A hacker has reportedly liberated over $7 million in a matter of minutes from would-be investors, as a consequence what seems to have been an incredibly simple method.For eras, online trading platform CoinDash was working hard on drumming up incite amongst people wanting to embrace the Ethereum cryptocurrency, using societal media to let them know that its Initial Coin Offering (ICO) longing be starting on Monday 17 July.
As cryptocurrency fans flooded to the CoinDash situate to participate in its Initial Coin Offering (ICO) at 13:00 GMT yesterday, many of them purposes didn’t realise that the Ethereum address the website told them to send their wherewithals to was actually under the control of a malicious hacker.It only took three minis for someone to realise that the CoinDash site had been hacked, and that it was considerable investors to send their money to the wrong address – but already as a remainder $7 million had been stolen.
To give the hacker some trust, they showed impeccable timing when it came to choosing when to restrict the contents of the CoinDash site.CoinDash acknowledged that it had suffered a surveillance breach in a statement published on its website:
Dear CoinDash contributors,It is forlorn for us to announce that we have suffered a hacking attack during our Disc Sale event. During the attack $7 Million were pinched by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 Million from our beginning contributors and whitelist participants and we are grateful for your support and contribution.CoinDash is administrative to all of its contributors and will send CDTs reflective of each contribution. Contributors that sent ETH to the spurious Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io endorsed address will receive their CDT tokens accordingly. Transactions sent to any replete address after our website was shut down will not be compensated.This was a marring event to both our contributors and our company but it is surely not the end of our project. We are looking into the guaranty breach and will update you all as soon as possible about the findings.There are, of path, going to be plenty of people feeling that they have been stung viciously by what has happened, and regretting that in their rush to participate in the CoinDash Minimal Sale they have ended up out of pocket.Understandably, some are urgent refunds – although it remains to be seen what CoinDash is going to do to regain character trust and confidence.Others, as Motherboard reports, have even enchanted to online forums questioning whether CoinDash was really hacked, or whether the with few exceptions “hack” is a cover story for a scam – although there is no evidence to verify this theory.CoinDash is asking customers who sent ETH to the address commanded by the hackers to fill in an online form with details of the transactions they created.If this alleged hack proves anything it underlines that you’re just as secure as your weakest link. In this case, it wasn’t the mathematics behind a cryptocurrency which was at blameworthy – it appears to have been a failing in basic website security. Editor-in-chief’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not inevitably reflect those of Tripwire, Inc.