This morning an incident occurred that sent an apparent $7.4-million USD worth of cryptocurrency Ethereum to a malicious entity. This was more than likely a hacker who laid dormant with backend control over the website from whens the coin was stolen – until this morning. As a rather sizeable ICO (Initial Coin Offering) opened its doors for investors, this hacker changed the website’s target wallet. And boom! This secret wallet was full of $7.4-million USD worth of $ETH.
This was Coindash
The site was Coindash, and their ICO was set to take place this morning. While the start of this ICO began like any other, it quickly turned sour. The way the site was apparently hacked was – I need to emphasize APPARENTLY – very simple.
The “hacker” apparently got control or had control of the site at the point at which the Ethereum wallet address for the ICO was posted. According to the official Coindash channel on Slack, the ICO opened at local time 8:59 – and four minutes later, they made clear: “WEBSITE HACKED, don’t believe the website.”
The screenshot above comes VIA Motherboard. Even after the 9:03 message, $ETH continued to roll in – of course – at which point the Coindash account wrote “GUYS WEBSITE IS HACKED! Don’t send your ETH!!!” on BitCoinTalk. Investors were less than pleased.
Was this a scam?
This MAY have been a scam – at best, it was a very bad series of decisions on the part of the people behind Coindash. This happened because the creators of Coindash didn’t use Ethereum the way Ethereum was meant to be used.
It would seem that the Coindash crew wanted to offer some investors the chance to buy in early by posting the URL to their site – their site with a standard code to deposit Ethereum. What they SHOULD have done was to share their wallet code right away – but include an opening time at which the wallet could have Ether accepted. They could even have included an investor whitelist to their solidity code to allow VIP users the opportunity they promised.
Coindash’s leadership should have released the correct address well in advance of the ICO. Because they didn’t, they set themselves up to potentially get their site hacked and the address to their wallet changed – which is exactly what happened. They very well should have used a solution like an ENS address to make their entire process as secure as possible.
As it stands, the Coindash crew aren’t looking especially trustworthy at the moment. Especially considering the details included in this BitCoinTalk thread – be aware that this thread contains obscenities and slurs that SlashGear ABSOLUTELY DOES NOT endorse in any way.
At the same time, Coindash developers are trying to calm investors. “All CoinDash investors will get their tokens,” said one Coindash developer in Slack, according to Motherboard. “We are working to solve the situation.”
Ethereum Price Effect
As this relatively major event took place this morning, Ethereum prices seemed to fall – but only briefly. Since the event, the price of Ethereum has risen by nearly $20 USD. The price of Ethereum is up over $30 USD. As this article is set to publish, Ethereum’s price looks like it’s not going to tank any time soon.
As it is with all articles about cryptocurrency, cryptocoins, Bitcoin, or anything money or investment-related, SlashGear nor the author are giving any sort of investment advice. The responsibility of any investments or value-holding actions taken by the reader are the reader’s own.