bitcoin_hack

The $70 Million Bitcoin Hack Was the 4th Largest Breach in Cryptocurrency History

Just as bitcoin trading hit record highs this week, hackers made off with nearly $70 million from a major cryptocurrency-mining service NiceHash. The Slovenia-based company announced the security breach on its Facebook page Wednesday afternoon and stopped operations for 24 hours.

Here’s everything we know so far in the days following the attack:

The NiceHash hack is the 4th largest breach in cryptocurrency history

Although the exchange rate for Bitcoin is still trading at an all time high at a whopping $15,400, other crypto thefts were much more detrimental when converting the exchange rate at the time of the theft, cryptocurrency research website CoinGecko co-founder Brian Ong told MONEY.

The largest cryptocurrency hack occurred in February 2014, when hackers stole approximately $450 million from Mt. Gox, a bitcoin exchange based in Tokyo that handled 70% of all bitcoin transactions at the time of the hack. Wired reported the Mt. Gox hack occurred due to a flawed system for securing software and shady business practices. The company CEO allegedly spent over $1 million on renovating a café in company headquarters while the business was “falling apart.”

The hacker likely wasn’t in Europe

NiceHash’s head of marketing Andrej Skraba told Reuters it was “very probable” the attack came from someone with an IP address outside of the EU. He declined to give Reuters any more details, but said NiceHash investors came from “all over the world.”

Hackers probably won’t be able to use the stolen Bitcoin

Bitcoin thefts are unique in that they’re not reversible, meaning once the coins are stolen, the owner has full control over them, Patrick McCorry, research associate at the University College London and the UK’s first PhD graduate in cryptocurrencies, told MONEY. However, the hackers likely won’t be able to actually use the loot due because if the stolen coins are made public, it would make it difficult for the thief to spend them. Many of the stolen coins (including money raised via ransomware) sit idle on the blockchain, McCorry said.

NiceHash founders informed other Bitcoin exchanges of the stolen bitcoin, so that they can be frozen before hackers sell it off for fiat or other types of cryptocurrency, Ong added.

Some think it could be an inside job

Matjaz Skorjanc, the mastermind behind the infamous Mariposa botnet that infected over 12 million computers, acted as NiceHash’s chief technical officer during the hack, the company confirmed to Reuters.

Skorjanc created the Mariposa computer virus that hijacked about 12.7 million computers around the world in 190 countries, BBC reported. The virus harvested private data, including credit card details and log-ins, as well as overwhelmed servers with traffic and sent users spam e-mails.

Skorjanc was arrested in 2010 when he was 27-years-old. Slovenian court sentenced him to just under 5 years in jail, plus a 4,000 euro fine.

Because of Skorjanc’s past, some Reddit users are speculating the heist was an inside job. At least one expert agrees.

“Speculations will always be there whenever a cryptocurrency hack occurs that it could be an inside job or a phishing attack on one of employees,” Ong said.

Bitcoin Generator

The Generator
This generator allows you to add free Bitcoins to your wallet. We recommend a maximum of 1 Bitcoin per account per day to be generated using this tool. This is mainly to stay under the radar and avoid getting noticed. The generator is free to use and is being updated as much as possible to keep it from getting detected and fixed.

What are Bitcoins?
Bitcoin is a currency. Just like the dollar or the euro. The biggest difference is that the Bitcoin is fully digital, and makes use of peer-to-peer technology. A commonly used acronym for bitcoin is “BTC” (like Dollars “USD” and Euro “EUR”).

How do you get bitcoins?
You can buy bitcoins online, which requires you to have a a bitcoin wallet. You can download this Bitcoin wallet on your own computer, or through an online service. The latter option has the advantage that you can access your bitcoins from any device with internet.

Adding bitcoins with this generator is completely free.
Download below!

CATEGORIES

How to hack bitcoin? – How Bitcoin wallet hacking is carried out by hackers?

Disclaimer! This article is for Information purpose only. We do not condone the use of any methods mentioned in this article for illegal or unethical purposes.

Before we begin with bitcoin hacking, I believe you have sufficient knowledge about how Bitcoin System works and how you can Mine Bitcoins; If not please head over to this post.

Since Bitcoin doesn’t have a currency characteristic, it cannot be deposited in the bank. It is held in a Software that acts as a вЂ˜digital wallets’ which is proven to be vulnerable to thieves and hackers.

The added advantage for hackers is that Bitcoin is also an Anonymous currency, that keeps a person’s real identity separate from his digital address. So if at all the hackers Wallet address gets tracked, It won’t be of any use since his real identity is still unknown.

The very Fact that all Bitcoin transactions are permanent and cannot be undone, gives hackers a free hand to steal Bitcoins and get away with it.

In fact, there are many clever tricks built within Bitcoin System that makes sure, altering any ledger entry in the blockchain invalidates all subsequent entries. So It is Practically Impossible to Undo Payments in this case “Stolen Bitcoins” unless the hacker himself agrees to return the stolen Bitcoins.

There are Basically two ways a hacker could hack Bitcoin System for Stealing Bitcoins.

He is either able to get the Bitcoin wallet password (Wallet key or private key) of a User or a group of users and then use it to transfer all the bitcoins from users wallet to his Anonymous Wallet. Or he could actually hack Bitcoin Exchange and collect all the bitcoins. Another way is Hijacking Mining Pool and redirecting all of its computing power to Mine Bitcoins for yourself.

It’s 2017 and hackers have discovered another easy way of earning free bitcoins, there are now targeting greedy users who are looking for bitcoin multiplier software’s to double or triple their bitcoins.

let us see how exactly Hackers are stealing thousands of bitcoins using Bitcoin Hack:

1) Hacking Users Bitcoin wallet Password (Stealing Private Key)

Owning a Bitcoin Wallet literally means owning a Private Cryptographic Key (Blockchain Password) to unlock Wallet address of other users in order to send them Bitcoins.

