceHash had previously posted an announcement that its service was “under maintenance.”
NiceHash users have been passing around a link to a Bitcoin account that appears to belong to the hacker(s). It shows that as many as 4,736 bitcoins had been stolen.

That jibes with what NiceHash head of marketing Andrej P. Škraba told The Guardian: namely, that the hack – “a highly professional attack with sophisticated social engineering” – resulted in approximately 4,700 bitcoin being stolen.
As of Thursday morning, that amount was worth about USD $80 million – a value that skyrocketed from what The Hacker News said was $58 million at the time of the theft.
At the time of writing, the NiceHash service was still offline. NiceHash, which formed in 2014, still had a “Service Unavailable” post on its website, along with its official press release about the hack.
信息安全意识屏幕保护程序
Unfortunately, the NiceHash hack is a prime example of how you can lose money beyond just the wildly fluctuating value of cryptocurrencies. As Naked Security’s Taylor Armerding noted recently, cryptocurrency exchanges – the sites where these currencies are bought, sold and stored – are a soft and vulnerable underbelly.
Once you’ve uploaded your private keys to an exchange to make trading easier, they’re at the mercy of that site’s security. The sites can be hacked, via social engineering or other means, and the keys can be stolen. Unfortunately, there’s no Federal Deposit Insurance Corporation (FDIC) to protect your Bitcoin; nor do governments or central banks back them up.
Sophos Home
Free home computer security software for all the family
Learn More
远程接入用户大量采用双因素身份验证,终端量大,终端安全工作繁重,而且难免有漏网之鱼,而使用VPN接入的往往都是处理关键的核心业务,终端被攻击,VPN仅信赖帐户和密码认证显然不够充分,应该考虑搭配多因子身份验证措施。
In August 2016, we saw it happen to Bitfinex, which was then the world’s largest Bitcoin exchange.
At that point, the one question on everybody’s lips was this: Are we getting Goxed again?
That had been, up until the Bitfinex hack, the Mother of All Bitcoin Bellyups. Mt. Gox, a Tokyo bitcoin exchange, announced in 2014 that there’s been a mysterious vanishing of half a billion dollars worth of digital assets.
In the case of Mt. Gox, 850,000 Bitcoins went missing and were thought to be likely stolen. That would be worth about $14.4 billion nowadays. But sometime after Mt. Gox found 200,000 of those Bitcoins, its chief was accused of embezzlement and data manipulation.
His trial started up in a Tokyo court in July. According to the Guardian, those affected by Mt. Gox’s failure are still trying to claw back the funds they lost and looking to the trial to hopefully help explain what happened.
The value of Bitcoin is through the roof, and it’s showing no signs of slowing down. It jumped past 15,000 on Thursday, and experts are predicting that it could get as high as $100,000 one year from now.
With no better value for a hacker, we can expect more stories like this one.
Follow @LisaVaas
数据库注入攻击是让人头痛的事,目前尚无成熟的第三方技术来有效防范,重点在程序员的安全意识和安全代码行为。

猜您喜欢

潼南区供电召开例会强化信息安全工作
网络安全意识动画片展播WIFI无线网络安全使用
网络安全法普法宣传 004《网络安全法》的突出亮点
泰国副总理戴钻戒和200万元名表惹争议 https://news.qq.com/a/20171207/003229.htm#p=1
TOSHI-IE ILDIVOFANS
EHS专员想都不敢想的EHS动画教程