Cryptocurrencies in the Crosshairs: NiceHash Breach Results in Theft of $83 Million

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The cryptocurrency mining marketplace NiceHash recently announced that its payment system had been breached, and the contents of its Bitcoin wallet were stolen.

While the company said it hadn't yet verified the exact number of Bitcoin taken, Reddit users identified the hacker's Bitcoin address, which contains 4,736 Bitcoin -- thanks to a recent surge in price, that's currently worth over $83 million.

"Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days," the company said in a statement. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency."

In the meantime, the company has temporarily ceased operations, and is advising all users to change their passwords.

Webroot senior threat research analyst Tyler Moffitt told eSecurity Planet by email that the breach should serve as a reminder to the mining community that when mining for a pool, it's always best to have payouts trigger at the smallest amount. "Even though there are fees associated with using the minimum payout, having the amount sit in the mining pool's wallet is risky," he said.

IT security professionals can use threat intelligence and analytics to detect threats like this before an attack. See our list of top threat intelligence companies to evaluate solutions.

$15 Billion Stolen

The findings come as cybercriminals target cryptocurrencies with increasing frequency -- Reuters reports that over $15 billion in Bitcoin have been stolen from exchanges since 2011.

According to Imperva's Global DDoS Threat Landscape Report for Q3 2017, 73.9 percent of all Bitcoin exchanges were hit by DDoS attacks in the third quarter alone.

"As a rule, extortionists and other cybercriminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected," Imperva security evangelist Igal Zeifman said by email. "Attackers can make a lot of money when attacking crypto exchanges due to factors such as the anonymity of the cryptocurrencies, hence the ability to 'get rid' of the stolen goods with limited risk."

Mining Malware

A recent Recorded Future report noted a rapid spike in mining malware beginning in May 2017. "Our research has confirmed that cybercriminals are shifting attack vectors from highly damaging ransomware infections to long-term, low-velocity crypto mining operations," the report states.

The researchers identified 62 different types of cryptomining malware available for sale online, with some priced as high as $850, but the majority offered for less than $50.

And the focus is extending beyond Bitcoin. "As Bitcoin's mining difficulty has increased, requiring more computing power, criminals have begun experimenting with Monero and Zcash, alternative cryptocurrencies which can be successfully mined with CPU power rather than GPU," the report notes.

Mobile Flaws

Separately, a recent High-Tech Bridge study of 30 leading mobile applications for storing, processing or trading cryptocurrencies found that 77 percent contained at least two high-risk vulnerabilities.

Forty-four percent of applications contained hardcoded sensitive data such as passwords or API keys, and 17 percent were vulnerable to man-in-the-middle attacks that could expose data to interception.

It gets worse -- two thirds of the apps were sending potentially sensitive data without any encryption over HTTP, and 50 percent were sending potentially sensitive data with weak or insufficient encryption.

None of the applications had any protection against reverse engineering.