20 Jul 2017
A simple bait-and-switch con lined a hackers’ pockets with over $7 million in stolen currency.
CoinDash, an Israeli Ethereum-trading startup group, had a slight glitch in their Initial Coin Offering (ICO). During the ICO, the company allowed its investors to send tokens to its “smart contact address” in exchange for their new currency, Ethereum.
Sounds good! But what took them three minutes and millions of dollars to realize is that their system had been hacked and the actual address had been replaced with a fake address that was owned by the hacker.
All of the funds were flowing straight into that fraudulent account.
A subsequent statement posted on their website reads:
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack, $7 Million was stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 Million from our early contributors and whitelist participants, and we are grateful for your support and contribution.”
This news is bad enough, but the worst part is that CoinDash is still under attack by the unknown assailant. As such, not only are investors are STRONGLY URGED to hold off on sending any Ether (ETH) to any address that was listed on the site, but the company has since ceased all Token Sales.
As of the time of this publication, the site is offline. Any funds sent to the website while it was still operational will be compensated. HOwever, and sent to the faulty address after the site was shut down will not be, leaving some to question whether this was a hack at all. Some have theorized that this could have been an inside scam, as there is no proof as of yet of said hack.
The company has responded by with a statement that takes responsibility for the flub. “CoinDash is responsible to all of its contributors and will send CDTs [CoinDash Tokens] reflective of each contribution. Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly.”
In this pioneering world of internet currency, it is unlikely that this is the last time a hack such as this will transpire. In fact, this is not the first time. Just last year, $50 Million disappeared from the Decentralised Anonymous Organisation (DAO) ICO after hackers were able to exploit weaknesses in the fund’s code.
It is truly a “buyers’ beware” financial frontier.