TL;DR
- Slovenia-based cryptocurrency mining marketplace NiceHash was hacked for approximately 4,700 BTC, worth roughly $68 million at the time
- The breach occurred in the early hours of December 6, with attackers accessing systems at 01:18 CET and beginning to siphon funds by 03:37
- An employee’s computer was compromised, allowing the attackers — believed to be operating outside the European Union — to steal from the platform’s Bitcoin wallet
- The incident underscores persistent vulnerabilities in cryptocurrency infrastructure as Bitcoin’s soaring price makes such targets increasingly lucrative
The cryptocurrency mining marketplace NiceHash suffered a devastating security breach on December 7, 2017, with hackers making off with approximately 4,700 Bitcoin — valued at roughly $68 million at the time of the theft. The attack represents one of the largest cryptocurrency heists of 2017 and highlights the ongoing security challenges facing digital asset platforms during a period of unprecedented market growth.
How the Attack Unfolded
According to NiceHash CEO Marko Kobal, the breach began in the early morning hours of December 6. Attackers first gained access to the company’s systems at 01:18 CET (00:18 GMT). By 03:37, the intruders — who the company believes were operating from outside the European Union — had begun systematically draining Bitcoin from NiceHash’s wallets.
The attack vector was alarmingly simple: an employee’s personal computer was compromised, providing the attackers with a foothold into NiceHash’s internal infrastructure. Once inside, the hackers were able to redirect funds to an external Bitcoin wallet address that has since been publicly identified as 1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq, containing 4,736.42 BTC.
Andrej P. Škraba, NiceHash’s head of marketing, confirmed to Reuters that approximately 4,700 BTC were lost in the attack. The company immediately shut down its platform for 24 hours and reported the incident to relevant law enforcement authorities.
Platform Overview and Impact
NiceHash operates as a mining marketplace that connects individuals with spare computing capacity to those willing to pay for it to mine cryptocurrencies. The platform essentially functions as a marketplace for hashing power, allowing users to rent computing resources for mining operations without needing to invest in their own hardware.
The timing of the hack was particularly painful for NiceHash’s user base. With Bitcoin trading at approximately $17,900 on December 7 — having more than doubled in just two weeks from below $8,000 — many users had significant balances stored on the platform. Users discovered the breach through Reddit and Twitter posts before NiceHash issued an official statement, leading to widespread frustration and panic.
CEO Kobal addressed the community via a Facebook Live broadcast, stating: “We have not abandoned you guys.” He described the forensic analysis being conducted with local and international authorities, though he declined to specify which agencies were involved. The company also had to contend with a spoof Facebook page that was set up to spread disinformation about the breach, further complicating crisis communications.
A Pattern of Crypto Security Failures
The NiceHash hack was far from an isolated incident in 2017. The broader cryptocurrency ecosystem had already experienced several major security breaches:
- Tether hack (November 2017): Nearly $31 million worth of Tether tokens were stolen from the company’s systems
- Parity wallet freeze (November 2017): A code bug in Ethereum’s Parity wallet froze over $150 million worth of Ether, preventing investors from accessing their funds
- Bithumb breach (June 2017): The South Korean exchange suffered a hack via an employee’s compromised PC
- CoinDash ICO hack (July 2017): $7 million was stolen after the company’s website was breached and its ICO wallet address altered
What makes the NiceHash incident particularly noteworthy is the relatively straightforward nature of the attack. The compromise of a single employee’s computer provided access to millions of dollars in customer funds — a reminder that even as blockchain technology itself remains secure, the centralized infrastructure built around it often is not.
Network Congestion Compounds the Crisis
The hack occurred during a period of extreme stress on both the Bitcoin and Ethereum networks. With Bitcoin’s price surge to nearly $19,000 on some exchanges, transaction volumes overwhelmed both blockchains. Major exchange Gemini temporarily suspended Bitcoin and Ether withdrawals because the probability of transactions actually processing was extremely low.
This network congestion made it even more difficult for NiceHash users to move their remaining funds to safety, and the significant price discrepancies across exchanges — Bitcoin was trading at $19,000 on Coinbase’s GDAX but only $15,499 on Bitfinex — created additional uncertainty about the true value of the stolen assets.
Why This Matters
The NiceHash hack serves as a critical case study in cryptocurrency security during bull markets. When Bitcoin’s price is surging — it had gained nearly 80% in just seven days according to CoinMarketCap data — the financial incentive for attackers grows proportionally. The incident demonstrated that platforms holding user funds must implement enterprise-grade security measures, including multi-signature wallets, hardware security modules, and rigorous employee device management policies. For the broader industry, the breach underscored the fundamental tension between the decentralized promise of blockchain technology and the centralized platforms that most users rely on to interact with it. As cryptocurrency adoption grows, the security of intermediary platforms remains one of the ecosystem’s most pressing challenges.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making investment decisions.