Bitcoin Alert - HashOcean: Diary of a Scam

Published Jul 5, 2016 (8 years ago)
Danger icon
The last modifications of this post were around 8 years ago, some information may be outdated!

Well, it's been a week since I first reported the potential of HashOcean being a scam, and at this point I believe I can safely flag it as such. I was fortunate in that I had only invested a few dollars into the mining operation and had actually received a payout. What is more interesting though, is the crazy path of stories, sites, and information that has been passed around over the week. While I haven't had the most in-depth recollection of what has transpired, here is what I've seen from my daily checkins on the issue over the course of a week.


After a relaxing weekend I went to log in to check how my bitcoin mining fared over the weekend. I wasn't expecting any major spikes, but I was looking to either withdrawal my small amount of profits or reinvest it again. Oddly enough the website wasn't responding. Up to this point the communication stream from HashOcean had been pretty minimal. They had a Twitter and Facebook account, but they were mainly for small updates or marketing, so I figured I would try out Twitter, since it tends to have a more "geekish" pulse on these types of things.

Surprisingly enough, there was already a fair amount of chat in twitter regarding the issue. The site had already been down for a couple of days. Worse than that, the FaceBook had gone down and the Twitter account was unresponsive. Lots of tweets were already denouncing HashOcean as a scam, having stolen approximately $50M worth of bitcoin from roughly 700,000 people right before the bitcoin halving was to take place. This was a Ponzi scheme from the beginning and the culprits were cashing out and running.

Interestingly enough, there were reports out there that HashOcean had reported they were hacked. Nothing was on their Twitter account, but there were a few reports (with screenshots) that HashOcean had been hacked and they were scrambling to get back up and running as soon as possible. Word was that the hackers had taken over the domain name and Facebook page. While I haven't seen much in the past with FB take overs, I've read enough articles out there to note that a hacker can be particularly lethal by stealing a domain name, redirecting/parking it elsewhere, and then having it out there for ransom.

To make matters worse, there were a couple of sites that had clever alternatives to the original name, such as (note the S at the end) or that looked like the original site but the login pages were scams to grab logins or provide the impression things were running again. There was even another resource out there claiming to be a refund site run by HashOcean to serve customers. The wording of the e-mail said that they only had a hash of the database, so they needed your e-mail address, password, and bitcoin address in order to properly refund your money. Hopefully everybody saw all of the huge red flags completely for that one.

Still, there were a few random tweets out there from people who said they had talked to HashOcean and that they were still there and working to get back online in two days. With all the chaos surrounding a hack, it seems reasonable to some extent that. Some of the bitcoin news aggregates were also passing around these few details in their news feeds, so it seemed to add a bit of credence to it. It seems reasonable enough that if HashOcean was really working hard to get things up. They'd keep their nose to the grindstone to get things done and worry about social silence and it's repercussions later.

But that is part of the problem as well. In the minds of some folks, the idea that mining could get them rich quick, and for a relatively small investment up front, starts to cloud their judgement. The site looks pretty solid when I look at it. All the core pages are there, and they even have a list of founder with photos, but when I try to dig deeper, and maybe get photos of the mining rigs they have setup, since they claim to be international. Yes they have a Twitter and Facebook page, but almost all the posts seem to be simple marketing posts and nothing about interaction with users.One of the originating mining rigs is outside of the US, so sure their English might be a bit broken to begin with.

Then things got worse. The two day turnaround came and went, and the sites were still down. There was still no traffic on the Twitter feed (the original Facebook page was still down) and now there were a few miscellaneous tweets circulating that some of the photos used for the founders page were simply stolen from somebody else that has nothing to do with bitcoin. In addition, some conversations around Reddit circulated questioning whether or not there were actually 700K users to begin with. Most of that data could be easily forged with a simple script that might increase it's value after a little while. We can also look at some of the Twitter accounts posting the "only 2 days to go" or "I've talked to them" tweets and note that their accounts are relatively new, or only have two or three tweets to their name, or maybe both. These cast suspicion that they are merely accounts created by a bot, or potentially hacked accounts used by a botnet, considering they often say, or retweet the exact same thing. Maybe I tend to try to give the benefit of the doubt in most situations, so the conflicting reports make it hard to discern what is truly going on.

A new development arose! An ethical hacking group, named KyperTech, arose out of the scandal and vowed to track down the hackers and help bring them to justice. They were looking for some volunteers as well and made some great progress. Then apparently the hackers attempted to DDOS them back. They fought through that and had allegedly found all the locations except for one. After that things were quiet for a day or so and a bizarre message showed up in binary. KyperTech later explained that they had been threatened by the hackers to reveal their identity if they continued to pursue things. There were e-mail screenshots associated with this info. However, a day later (early this morning) they indicated they had overcome this and have even said that they left a Google Verification card at a mailbox that was monitored and the FBI took two people into custody. What do we make of all of this? It seems great at the initial onset, but my growing skepticism of the entire issue makes me wonder. The "hack back" has potential, but if I was a potential scammer, why in the world would I go to my mailbox after doing a "cut and run" to pick up some kind of Google verification e-mail. It could be that this group/persona is a distraction while other cleanup is done or funds are redirected elsewhere.

At this point, I believe it is safe to say that HashOcean was indeed a scam. To a lesser degree, it could even be possible that the company was faltering financially to begin with, let their domain expire so they could close up shop, and others have swept in to try and profit and scam users that have been left high and dry. I've been fortunate enough to have been only slighted roughly $5 of money that was leftover in an old Bitcoin wallet to begin with, and I had no direct banking ties that could have been potentially revealed.

What am I doing as a followup? I still haven't lost hope in the cloud mining concept. I have gone ahead and invested some of my returns that I had on the same site I started mining Ethereum with called HashFlare. Their returns are not as drastic as HashOcean, helping lend some level of credibility, and they have been paying out well and have a few more markers to help verify legitimacy. If you're interested, open up a Coinbase account in which to deposit/gather your funds and then register with HashFlare and have your withdrawals go there.

Happy mining and be careful on where you invest!