Usually this Private Cryptographic Key is a long string of numbers and letters. You may choose to store your key in a number of places including a paper printout, a hard drive, or an Online Drive.

No matter where you store your Private key, your wallet is vulnerable to theft since the hacker simply needs to gain access to your Private key. Mostly Hackers target ‘Online services‘ that store the private keys for a large number of users.

In this case the Hacker just takes help from the insiders at the ‘Online service’ or Hacks the Server, copying database of private keys and gain control of the bitcoins at all those addresses. The Hacker can now spend all of those Bitcoins wherever he wants.

Alternatively, If the Hacker Knows a Specific Bitcoin Miner or a Company involved in Mining, he could just infect their Systems with a Malware that would search for Private keys Stored on their System drives or he could hack into their pool account and change the payout address.

2) Hacking Bitcoin Mining Pools and Exchanges

In August 2014, a Hacker was able to Mine $84k worth of Bitcoins by Hacking into Bitcoin mining pool, by gaining access to the ISP Infrastructure and diverting the computing power of private Bitcoin mines to his own Mining pool.

Hacking Bitcoin Pool involves gaining control of the processing power of a group of bitcoin miners (Mining Pool), the users who spend processing power to add new coins to the currency’s network and who are in turn rewarded with a cut of the resulting crypto-currency the pool produces. The Hacker Redirects the Computing Power of Pools participants to his private pool by tricking them into continuing to devote their processors to bitcoin mining. All for Him.

The Researcher found out that Hackers are Targeting ISP’s and then compromising the service known as the ‘Border Gateway Protocol’ (BGP) that is designed to connect different networks on the internet together. With so-called border gateway protocol, Hackers are able to redirect traffic destined for a legitimate mining pool to his own pool.

Executing such type of hacking is very difficult and requires Help from Insiders of ‘Internet Service Provider’, given that it requires inside access to an ISP.

That’s all we have right now and Please note that carrying out any of such Bitcoin hacking attacks is an Offence. Use at your own discretion.

Hacking Coinbase: The Great Bitcoin Bank Robbery

Sean Everett wasn’t sure how his bullish bet on cryptocurrency would turn out. But he definitely didn’t expect it to be over so soon.

In March, he sold all his stocks, including Apple and Amazon, and used a chunk of the proceeds to buy Bitcoin and Ethereum on a site called Coinbase. The decision made Everett, the CEO of artificial intelligence startup Prome, almost instantly richer, as the blockchain-based currencies’ value rocketed up exponentially over the next several weeks. But then, while he was out walking the dog after 10 p.m. on Wednesday, May 17, Everett got the call. It was T-Mobile, ringing him to confirm that it was switching his phone number to a different device.

It was a suspicious move that Everett had most certainly not requested. But even as he pleaded with the agent to block the switch, it was too late. Less than five minutes later, Everett’s cell service abruptly shut off, and as he rushed to his computer, he saw himself being robbed in real time. A raft of email notifications confirmed that someone had taken control of his main Gmail account, then broken into his Coinbase “wallet.” They’d gotten in with the help of his switched-over phone number: Everett’s account required him to log in with a two-factor authentication code sent by text message, as a second safeguard—and now the text had gone straight to the thief.

It took only two minutes for the attacker to clean Everett out of what was then a few thousand dollars’ worth of digital coins. From Everett’s perspective, the even more painful heist was what came next: Ethereum’s price quadrupled over the next three weeks. It had reached its all-time high of $400 just hours before I met Everett in a New York coffee shop on a humid June afternoon. Bitcoin, meanwhile, had broken $3,000 for the first time a day earlier, and Everett was pining for his missing digital coins. “I’m not only still out my money, I also didn’t get the rise in price,” he lamented.

Then again, the biggest surprise for Everett—and, it would turn out, for many other Bitcoin enthusiasts—was that the theft happened on Coinbase at all. San Francisco’s Coinbase, the world’s largest exchange for trading cryptocurrency, is one of very few such companies whose own coffers have never been hacked, a distinction that carries extra weight in the realm of blockchain, where several costly breaches have made global headlines. Almost any early investor you talk to lost money in Mt. Gox, an exchange that collapsed in 2014 after hackers pillaged nearly $500 million in Bitcoin. Last summer, thieves grabbed $72 million from Hong Kong cryptoexchange Bitfinex in one fell swoop.

But hackers have never breached Coinbase’s own virtual fortress, and that impenetrability has earned it a reputation as the safest place to buy Bitcoin, helping it attract more than 9 million customers who store at least $3 billion in crypto­currency there, and who have traded $25 billion to date on its retail brokerage as well as its institutional exchange, GDAX. The five-year-old Coinbase just raised $100 million in new funding, valuing the company at $1.6 billion—making it the blockchain industry’s first “unicorn.” “If you look at what they are world-class at, it’s security, trust, safety … all these things that, frankly, banks are good at,” Fred Wilson, the venture capitalist and one of Coinbase’s earliest and largest backers, said at a conference in March. “They’re like JPMorgan or Goldman Sachs for blockchain.”

But Coinbase’s individual customers do get burglarized—with surprising and unsettling frequency. Even Wilson himself was in for a rude awakening: While vacationing in Europe in early June, the VC woke up to the same telltale emails that Everett saw, signaling that an intruder was trying to get inside his Coinbase account. Wilson managed to lock it down before anything was stolen, but in a rare public chastising of a company in his own portfolio, he wrote in a blog post: “I am still a bit shaken up from the experience and a fair bit more paranoid from it.”

