
Hackers Steal $70M in Bitcoin - Titler
http://time.com/money/5053744/hackers-steal-bitcoin-nicehash/?utm_campaign=time&utm_source=twitter.com&utm_medium=social&xid=time_socialflow_twitter
======
rafiki6
How is it that this can't be prevented by the Bitcoin network? The network
should be able to mark coins stolen and unusable...oh wait it can't. Because
in order to do that you'd need a trusted third party to verify the coins were
stolen defeating the purpose of a distributed ledger that doesn't require
third party trust. Yet another shortcoming of trying to replicate cash.

~~~
Scarbutt
If someone stoles cash from you, how do you mark that cash as stolen?

~~~
murph-almighty
FWIW banks will record serial numbers of bills that go missing after a
robbery.

~~~
refurb
Is that actually true? I've heard it as well, but it seems like an impossible
task for a bank.

Are they scanning all the bills that come in? Which bills are in which
teller's drawer? I doubt it.

If they received new bills in sequential order from the mint and had them
stolen, I could see how they would know the numbers. But then again, what's
the point? Your average business isn't going to scan numbers, so by the time
the bills pop up again, you have no idea the path they took.

I've heard that serial numbers from ransom money would be recorded. That makes
a bit more sense as they are one-time events and there is value in knowing if
you find money it came via the ransom.

~~~
enraged_camel
Yes, bills are scanned and the system checks to see if they are marked as
stolen.

~~~
glenneroo
Is that why small bills are preferred? Because they are less likely to be
scanned? Or is another Hollywood fallacy that I've come to believe?

------
Tharkun
Tangent: why refer to these people as "hackers" and not
"thieves"/"criminals"/" embezzlers"/...?

~~~
chickenfries
Because until very recently that is what hacker meant to regular people:
"someone who bypasses computer security, usually to commit a crime"

~~~
jwilk
"Until very recently"? So what does it mean now to regular people?

~~~
yks
It is used as a synonym of "doer" or "builder" but in the software/internet
related industries, e.g. this website. Which is a bit strange since "to hack"
doesn't carry good connotations, neither a "hacker" in the original sense.

~~~
chickenfries
Similarly there is now this term "maker" which I find... ridiculous, to be
honest. Are carpenters "makers?" What about electricians? Plumbers? Why does
"maker" seem to imply a nerd with an Arduino or a 3d printer?

------
nikkwong
Can someone walk me through how this happens from a technical perspective?
Nicehash must keep their PK at some "super secret place" so they can sign
transactions out to their miners. In an ideal situation that PK is unreachable
even in a security breach—but if it's not well guarded enough then once that
PK is found the floodgates are open. Is that correct? Also, from a technical
perspective why would a pool keep so much BTC in a hot wallet? Shouldn't they
be constantly distributing rewards out to miners, and just pocketing a % them
selves which (you'd assume) they'd move to cold storage?

~~~
stouset
Fundamentally, it is difficult to protect 256 bits of information from a
highly motivated attacker.

You can make it more difficult by using things like cold wallets with Shamir
Secret Sharing schemes, but $70m of seemingly untraceable assets is an
attractive target. Even if you require a quorum of ten people to access the
cold wallet, that’s still $10m per person if split amongst themselves.

And someone has to build that system in a trustworthy way in the first place.

------
guelo
Maybe they were hacked, maybe the owners stole it, you'll never know. And no
one really knows the wallet of the mined coins so they can't really be traced
outside of the company.

------
rokhayakebe
Can someone explain how is it possible to steal Bitcoin if every transaction
is recorded in a public ledger? Does not every bitcoin have its own signature
which allows you to track its movement? New to this.

~~~
misja111
Yes it is possible to check the history of a Bitcoin and see that it has been
stolen. Provided that you take the effort to do that.

This is no different than when a bank is robbed and banknotes are stolen. The
bank might have written down the numbers of the banknotes and those can be
published. But most shops won't check those when somebody buys something.

~~~
BearGoesChirp
With bitcoins, it is easier to track the notes, but it is also easier to get
rid of the association if you find someone willing to clean them for you.

