A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies.
NiceHash matches people looking to sell processing time on computers in exchange for bitcoin.
There have been at least three dozen heists on exchanges that buy and sell digital currencies since 2011, including one that led to the 2014 collapse of Mt. Gox, once the world’s largest bitcoin market.
More than 980,000 bitcoins have been stolen from exchanges, which would be worth more than $15 billion at current exchange rates. Few have been recovered, leaving some investors without any compensation.
The hacks have not kept demand for digital currencies from soaring. Bitcoin’s value has climbed more than 15-fold so far this year, closing at a record $16,000 on the Luxembourg-based Bitstamp exchange on Thursday, ahead of this weekend’s launch of bitcoin futures by CBOE.
Security experts said they expect the cyber-crime spree to pick up as the rising valuations attract interest from cyber criminals looking for victims that lack experience defending against hacks.
“These exchanges are not in my opinion secure,” said Gartner security analyst Avivah Litan. “You don’t know what their security is like behind the scenes.”
NiceHash executive Andrej P. Škraba told Reuters that his firm was the victim of “a highly professional” heist that yielded about 4,700 bitcoin, worth around $64 million.
Sophisticated criminal groups are increasingly targeting the cryptocurrency industry, focusing on exchanges and other types of firms in the sector, said Noam Jolles, a senior intelligence specialist with Israeli cyber-security company Diskin Advanced Technologies.
“The most sophisticated groups are going into this area,” she said.
NiceHash, which advised users to change online passwords after it halted operations on Wednesday, has provided few other details about the attack on its payment system.
“We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service,” it said on its website.
It was unclear whether customers faced any losses from the hack.
Slovenian police said they were looking into the hack, but declined to elaborate.