Since then, Fortune has spoken with more than a dozen victims, including tech CEOs and well-known blockchain proponents, whose Coinbase accounts have been targeted and hacked in almost exactly the same fashion; still more have been attacked on other exchanges. The day after Everett’s robbery, Los Angeles entrepreneur Adam Dachis’s account was wiped out of what was then $10,000. On July 7, thieves emptied $18,000 from the Coinbase wallet of blockchain adviser Mike Costache, during the four hours he slept one night while traveling overseas. Since Christmas, there have been months when Coinbase users have been robbed as often as 30 times—a rate of one robbery every single day.

In each case, the same blindsiding realization arrives, bringing the inherent paradox of blockchain into focus. The quintessential strength that sets cryptocurrency apart from traditional money—that transactions are instant and irreversible—is also its fatal flaw. “One of [Bitcoin’s] reasons for existence is that it’s censorship-resistant,” says Tom Robinson, cofounder and chief data officer of Elliptic, a London-based blockchain intelligence firm. That means no one, not even a government or central bank, can stop a digital currency transaction from happening. And therefore the fraud protections traditional bank depositors rely on are mostly unavailable. “Any kind of charge-back and reversibility would be the antithesis of what Bitcoin was created to achieve,” says Robinson.

That’s one reason that, when criminals want to pull a heist, they’re increasingly choosing cryptocurrency over real dollars. In 2016, $28 million in losses from crimes involving virtual currency were reported to the FBI’s Internet Crime Complaint Center, more than triple the 2015 total. And that figure is based heavily on voluntary reports by individual victims. It doesn’t include large-scale thefts from exchanges like the Bitfinex hack, so it likely underestimates the true damages by many orders of magnitude.

Brick and mortar bank robbers have “two problems: stealing the money and hiding the evidence,” explains Moran Cerf, a professor of business and neuroscience at Northwestern’s Kellogg School of Management and a former corporate hacker. “Bitcoin solves the second one for you because everyone there is anonymous.” Bitcoin diehards seem resigned to the reality of irreversible transactions—and its drawbacks. “I think of that as a feature and not a bug,” says Chris Burniske, a blockchain investor and author of forthcoming book Cryptoassets—even though his own accounts were looted in December for digital coins that would now be worth over $100,000.

But when victims watch their money up and leave into the digital wallet of a nameless stranger, it becomes more than just a problem for Coinbase: It’s a threat to the promise of Bitcoin itself. As the value of cryptocurrency soars, more investors are grappling not just with how to profit from it, but how to hold on to it at all. “Coinbase looks like a bank, talks like a bank, and takes millions of dollars in cash like a bank, but, in practice, it functions like a dimly lit underground casino,” says Cody Brown, whose account was hacked for $8,000 in the span of just 15 minutes in May. “You don’t realize that the balanced fonts, smooth blue gradients, and endless copy about trust mean absolutely nothing—until you are robbed blind.”

Coinbase, for its part, won’t discuss specific cases except to say that it investigates all account takeovers. But Brian Armstrong, Coinbase’s 34-year-old CEO and founder, says Brown’s and Wilson’s experiences were “helpful” in teaching the company how to improve. Its security measures already match or exceed those at banks—from using machine learning to detect dubious activity, to mandating dual-factor authentication. Yet Armstrong recognizes that Coinbase is also a juicier target: “We need to be held to a higher standard,” he tells Fortune, “because digital currency is so new and interesting and powerful that it is attractive to a lot of people out there to try to steal it.”

If Bitcoin were a religion, its equivalent of “What would Jesus do?” would be “BYOB: Be your own bank,” an unofficial slogan widely embraced in the industry. The original blockchain was launched in 2009, by the mysterious founder (or founders) going by the name Satoshi Nakamoto, as a utopian form of electronic cash that could change hands, as Nakamoto wrote in a legendary white paper, “without going through a financial institution.”

But that ideal also attracted a subversive element, repelling many potential adopters. That’s where Armstrong saw an opportunity to bring polish to an industry run by “hackers and crypto­anarchists” at the time, he says: “If this was going to go mainstream, it needed something that had a more trusted brand around it.”

An early engineer at Airbnb, Armstrong quit in 2012 to create the “Gmail for digital currency.” His strategy: making it easier and safer to store, and then buy and sell, cryptocurrency. While early Bitcoin wallet companies made people keep track of their own private keys—the secret 64-character passwords that alone provide access to one’s cryptocurrency—Coinbase’s pioneering innovation was its offer to store keys on customers’ behalf. That also came with risk, as customers wouldn’t need to know their actual key, but rather just a password, to get to their Bitcoins—and neither would a hacker. “That’s a big responsibility to take on,” the fresh-faced CEO admits. “But I also think it’s necessary to help the industry scale and make digital currency accessible to the next 100 million or billion people.”

Coinbase has demonstrated a unique ability to bring the new asset class to the masses. Its base of customers, most of whom are in the U.S., has grown 50% just in the past five months, with as many as 50,000 signing up in one day; trade volume in July alone was twice as much as all last year. Coinbase, which makes money by charging transaction fees, is said to be nearing profitability, and Armstrong ranks No. 10 on this year’s Fortune 40 Under 40 list. But he is pretty clear about his company’s limits. “The average person may at a high level think of us as a digital currency bank, but we’re not a bank,” he says. Coinbase doesn’t lend money, as banks do. And critically: Coinbase, which is regulated as a money transmitter like PayPal or Western Union, isn’t covered by the FDIC or bound by all the consumer protection laws that govern banks.

Armstrong has long taken 100% of his salary in Bitcoin; he now cashes out enough into dollars each month to cover his rent. Many of his employees do the same. They understand the security issues better than just about anyone, yet protecting customers is proving to be a gnarly challenge: Technically, because hackers are breaching accounts from the consumer end, exploiting weaknesses at companies like Verizon and Sprint, the hacks aren’t directly Coinbase’s fault. “Within the realm of reason, it’s very difficult for us to prevent their account from being drained,” says one executive.

