Cryptocurrencies like bitcoin and Ethereum have long had a reputation as being somewhat of a “Wild West,” beset by hype bubbles, scams, and hacks — and that seems unlikely to change any time soon.
Amid the massive hype and speculation around Initial Coin Offerings (ICOs), $US8 million (£6.1 million) was stolen from would-be investors in one startup.
For the uninitiated, ICOs are a fancy new way of fundraising enabled by digital currencies like Ethereum — participants invest money and receive digital “tokens” in return. It’s largely unregulated, and some observers believe the market is in a massive bubble — with some ICO crowdfunding events raising hundreds of millions of dollars.
In the case of Coindash, its ICO was rapid — and disastrous.
Motherboard reports that just minutes after it began, the company was forced to warn investors that their funds had been stolen due to a hack.
The attacker(s) had apparently hacked into the website and changed the address that investors were sending their funds to — meaning the cash was funnelled directly to them. It’s the digital equivalent of changing the name on the paperwork so investors make out their cheques to the wrong person — and it’s basically irreversible.
The alleged attacker’s address currently holds almost 44,000 ether — more than $US8.2 million (£6.2 million) at current prices.
Here’s a screenshot of the company Slack channel as the ICO launched:
There is some unconfirmed speculation on Reddit that it could have been a deliberate hoax. “Is there any proof that this was a hack? What if Coindash put an address in and then cried hacker to get away with free ETH?” one user wrote. (There’s no actual evidence for this right now.)
Coindash says this isn’t the end, however. In a statement posted to Slack, a company rep said: “It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event … This was a damaging event to both our contributors and our company but it is surely not thr end of our company. We are looking into the security breach and will update you all as soon as is possible about the findings.”
Website has been hacked.
— CoinDash.io (@coindashio) July 17, 2017