Say I steal 10 bitcoins from you. I go to someone who cleans bitcoins for a
cost of 10%. I send them 10 bitcoins, and they send 1 bitcoin to 9 different
wallets (keeping the 10th as payment). That alone would allow you to still
track it. But now add in thousands of other people sending them bitcoins on
the same day, and some random pauses as to when they send the bitcoins to
other wallets, and you are no longer able to tell which bitcoins in are
associated with which bitcoins out.

Now, do you just get businesses to stop doing business with anyone (any
wallet) that has ever received bit coins from the mixer? And there are many
mixers out there.

And this is still simplified. You can be governments are monitoring and
running statistical analysis on those mixers to try to find people laundering
bitcoins associated with especially bad things. I'd even guess some of the
bitcoin laundering operations are ran by governments in an attempt to better
track the flow of bitcoins.

~~~
skybrian
Not doing business with mixers: wow, what an interesting way to stir up
trouble! Someone should create a service to distinguish "legit" from "tainted"
Bitcoin. Let's see if Gresham's law applies so 1 bitcoin is no longer 1
bitcoin. What would the other exchanges do if one of them started trading
these separately?

~~~
sowbug
It's important to distinguish two issues: (1) whether the currency is usable
as currency and (2) whether there are forensic clues enabling law enforcement
to identify criminals. They're completely separate questions.

The value of a dollar bill is the same whether it was used in a crime. But if
it has some ink on it, it might provide evidence that the person holding it
robbed a bank. The ink doesn't keep the dollar from being usable.

It has to be this way. Otherwise money simply gets taken out of circulation,
and people participating in the economy have to worry about whether money is
money.

More:
[https://www.reddit.com/r/Bitcoin/comments/1qomqt/what_a_land...](https://www.reddit.com/r/Bitcoin/comments/1qomqt/what_a_landmark_legal_case_from_mid1700s_scotland/)

------
Bob2019
It's like MMORPG currency only more imaginary.

~~~
always_good
Whoa, edgy!

~~~
dnate
It is truly astonishing how salty the hacker news community is about BTX

~~~
Jach
I don't know, I'd probably be pretty salty too if I'd known of bitcoin for
years, never bought any because I kept predicting its demise / uselessness,
and was continuously made wrong by reality. This meme shouldn't make me laugh
but seems fitting...
[https://pbs.twimg.com/media/DQfNIzNVAAETVOB?format=jpg&name=...](https://pbs.twimg.com/media/DQfNIzNVAAETVOB?format=jpg&name=900x900)

------
lee101
Response from BitBank.nz [http://blog.bitbank.nz/nicehash-hacked-62m-bitcoins-
gone-2/](http://blog.bitbank.nz/nicehash-hacked-62m-bitcoins-gone-2/) idk what
its worth now probably 100m atleast lol

------
bufferoverflow
What really pisses me off is how it got handled by NiceHash:

 _Alex Zvyozdny: Many of you already know that the site reddit spread
information about the alleged hacking of our service. We hasten to assure
everyone that your bitcoins are safe and sound. And we are the largest pool in
the CIS countries are not going to close, but rather increase our presence in
the regions. In connection with the increased number of those wishing to mine
the crypto currency at our sites, as well as rent or lease capacities for
mining, we conduct PLANNED technical works, which are to be completed on
Friday morning. From December 8, the service will work in the standard mode.
Since this is the most massive update in the last two years, we have indeed
suspended all Bitcoin payments, and the funds were taken to a safe place.
After the works - everything will be returned to their places. Please do not
panic! Sincerely yours, NiceHash._

~~~
mizzack
Can you source that quote? I only see instances of that in various comments on
reddit/facebook posts, none from any official NiceHash account.

Gonna call fake news on that quote until proven otherwise. Lots of
trolls/disinfo out there about this. e.g.
[https://www.facebook.com/NiceHashSupport](https://www.facebook.com/NiceHashSupport)

That said, these guys probably exit scammed.

~~~
bufferoverflow
It's not fake, it was posted on FB, and then deleted when the truth finally
came out.

------
patsmith
Take your best guess when Bitcoin will fall of the cliff:
[https://twitter.com/BitcoinPlunge](https://twitter.com/BitcoinPlunge)

------
drngdds
Is there/can there be any proof that this wasn't an inside job by someone at
Nicehash who just wanted $70M of Bitcoins?

------
ece
another day...