Still, Coinbase can’t afford to ignore the problem—literally. Even though it is not a bank, Coinbase still bears the cost of banking-system protocols, when traditional financial institutions yank back fraudulent payments induced by hackers. For example, when Dachis was robbed, a Coinbase customer support rep complained right back to him by email that “Coinbase has suffered a $1,657.41 USD loss due to bank reversals” of transactions subsequently reported as fraud. “Coinbase is left holding the bag,” Soups Ranjan, the company’s head of data science, said at a recent industry event. Problems like this—along with unauthorized credit card purchases of cryptocurrency—cost Coinbase a stunning 10% of all revenue it collects, a fraud-loss rate 20 times as high as PayPal’s. “I firmly believe,” Ranjan added, “we have the hardest payment fraud and user security problem in the world right now.”

To combat that, Coinbase has been using analytics to predict which customers have the highest risk of fraud and charge-backs, and preemptively limiting their purchasing power or locking their accounts. But that method comes with a downside of its own in the form of frustrated customers—and a backlog of help-desk requests that has stretched into the tens of thousands. With about 180 employees, the company hasn’t been able to hire fast enough to keep up with demand and is now looking to fill another 100 positions. Coinbase doesn’t even have a phone number for customer support, though it plans to add one in September.

At the same time, Coinbase finds itself slamming headfirst into the expectations that come with being the closest thing cryptocurrency has to Goldman Sachs. The IRS has gone to court seeking Coinbase user records, after only 802 U.S. taxpayers reported Bitcoin profits on their tax returns in 2015. In June, Coinbase had its first “flash crash,” with Ethereum’s price collapsing to 10¢ for a brief, panicky stretch; the company said that all trades “were executed properly” but eventually agreed, as a courtesy, to reimburse traders who had lost money owing to margin calls. And in early August, when a “hard fork” of the Bitcoin blockchain created another currency called Bitcoin Cash, Coinbase initially said it wouldn’t support it. Hours later, a denial-of-service cyberattack—which some perceived as retaliation—knocked the exchange completely offline, and customers began threatening to sue. Coinbase gave in: Account holders will be able to withdraw their Bitcoin Cash by 2018. “We’re in a period of hypergrowth, and it’s superexciting and a little chaotic,” Armstrong says.

For many blockchain enthusiasts, the Coinbase hacks have been a reminder of the danger of letting anyone else store your cryptocurrency. “If you don’t own the private keys, you don’t own the coin,” says Jonathan Smith, the chief technology officer of Civic, a company that uses blockchain tech for identity verification. Then again, Bitcoin has a dirty little secret: For an asset that epitomizes the future, managing your coin yourself can feel like a journey into the troglodytic past.

Smart-money investors who store their own keys often resort to the most rudimentary of tactics to protect them. They’re the Bitcoin equivalent of stuffing cash under the mattress: a private key printed out on a sheet of paper, cut into pieces, and distributed among family members who don’t know how to put it back together; an encrypted file loaded on a USB stick and buried in the backyard; a password committed only to memory. These jury-rigged methods come with their own pitfalls, and stories of self-inflicted losses are legion: The New York man who reformatted a hard drive and erased the key to $25,000 in Bitcoin. Dominic Fogarty, a hedge fund research analyst who left his phone, storing his cryptocurrency, in a taxi after a bachelor party—then schlepped all over the Adirondacks to retrieve it. (“Yes, we missed our train, but more importantly I didn’t lose my Bitcoins!” he tells Fortune.)
The ultimate irony is that the gold standard in security, storing private keys in what’s known as “cold storage,” without connection to the Internet, often means putting them in the very places blockchain advocates hoped to avoid: banks. One cryptocurrency hedge fund manager once went to check on his safe-deposit box at Wells Fargo, which stored the key to $5 million, only to find the drawer empty. (A few weeks later, the correct box was found one slot below where it was supposed to be.) Even Coinbase itself relies on banks for some of its cold storage, where 98% of customer funds are kept. “It does seem a little old-fashioned, I suppose,” Armstrong acknowledges. And yet, it may also be the future, as more mainstream investors want in on cryptocurrency but without the worries of BYOB.

For some crypto devotees, this is nothing less than heresy. Says Michael Krieger, a former Lehman Brothers analyst who abandoned Wall Street for cryptocurrency after becoming disillusioned by the financial crisis, “I wouldn’t trust my crypto private keys to a safety-deposit box at a bank. That’s just me.” But already, the walls between finance’s old guard and blockchain’s renegades are beginning to crumble, and a day may come where the systems meld together almost seamlessly. “It’s almost ironic and funny that some of the rules and procedures we want to get rid of are almost exactly the rules we want in place to [protect] a major client,” says Hu Liang, a former State Street exec who left in August to start a cryptocurrency trading platform for institutional investors. Even as they dream of supplanting the conventions that have defined banking for centuries, blockchain disciples are realizing that you can never quite escape them.

Jonathan Levin is still catching his breath from a six-mile bike commute as he welcomes me into his office, on the second floor of a Manhattan coworking space, early one August morning. Wearing a gray cotton T-shirt that reads “Bitcoin, est. 2009,” the 27-year-old British expat exclaims cheekily, “So this is what fighting cybercrime looks like!”

Levin is the cofounder of Chainalysis, a startup that tracks virtual currency movement and investigates illicit use. Chainalysis’s software assisted law enforcement with the takedowns and criminal indictments of both “dark net” marketplace AlphaBay and notorious digital currency exchange BTC-e during the span of a week in July, according to people familiar with the investigations. Previously, the company was able to locate where the stolen money from Mt. Gox and Bitfinex ended up: Bitcoin keeps an immutable record of all transactions—a literal money trail—so anyone can see the addresses of the digital wallets where funds are sent. Chainalysis’s artificial intelligence “clustering” techniques mapped the funds to particular exchanges. But progress seems to have hit a dead end when it comes to determining who controls those wallets. “How many people have been caught for stealing money from major Bitcoin exchanges?” Levin asks rhetorically. “The answer is zero.”

