The mining marketplace states that the source for Phoenix miner has changed, along with security mismatches.
NiceHash released a blog post warning the platform’s miners to stop using Phoenix miner immediately. The company noted the following problems with the anonymously developed software:
- The Phoenix miner download location changed;
- The control shasum does not match the published value.
NiceHash states that if Phoenix miner has been used on a PC, then to consider the computer to be compromised. It is recommended to reinstall the OS, change all passwords and activate 2FA. Moreover, move any funds in wallets attached to that PC to other wallets immediately.
Those needing mining software should avoid third-party software to begin with. NiceHash recommends using its QuickMiner variants. For further information, see this Reddit post, which came out just as this article was published.
NiceHash is no stranger to hacks. In December 2020, the company finished paying back the last of the Bitcoin stolen in December 2017. In what seems to have been a spearfishing attack, hackers at that time made off with at least 4,640 BTC.
Hacks from Every Angle
The rising cryptocurrency market is attracting hackers, and miners have a lot of company as targets. The decentralized finance segment experiences hacks on a regular basis. On Mar. 7, PAID Network released the post-mortem concerning its Mar. 5 exploit. This hack saw more than 2,000 ETH gained as a result of unimpeded PAID mining and further selling-off.
The Livecoin exchange experienced a hack that raised the price of Bitcoin to over $220,000 as the attack evolved. Livecoin subsequently closed, and the hack may have been an exit scam.
One safeguard regarding the constant hacking that everyone in the cryptocurrency community can help with is better security. Taking basic steps can prevent a portion of attacks from succeeding.
For example, the PAID Network exploit resulted at least in part from security lapses at the network. Contract changes needed only one signature. WARONRUGS called for PAID Network to utilize multisig processes at sensitive points as early as January 2021.
While in many cases, users who fall victim to hacking are often reimbursed, this is not always the case. Exchanges and other companies put out the call regarding breaches as quickly as they can. They also expect users to pay attention, and getting money back on transactions made after a hack has been announced is highly unlikely.