The cryptocurrency heists just keep on coming.
As previously reported by Wired, would-be investors were recently swindled out of nearly half a million dollars’ worth of digital currency Ethereum after hackers hijacked fintech firm Enigma.
So what happened?
The as-yet unidentified attackers managed to gain control of Enigma’s website, Slack channel (a public chat app), and email mailing lists. They then solicited investment from investors — and users rushed in to hand over their cash before the scam was halted.
Enigma is building a decentralised marketplace and trading platform for data, powered by blockchain technology. It was already planning to hold an Initial Coin Offering, or ICO, in September. ICOs are a new way of fundraising enable by digital currencies like Ethereum — participants invest money and receive “tokens” in return. It’s largely unregulated, and the most successful ICO’s have raised hundreds of millions of dollars amid fears the market is in a bubble.
With Enigma, the attackers used their access to announce a “pre-sale” via Enigma’s site, messaging channels, and email. They provided an Ethereum “address” they controlled for investors to send money to. And that’s exactly what happened, with users handing over 1,492 Ether — around $US480,000 at current prices.
It’s the digital equivalent of changing the name on the paperwork so investors make out their cheques to the wrong person, and it’s basically irreversible.
If this all sounds familiar, it’s because a similar heist was pulled off on another digital currency firm back in July. Attackers hacked into Coindash’s website before its ICO and changed the address — meaning all the cash was funnelled directly to them. They managed to nab more than $US8 million-worth of Ethereum before Coindash could alert its users.
Enigma says none of its own funds were stolen, and users’ passwords likewise remain secure.
The cryptocurrency sphere has a reputation as a “Wild West” — and between the hype and frequent hacks, that seems unlikely to change any time soon.
IMPT: read the following info from Enigma re: recent scam attempt. Join our Telegram to speak with team admins: https://t.co/SSGIsJ2ZWe pic.twitter.com/mM5mcaAzqG
— Enigma Project (@EnigmaMPC) August 21, 2017