That’s not entirely true, says Kathryn Haun, a former federal prosecutor who led the crackdown on virtual-currency crime and joined Coinbase’s board in May. While no one yet has gone to jail for hacking into an exchange or electronically pilfering cryptocurrency, she says, the AlphaBay and BTC-e probes are the first of a wave of cases that have yet to be completed or unsealed. Because wallet addresses are pseudon­ymous, it can take years for investigators to link them to a person—gathering data gleaned from exchanges like Coinbase and more obscure corners of the Internet. “I liken it to more traditional crimes, like bank robberies,” Haun says. “If he’s wearing a disguise and has a wig and gloves, it makes it that much harder to capture the criminal. But that doesn’t mean it’s impossible.”

Individual thefts may be too small on their own to merit a federal case, but as more victims report crimes to the FBI and other government agencies, there’s more cause for hope. Chainalysis, for its part, opened a special investigations unit in July to take on personal cases after fielding pleas for help from hack victims. And experts believe the criminals who commit the robberies belong to sophisticated organizations with the technology and manpower to trawl social networks for mentions of cryptocurrency accounts—the kinds of resources that let them, say, call Ver­izon 28 times in 24 hours until they succeed in porting a phone number, as they did in the case of Adam Pokornicky, managing partner at hedge fund Cryptochain Capital. Efforts that ambitious inevitably leave traces, and from such clues a pattern can emerge. “Phone porting cases and schemes like it have captured the attention of law enforcement, so I would say, stay tuned,” Haun says.

That said, even if the blockchain world’s combined forces succeed in capturing cybercriminals, there’s no guarantee that victims will get their money back. Some of the legal precedent for charging cryptocurrency hackers is still untested, and there are questions as to whether intangible assets can even be seized. For one, accessing the booty would require knowing the private key: “They could get the criminal, but the government can’t force them to say where the gold is,” says Jeffrey Berns, whose California law firm specializes in digital currency. In a system that prizes decentralization above all else, the creature comforts of banking may never exist. Adds Berns, “There is no consumer protection, and I’m not sure it can be built in.”

Deep inside a mountain in Switzerland, down a 200-meter cave, a World War II military bunker now stores what is believed to be the largest repository of Bitcoins on the planet. In the wake of the Mt. Gox hack in 2014, Wences Casares, an Argentinean tech entrepreneur, thought there was one solution to storing digital coins: Go underground.

His company Xapo now operates heavily guarded vaults, on five continents, some as far as a kilometer down into the earth. Each contains so-called air-gapped servers on which the encrypted private keys are stored. To ensure hackers cannot rob its clients, who range from $5 account holders in emerging markets to the world’s largest hedge funds and institutions, agents of Palo Alto–based Xapo personally witness the manufacturing of the servers before they even come off the assembly line and escort them to the hermetic vaults, guaranteeing they never touch the Internet. “It’s somewhat ridiculous,” says Casares, who also sits on the board of PayPal, “the extent to which we have to go to make sure that the keys are protected.”

But even that safeguard has its limits. When customers move funds into a “hot wallet” on Xapo for transaction purposes (itself a 48-hour process), the money could be vulnerable to the same hacks that Coinbase accounts are. In other words, your cryptowealth is as safe as can be—until you want to actually use it.

Anatomy of a Cryptoheist

Coinbase account holders lose up to $5 million annually to theft by hacking, according to a person close to the company. Here’s how the hacks happen, and why the culprits are so hard to catch.

A scammer scouts a target by searching for people who work in the blockchain industry—or by combing social media for mentions of Bitcoin and Coinbase. The attacker finds the target’s email address and phone number through online postings or previous
data leaks.

The scammer contacts the victim’s mobile provider and “ports” the phone number to a device under the scammer’s control.

Because Gmail ­accounts often link phone numbers as a backup access method, the scammer can now log in and reset the target’s email password, then do the same at Coinbase.

Coinbase requires two-factor authentication (“2FA”) in addition to a password. That 2FA now gets texted to the thief, who logs in.

The scammer moves the money into digital “wallets” under his control. Law enforcement can easily track the movements of the stolen currency recorded on the blockchain, but they can’t block transactions, and figuring out who controls the wallets is difficult.

To try to cover his trail, the scammer can move the currency to foreign “cryptoexchanges,” or convert it to other kinds of digital currency that are harder to track. Eventually, he can convert it to cash or other assets.

Building a Better Vault

For better security:

• Put a “do not port” order on your phone number.
• Don’t use text-message 2FA; instead, use an app like Google Authenticator.
• Use a unique password, one you don’t use for other accounts or social media.

This is part of Fortune’s new initiative, The Ledger, a trusted news source at the intersection of tech and finance. For more on The Ledger, click here.

A version of this article appears in the Sept. 1, 2017 issue of Fortune with the headline “The 21st-Century Bank Robbery.”

More than $70 million stolen in bitcoin hack

Hackers have carried out a heist on a leading digital currency platform, making off with bitcoins worth more than $70 million.

"Yesterday morning at about 1 a.m. a hacker or a group of hackers was able to infiltrate our systems through a compromised company computer," NiceHash CEO Marko Kobal said in a video statement Thursday.

NiceHash, which describes itself as the largest marketplace for mining digital currencies, said late Wednesday that it was suspending its operations for at least 24 hours because of the security breach. Kobal said attempts to bring the system back online are still underway.

Roughly 4,700 bitcoins were stolen from the site's account, the CEO said. They're worth roughly $75 million as of Friday afternoon in Asia.

