NiceHash, a crypto currency exchange, has gone offline. Its web site says it simply” “Service Unavailable” followed by the following press release:
“Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours.
“Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.
“Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.
“We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity.
“We would not exist without our devoted buyers and miners all around the globe. We understand that you will have a lot of questions, and we ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service. We will endeavour to update you at regular intervals.
“While the full scope of what happened is not yet known, we recommend, as a precaution, that you change your online passwords.
“We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible.”
Founder Marko Kobal ‘explained’ more in a video posted on Facebook.
It appears that NiceHash held some 4700 Bitcoins. These are now are missing, presumably ‘abstracted by some nefarious third party.
Depending on the value of Bitcoin, which hit a new peak of over $17k overnight, it means some $79.9 million no longer belongs to the owners who thought their crypto-currency wallets secure. Not a comforting thought.
What does this mean
While the disappearance, presumably stolen, of the Bitcoins appears to be a crime this is not the real issue. Surrounding all cryptocurrencies and their wallets is the issue of ownership and with that the concept of ‘Caveat Dominus’ (owner beware).
To put this into immediate perspective, consider this question on a forum: “So I’ve got an Android phone running Mycelium wallet. The phone in encrypted using the built in Android encrypt phone option. It is protected with a relatively complex swipe pattern. Mycelium is protected by a PIN number. How secure is my BTC if the phone is lost or stolen? Can someone potentially retrieve my private key? How about if they managed to guess the swipe code – what then? Mycelium doesn’t appear to have a PIN try lockout so I’m thinking that PIN code isn’t going to protect it against a determined attacker and is the PIN even securely encrypted?”
Within this there are two further issues, both concerning access to the phone. The first has to do with access to the wallet and therefore the ability to use whatever cryptocurrency exists in that wallet. Implicit in this, and this applies to all cryptocurrencies, is that if you no longer have wallet access, then you ‘lose’ your cryptocurrency. The value has not gone. But the gold coin you buried in the back garden for safety but cannot find is just as useless (or valueless).
The second is more fundamental. It has to do with the phone. If you lose the phone (or laptop) or, as reported elsewhere, reformat the phone (or laptop) before (say) selling it and without remembering the cryptocurrency wallet on board, say goodbye to your cryptocurrrency.
Imagine you have one Bitcoin in that wallet and you sell that refomatted phone or laptop for US$100, then you may have kissed goodbye to US$15K. Not a good return.
Thus, for all cryptocurrency wallets it is ‘Caveat Dominus’ which must apply. Failure to do observe this has a price.