Even though I lost ~$500 here and I'm sure others lost many more, the biggest bummer here is that NiceHash is/was a great idea and service that will be forever tarnished.
They might very well be in possession of the 950k but have lost the private key to spend those funds. It looks like in recent days they regained control of 200k BTC, so perhaps they've recovered a key or two?
I sure wish they would make a statement soon because if it was in fact the case that they recovered a large portion of their BTC, that would go a long way to bolstering faith in BitCoin itself, whose brand they totally damaged by blaming transaction malleability in the first place.
They owed me (edit: was myself) ~USD100 , being a week or so away from payout. I'm only mining to an external address - so that's only lost if they go out of business then I guess? Didn't like the thought of mining to their own wallets after trying it once before.
I hope they recover. I really like their software.
I lost about $20 in the hack. They claim they have a plan to pay me back, but we will see. Like I mentioned above they have paid me for my mining since the hack so I trust them enough. I would probably switch to a new service if there was one as easy to use as nicehash.
Seems a little premature to point at the blockchain and say "STOLEN!". Most people won't be able to make much sense of that. The whole situation is complicated.
tl;dr: For a week or so, many users have been unable to withdraw BTC from Sheep. Admins have been claiming technical problems as they try and implement an automatic tumbler (money laundry to obfuscate transactions) - which (conveniently) could be claimed as a legit reason for all the huge transfer activity seen in the blockchain. They implemented a countdown timer for withdrawals, which for many users and vendors has now counted down to 0, yet withdrawals still aren't happening. They've set a minimum withdrawal amount of 1BTC, which given the insane price of BTC right now seems really outrageous.
Most damning, several vendors who are admins, moderators, or closely affiliated with admins, are reported to have suddenly started doing something which is very frequently seen in drug market cons: Offering far larger quantities than they ever have before, at unusually low prices (50% or less than their previous pricing), and requiring FE (immediate and upfront release of funds to them rather than going through escrow). Frequently done to rope in the maximum amount of hopeful suckers before bailing with the money.
The market is still up and running right now, although their forums are down with this message: "We are enabling a spam filter for the forums, as the number of posts had got out of control. We will be enabling the forum once this is in place. Please try to stay calm. This is a temporary measure, and we will keep everybody updated when we have further information".
Apparently they were the ones moving the famous transaction of 200k bitcoins. So, yes, for them this breach could look like: "Meh, we've lost some pennies".
...and funny you ask because a commenter just posted on my blog that Sheep Market Place was scammed out of $40 million in BTC which is a possible cause of all the selling:
VeriCoin did something similar when MintPal was hacked. They rolled back the blockchain prior to the heist. Now it's a shadow of itself, and MintPal is dead.
4100 BTC = 1.1 mil USD at current prices.
These Bitcoins were stolen from website's "hot wallet" (every shared wallet has to operate one to process current withdrawals). This hot wallet was probably too hot though, as it seems that they had most of their coins online, and only about one third offline (other services claim to store 80-90% offline). According to postings on Bitcointalk.org forums people are getting back partial refunds. One person claimed to receive 37% of his balance back [1].
UPDATE: Correction - according to [4] it seems that almost all funds were stoled in the hot wallet, and the hacker was "nice" enough to not steal it all at once, presumably to stay undetected and come back for more. I'm not sure if I buy this argument though.
Also, according to the owners the hack occurred on 26th October [2]. It may be possible that if you deposited funds after that date you will receive full refund, as they should still be on their wallets. Unless hackers took that too.
UPDATE: Also according to [4] the funds that were being deposited after 26th were being withdrawn at the same time by other users. So they're as gone as the ones from before 26th. You will be refunded in full only if you deposited very recently.
This whole situation (and a bunch of previous ones) is also why at Bitalo [3], we are developing an exchange which will not have this problem, as we use multi-signature addressees to store the coins. This means that you need two signatures to spend funds - one from us, and second one from the user. We also never transmit users password over the wire, as we use SRP protocol for authentication.
In unrelated news, China just passed 1800 CNY per BTC :). I wonder how's the security status of chinese exchanges/wallets. Unfortunately I don't know the language, so can't test that.
Before it was the widespread hacking that resulted in Bitcoins being stolen. And users were never told exactly what happened and what was done about it.
People have every right to expect the worse with a company with a track record as poor as Linodes.
reply