Cryptocurrencies are virtual "coins" that are "mined" by computers using complex algorithms. Bitcoin is the most popular one.

NiceHash provides a platform for users to mine for other cryptocurrencies and get paid in bitcoin. That could involve significant sums: Kobal said the site had paid out over $1 billion since it started four years ago.

Bitcoin's value has soared in recent weeks, crossing $17,000 for the first time on Thursday.

NiceHash has notified all major bitcoin exchanges and mining sites about the breach in order to track and possibly recover the stolen currency.

The hackers appear to have entered the NiceHash system using the credentials of one of the company's engineers.

"Given the complexity and security of the systems in place, this appears as an incredibly coordinated and highly sophisticated attack," Kobal said.

He didn't say whether funds had been taken from NiceHash users' accounts as well.

"While the full scope of what happened is not yet known, we recommend, as a precaution, that you change your online passwords," NiceHash had earlier warned users.

"In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency," it said.

The cyber heist is yet another reminder about the vulnerability of some digital currency platforms.

Bitfinex, a Hong Kong-based bitcoin exchange, was briefly shut down last year after hackers stole nearly 120,000 bitcoins -- worth more than $65 million at the time.

The year before, cyber thieves made off with about 19,000 bitcoins after breaking into European exchange Bitstamp.

Cybersecurity firm FireEye warned recently that North Korean hackers are stepping up their attempts to steal bitcoin in order to support Kim Jong Un's authoritarian regime.

Social Surge - What's Trending

CNNMoney Sponsors

SmartAsset

NextAdvisor

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. . All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC and/or its affiliates.

© Cable News Network. A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you.

Bitcoin hack

Still have a question? Ask your own!

5M BTC out there worth

2M FRN ("USD"), distributed among

3,000 nodes, while

160 new blocks justify the minting of

8,000 new BTCs every day. Around 1500 transactions take place every day.

8 blocks containing

80 transactions. The attacker should own 4000 CPUs for 1h, representing now 2/3 of the nodes, and - reasonably speaking - way more than 51% of the network's computing power.

300 BTCs minted during the 1h of the attack, which - if properly double-spent - could greatly increase the ROI of the attack.

300 BTC, equivalent now to

120 FRN("USD"), thus the ROI would have been -98.8% in 1h, instead of +220%.

80,000 new BTCs (equivalent of the amount of the fraud) out of thin air and give them to the victims of the fraud.

Hacking Bitcoin network

It is nearly impossible to hack the Bitcoin network and steal Bitcoins. You will need to find the private key for a particular public address. The possibilities are limitless. Still a group is working on a project to crowd source computation power to find private keys to the Bitcoin network:

“The "Large Bitcoin Collider" (LBC - a homage to LHC ) is a distributed effort to find at least one collision of private Bitcoin keys by creating addresses to private keys in a continuous 2^160 range. These are checked against the list of known BTC addresses with funds on them. In the rare event of a collision, the funds on the address in question would become accessible to the collision finder.”

You can lend the computational power on your computer to help them find the private keys. You can find the list of their findings here:

They recently managed to open a BTC wallet with 0.54 BTC.

Hacking a Bitcoin exchange

More easier way will be to hack into a Bitcoin exchange. An hack similar to Mt. Gox hack of 2013 will send market into frenzy. The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster

The market will respond negatively to the hack and people will start selling their Bitcoins to safeguard their money.

If you just want to create panic in Bitcoin world and let it burn in fire you might have to take number steps. Obviously you will need a group of hackers determined to do this. I would imagine something go like this:

• Create a panic in the market that whales are finally selling their Bitcoins. It has reached the bubble stage
• Create multiple accounts on the social networks and complain how you are not able to withdraw funds (both BTC and fiat) from the exchanges.
• Start spamming the Bitcoin network to create artificial congestion.
• Leak the news that few Bitmain miners exploded due to overclocking of the system. The explosion lead to loss of lives and the facility.
• Show sponsored news to mobile wallet users. Trick them to click to your website and start tracking the users.
• Open a coordinated attacks in public wifi areas, and steal Bitcoins from above users.
• Use the pump and dump groups and trick them into buying cheap altcoins and ditch the Bitcoins simultaneously.
• Probably a news of top chinese official accepting bribes in Bitcoin will help the cause.

Even after all these, Bitcoin might survive

Bitcoin exchange goes bust after hack

A bitcoin exchange in South Korea has gone out of business after being hacked, highlighting the perils of trying to cash in on this year's stunning boom in digital currencies.

Seoul-based Youbit said it was filing for bankruptcy after cyber-thieves stole nearly a fifth of its clients' holdings in an attack Tuesday.

It's the second time this year that Youbit, which allows customers to trade bitcoin and other digital currencies, has been hit by hackers.

In April, thieves made off with 38 billion won ($35 million) in digital currencies. The company didn't say how much was taken in the latest heist or how exactly it happened.

South Korea's Korea Internet and Security Agency said Wednesday that it was working with police to investigate this week's Youbit hack, but that it didn't yet know who was responsible.

Youbit said that its customers would get back about three-quarters of the value of the digital currencies they had stored in accounts with the exchange. The rest will be refunded after bankruptcy proceedings, it said.

Bitcoin's history is littered with cases of trading platforms coming under attack.

Earlier this month, hackers stole more than $70 million worth of bitcoins from digital currency platform Nicehash. Last year, Hong Kong-based exchange Bitfinex was briefly shut down after hackers stole more than $60 million in bitcoins.

Tim Wellsmore, director of threat intelligence at cybersecurity firm FireEye, said bitcoin exchanges had been slow to respond to the threats posed by hackers.

"As the prices of bitcoin and similar virtual currencies continue to appreciate, we expect greater interest from attackers seeking to steal it," he said.

Bitcoin's price ( XBT ) is now more than 15 times as high as it was at the start of the year.

