In the last 24 – 36 hours there have been numerous reports of nicehash.com being breached and reportedly 70 million dollars worth of Bitcoin stolen. There have been few details of how this hack happened although what didn’t help the site was that the majority of bitcoin being mined through their site was being deposited into one single wallet.
While nicehash has not come out and said how the hack occurred there are a couple of obvious security measures that weren’t being followed, firstly nicehash offered 2FA but it wasn’t on by default. 2FA or Two factor authentication would of allowed a user to login with their username and password and verify their identity by sms message or some other token generated authentication i.e google authenticator. This 2FA logon practice has been standard for many exchanges for as long as I have been buying crypto. I read another reddit thread today that also mentioned that 2FA wasn’t used for transfers out of wallets which would of been how the hackers were able to transfer the amount of bitcoin to their wallet.
The other thing that they could of done was generate a large secret password for their clients to use – Steemcreate does this and a similar practice could of been taken in order to identify users of nicehash, this would of avoided users from using their email address or common username as a logon username and their password they use everywhere else for the logon password.
How I think it was hacked
A hacker preparing to attack this site most likely researched the top brass (executives) or system administrators of this site, found their names and email addresses, most of this would be fairly easy using rudimentary google searches, facebook searches and other social media platforms. Once they have their email addresses they could go to any number of the large breaches in the past few years and search for their email address and password. It is well known that most people use the same username and password combination across multiple sites. Once they have found a high enough person inside of Nicehash.com they would of logged in and transferred the BTC from the wallet to their own wallet. The reason I think this is the most likely reason is that Mt Gox was hacked in almost exactly the same way back in 2011. From the wikipedia article on Mt Gox:
“On 19 June 2011, a security breach of the Mt. Gox bitcoin exchange caused the nominal price of a bitcoin to fraudulently drop to one cent on the Mt. Gox exchange, after a hacker allegedly used credentials from a Mt. Gox auditor’s compromised computer to transfer a large number of bitcoins illegally to himself.”