The hack took only a few minutes but allowed the criminal to escape with millions in investor funds.
A hacker has made off with roughly $7.4 million in virtual currency after pouncing during an ethereum ICO.
As reported my Motherboard, the hacker took the opportunity to disrupt the Initial Coin Offering (ICO) of CoinDash, a trading platform for cryptocurrencies.
On Monday, CoinDash held its Token Sale event, in which investors were meant to be able to fund apps in development with virtual currency in return for a stake in such applications in an event similar to a crowdfunding campaign.
The CoinDash ICO, like many others in which cryptocurrency “tokens” (CDT) were exchanged for shares in a project, was keenly anticipated by investors.
However, this time, something went terribly wrong.
In a statement on its website, the platform apologized, admitting that a “hacking attack” took place during the event by an unknown perpetrator, resulting in the loss of millions in ethereum, also known as ether (ETH).
Rather than conduct a complex attack on trading itself, however, the hacker employed a simple tactic.
At the time of the ICO, in which CoinDash posted a string of characters which represented its wallet address for investors to send funds to, it appears that the hacker compromised the website and changed this text to a wallet they control.
It was a matter of minutes before the platform realized the security breach had taken place and warned investors, but it was too late — and now the stolen funds intended for CoinDash are simply sitting in a wallet awaiting collection.
CoinDesk has pleaded with traders not to send any cryptocurrency as the Token Sale has been canceled, and the organization considers itself “still under attack.”
Some investors, however, are speculating that there may have been ulterior motives relating to the incident. On Twitter, traders vented their frustration, and on Reddit, some contributors have suggested that the platform is linked to a previously known s
The organization, however, has promised that investors involved in the apparent cyberattack will be given tokens reflecting their pledges, as long as the transactions took place before the website was shut down.
“This was a damaging event to both our contributors and our company but it is surely not the end of our project,” CoinDash says. “We are looking into the security breach and will update you all as soon as possible about the findings. The CoinDash vision, product and team will continue to live on. We will be fast to recover and we will create the future of trading.”