Posted on July 18, 2017 at 11:59 AM
Hacker Steals $7.4 million from CoinDash Website with Simple Trick
By tricking victims into sending their money to a wrong account, a hacker reportedly managed to steal $7.3 million of dollar’s worth of Ether, a cryptocurrency used on the app platform Ethereum.
On Monday, July 17, an Initial Coin Offering was scheduled to launch by Coindash, which is offering a trading platform for Ether. This type of fundraising events allows investors to buy into an app with digital assets called tokens. This is a very popular method of supporting an app on Ethereum, and some of the fundraising events have brought in millions of dollars within minutes of starting the event. No app is left unfunded, raising at least thousand of dollar per app.
The way these events work is that CoinDash simply posts a link to an Ethereum address to which the investors should send their money to. Within minutes of Monday’s event, though, the company warned of the hack that took place and shut the site down, asking people not to send their money to the previously stated address.
The hack couldn’t have been more simple: the hacker accessed the website and changed the address of CoinDash’s wallet to their own, making all the investments meant to go to the company jump right into their own pocket.
No matter the speed of Coindash’s discovery of the hack and the warning they gave to their customers within 3 minutes of the event going live, the damage was done.
An employee of CoinDash wrote of the website being hacked in the company’s official Slack account, as well as on the popular Bitcointalk forum and twitter, all within minutes of it happening.
The estimated damage the hacker has done to the investor and the company is 43,438.45 Ether, which is equal to about $7.4 million USD. There were reports on CoinDash Crowdsale address being compromised, as told by Etherscan, which is a web tool for tracking Ethereum transactions.
Website has been hacked.
— CoinDash.io (@coindashio) July 17, 2017
Ram Avissar, the marketing director of Coindash, stated for Motherboard that all the company knows is that the address was changed right after the start of the sale. he added that they have halted the Token Sale contract and are in the process of understanding the ideal way to compensate the victims of the hacking.
They put an official statement on the company’s Slack channel, telling that they have been the victims of a hacking by an unknown actor who maliciously changed the address on their site.
Not all of the users believe that this is what happened. Many of them are taking on their social platform to speculate of this being an inside job, carefully planned by the company itself to keep the so-called stolen money for themselves. There is no evidence of this being what really happened, though.
This is one of the greatest hacks to happen to Ethereum to date, leaving many of the investor angry and dissatisfied.
In the official Coindash Slack channel, the company stated that all investors, even if they sent funds to the fake address, will receive tokens.