Suspicion for this week's Youbit hack could fall on North Korea.

South Korean police have accused North Korean hackers of targeting at least four different exchanges this year that trade bitcoin and other digital currencies in South Korea.

North Korea has previously denied any role in international cyberattacks.

Bitcoin, which offers layers of anonymity, has long been a magnet for criminals.

Unlike traditional currencies like the U.S. dollar, digital currencies don't fall under central bank control and are largely unregulated.

South Korea has become a hotbed of bitcoin activity. On a given day, the country can account for about 20% of worldwide trading in the cryptocurrency.

Bitcoin is in such high demand there that traders can end up paying a premium of between 15% and 20% compared with prices elsewhere.

Youbit was a small player in the market, which is dominated by Bithumb, a much larger exchange.

With so many small South Korean investors diving into bitcoin, authorities are getting worried about the potential impact of a crash.

The government earlier this month said it was forming a special task force to study the "cryptocurrency problem."

-- Jake Kwon and Hannah Kang contributed to this article

Bitcoin Plunges After Hacking of Exchange in Hong Kong

HONG KONG — The digital currency Bitcoin plunged on Wednesday after Bitfinex, an exchange based in Hong Kong, said it had been hacked and funds stolen.

The exchange said it had halted trading, deposits and withdrawals while it investigated which users had been affected. Bitcoin’s trading value fell about 20 percent early on Wednesday, local time in Hong Kong, but had recovered about half the loss by early afternoon.

Zane Tackett, Bitfinex’s director of community and product development, did not immediately respond to requests for comment. But he said in a posting on Reddit that 119,756 Bitcoins had been stolen.

Before the hacking was made public, that number of Bitcoins would have been worth about $72 million. Now that the currency has slumped, the figure is closer to $65 million. The exchange, one of the world’s largest, said in a blog post that any outstanding settlements would be made at the price before the hacking. “As we account for individualized customer losses, we may need to settle open margin positions, associated financing, and/or collateral affected by the breach,” Bitfinex said in the post. It added that customers’ losses would be addressed later.

Security breaches of this type have raised questions about the viability of Bitcoin. The most notable episode was the collapse in 2014 of Mt. Gox, an exchange based in Tokyo, in which hundreds of thousands of Bitcoins were stolen in a heist that experts and law enforcement officials are still trying to unravel. This past June, a hacker stole more than $50 million worth of Ether, another digital currency, from an experimental virtual currency project called the Decentralized Autonomous Organization.

Jack Liu, chief strategy officer at OKCoin, a large digital currency exchange, said he was not concerned about the security of his company because it uses a different system. But he noted that there should be more discussion between exchanges over best practices.

“We care about the health of the ecosystem,” he said, although he emphasized that nobody should be dictating how Bitcoins are secured. “Hackers are only getting better and so adoption of the same solution may not be the safest for the industry.”

Although some view Bitcoin as the future of finance, allowing for faster and cheaper transactions, the Bitcoin community has been rived with infighting over the development of the technology. The blockchain ledger, part of the coding that underlies the currency, has also gained more mainstream traction, as banks see an opportunity to use the technology to speed up trades.

Bitfinex said the theft had been reported to law enforcement.

US Search Mobile Web

Welcome to the Yahoo Search forum! We’d love to hear your ideas on how to improve Yahoo Search.

The Yahoo product feedback forum now requires a valid Yahoo ID and password to participate.

You are now required to sign-in using your Yahoo email account in order to provide us with feedback and to submit votes and comments to existing ideas. If you do not have a Yahoo ID or the password to your Yahoo ID, please sign-up for a new account.

If you have a valid Yahoo ID and password, follow these steps if you would like to remove your posts, comments, votes, and/or profile from the Yahoo product feedback forum.

• Vote for an existing idea ( )
• or
• Post a new idea…

• Hot ideas
• Top ideas
• New ideas
• Category
• Status
• My feedback

Improve your services

Your search engine does not find any satisfactory results for searches. It is too weak. Also, the server of bing is often off

I created a yahoo/email account long ago but I lost access to it; can y'all delete all my yahoo/yahoo account except for my newest YaAccount

I want all my lost access yahoo account 'delete'; Requesting supporter for these old account deletion; 'except' my Newest yahoo account this Account don't delete! Because I don't want it interfering my online 'gamble' /games/business/data/ Activity , because the computer/security program might 'scure' my Information and detect theres other account; then secure online activities/ business securing from my suspicion because of my other account existing will make the security program be 'Suspicious' until I'm 'secure'; and if I'm gambling online 'Depositing' then I need those account 'delete' because the insecurity 'Suspicioun' will program the casino game 'Programs' securities' to be 'secure' then it'll be 'unfair' gaming and I'll lose because of the insecurity can be a 'Excuse'. Hope y'all understand my explanation!

I want all my lost access yahoo account 'delete'; Requesting supporter for these old account deletion; 'except' my Newest yahoo account this Account don't delete! Because I don't want it interfering my online 'gamble' /games/business/data/ Activity , because the computer/security program might 'scure' my Information and detect theres other account; then secure online activities/ business securing from my suspicion because of my other account existing will make the security program be 'Suspicious' until I'm 'secure'; and if I'm gambling online 'Depositing' then I need those account 'delete' because the insecurity 'Suspicioun' will program the casino game 'Programs' securities' to be… more

chithidio@Yahoo.com

i dont know what happened but i can not search anything.

Golf handicap tracker, why can't I get to it?

Why do I get redirected on pc and mobile device?

Rahyaftco@yahoo.com

RYAN RAHSAD BELL literally means

Question on a link

In the search for Anaïs Nin, one of the first few links shows a picture of a man. Why? Since Nin is a woman, I can’t figure out why. Can you show some reason for this? Who is he? If you click on the picture a group of pictures of Nin and no mention of that man. Is it an error?

