A Simple Trick Makes a Hacker $7.4 Million Richer in an Ethereum Hack
A hacker has managed to make over $7 million in virtual currency during the Initial Coin Offering (ICO) of CoinDash by tricking people into sending their cryptocurrency to the wrong address. CoinDash, a trading platform for cryptocurrencies, has claimed that its investors were sending their funds to a hacker, and not the company, during an ethereum ICO.
CoinDash was offering an ethereum ICO this Monday – a Token Sale event that allows investors to own a stake in the app, similar to a crowdfunding campaign. Typically ICOs bring millions of dollars to the apps as investors look forward to these token sale events for owning shares in a project.
But yesterday, this anticipation resulted in confusion and a lot of loss of money for some when investors started sending their funds to a hacker. Within five minutes of this token sale event, CoinDash warned that its website had been hacked and asked investors not to send ethereum to the address (a string of text) shared on its own website. A hacker had allegedly replaced the official wallet address with their own.
Ethereum hack: less than five minutes and more than 43,000 ethers lost
The alleged hack appears to be a simple trick as the hacker took control of the CoinDash official website and changed this string with their own ether wallet address. Those who wanted to invest in CoinDash by buying tokens saw this address on the official website and started sending their funds to the hacker.
In a statement, CoinDash has apologized and claims this was a hacking attack by “a currently unknown perpetrator.”
However, investors aren’t happy. Many have said that the platform had its own motives and even suggested that it has been linked to a scam before.
During these few minutes of address-change, interested investors sent 43,438.45 ether (around $7.4 million) to the Coindash address that the company claims belongs to a hacker.
Investors are understandably frustrated with the company. “Oh come on i have already sent my eth,” a user of Bitcointalk wrote. “I want my money back. It’s your website and it’s your fault that not do everything for the security.”
Motherboard reports that this alleged hack is one of the biggest in ethereum following DOA, a token-based ethereum investment fund, losing more than $50 million in a hack last year. On the company’s part, CoinDash has halted the Token Sale contract and is “trying to understand the best way to compensate those who were affected” according to Ram Avissar, the marketing director of the company.
Ilia Kolochenko, CEO of High-Tech Bridge, says that it is unlikely that the victims of this hack will get their money back. “Technically speaking, it’s virtually impossible,” he added. “Moreover, law enforcement won’t be able to help either in this case, except if it is an insider attack that can be investigated and prosecuted.”