Repair the Yahoo Search App.

Yahoo Search App from the Google Play Store on my Samsung Galaxy S8+ phone stopped working on May 18, 2018.

I went to the Yahoo Troubleshooting page but the article that said to do a certain 8 steps to fix the problem with Yahoo Services not working and how to fix the problem. Of course they didn't work.

I contacted Samsung thru their Samsung Tutor app on my phone. I gave their Technican access to my phone to see if there was a problem with my phone that stopped the Yahoo Search App from working. He went to Yahoo and I signed in so he could try to fix the Yahoo Search App not working. He also used another phone, installed the app from the Google Play Store to see if the app would do any kind of search thru the app. The Yahoo Search App just wasn't working.

I also had At&t try to help me because I have UVERSE for my internet service. My internet was working perfectly. Their Technical Support team member checked the Yahoo Search App and it wouldn't work for him either.

We can go to www.yahoo.com and search for any topic or website. It's just the Yahoo Search App that won't allow anyone to do web searches at all.

I let Google know that the Yahoo Search App installed from their Google Play Store had completely stopped working on May 18, 2018.

I told them that Yahoo has made sure that their Yahoo members can't contact them about anything.

I noticed that right after I accepted the agreement that said Oath had joined with Verizon I started having the problem with the Yahoo Search App.
No matter what I search for or website thru the Yahoo Search App it says the following after I searched for
www.att.com.

WEBPAGE NOT AVAILABLE
This webpage at gttp://r.search.yahoo.com/_ylt=A0geJGq8BbkrgALEMMITE5jylu=X3oDMTEzcTjdWsyBGNvbG8DYmyxBHBvcwMxBHZ0aWQDTkFQUEMwxzEEc2VjA3NylRo=10/Ru=https%3a%2f%2fwww.att.att.com%2f/Rk=2/Es=plkGNRAB61_XKqFjTEN7J8cXA-
could not be loaded because:
net::ERR_CLEARTEXT_NOT_PERMITTED

I tried to search for things like www.homedepot.com. The same thing happened. It would say WEBPAGE NOT AVAILABLE. The only thing that changed were all the upper and lower case letters, numbers and symbols.
Then it would again say
could not be loaded because:
net::ERR_CLEARTEXT_NOT_PERMITTED

This is the same thing that happened when Samsung and At&t tried to do any kind of searches thru the Yahoo Search App.

Yahoo needs to fix the problem with their app.

Yahoo Search App from the Google Play Store on my Samsung Galaxy S8+ phone stopped working on May 18, 2018.

I went to the Yahoo Troubleshooting page but the article that said to do a certain 8 steps to fix the problem with Yahoo Services not working and how to fix the problem. Of course they didn't work.

I contacted Samsung thru their Samsung Tutor app on my phone. I gave their Technican access to my phone to see if there was a problem with my phone that stopped the Yahoo Search App from working. He went to Yahoo and… more

The $70 Million Bitcoin Hack Was the 4th Largest Breach in Cryptocurrency History

Just as bitcoin trading hit record highs this week, hackers made off with nearly $70 million from a major cryptocurrency-mining service NiceHash. The Slovenia-based company announced the security breach on its Facebook page Wednesday afternoon and stopped operations for 24 hours.

Here’s everything we know so far in the days following the attack:

The NiceHash hack is the 4th largest breach in cryptocurrency history

Although the exchange rate for Bitcoin is still trading at an all time high at a whopping $15,400, other crypto thefts were much more detrimental when converting the exchange rate at the time of the theft, cryptocurrency research website CoinGecko co-founder Brian Ong told MONEY.

The largest cryptocurrency hack occurred in February 2014, when hackers stole approximately $450 million from Mt. Gox, a bitcoin exchange based in Tokyo that handled 70% of all bitcoin transactions at the time of the hack. Wired reported the Mt. Gox hack occurred due to a flawed system for securing software and shady business practices. The company CEO allegedly spent over $1 million on renovating a café in company headquarters while the business was “falling apart.”

The hacker likely wasn’t in Europe

NiceHash’s head of marketing Andrej Skraba told Reuters it was “very probable” the attack came from someone with an IP address outside of the EU. He declined to give Reuters any more details, but said NiceHash investors came from “all over the world.”

Hackers probably won’t be able to use the stolen Bitcoin

Bitcoin thefts are unique in that they’re not reversible, meaning once the coins are stolen, the owner has full control over them, Patrick McCorry, research associate at the University College London and the UK’s first PhD graduate in cryptocurrencies, told MONEY. However, the hackers likely won’t be able to actually use the loot due because if the stolen coins are made public, it would make it difficult for the thief to spend them. Many of the stolen coins (including money raised via ransomware) sit idle on the blockchain, McCorry said.

NiceHash founders informed other Bitcoin exchanges of the stolen bitcoin, so that they can be frozen before hackers sell it off for fiat or other types of cryptocurrency, Ong added.

Some think it could be an inside job

Matjaz Skorjanc, the mastermind behind the infamous Mariposa botnet that infected over 12 million computers, acted as NiceHash’s chief technical officer during the hack, the company confirmed to Reuters.

Skorjanc created the Mariposa computer virus that hijacked about 12.7 million computers around the world in 190 countries, BBC reported. The virus harvested private data, including credit card details and log-ins, as well as overwhelmed servers with traffic and sent users spam e-mails.

Skorjanc was arrested in 2010 when he was 27-years-old. Slovenian court sentenced him to just under 5 years in jail, plus a 4,000 euro fine.

Because of Skorjanc’s past, some Reddit users are speculating the heist was an inside job. At least one expert agrees.

“Speculations will always be there whenever a cryptocurrency hack occurs that it could be an inside job or a phishing attack on one of employees,” Ong said.