Hacker allegedly stole $7.4 million worth of Ether in 3 minutes

While there is a general consensus that the Knightscope security robot in Washington, D.C., committed suicide on Monday, the same everyone-agrees-opinion is not true for the $7.4 million heist of the cryptocurrency Ether that happened on the same day. CoinDash maintains that a hacker made off with the Ether, which comes from the app platform ethereum, during its Initial Coin Offering (ICO), yet speculation is running rampant, including a theory that the money disappeared due to a scam, not a hack.

During its Token Sale event, the startup CoinDash meant for investors to send ether to stake claims in its app, which is in development; it’s basically crowdfunding on the ethereum platform.

As Motherboard reported:

CoinDash's ICO, like many others, launched simply by posting a string of text representing an ethereum address for investors to send money to on the app's website. However, mere minutes into what was supposed to be another successful ICO, CoinDash warned that its website had been hacked and asked people not to send ethereum to the posted address.

Not long after CoinDash launched its ICO, it tweeted:

Website has been hacked.
— CoinDash.io (@coindashio) July 17, 2017

During the alleged attack, a hacker changed the wallet address on CoinDash’s website to his or her own. Therefore, investors were sending their Ether to the hacker. That hacker reportedly managed to make over $7 million in three minutes.

CoinDash noticed the website hack within minutes and then warned investors that the Token Sale was over and not to send any Ether to the wallet.

The Token Sale is done, do not send any ETH to any address. Official statement regarding the hack will be released soon.
— CoinDash.io (@coindashio) July 17, 2017

In an alert to investors, CoinDash wrote:

This is an emergency message delivered to you in order to stop you from sending your money to an unauthorized ETH address. It seems like our Token Sale page was tampered and the sending address was changed. Please stop from sending your funds to any of the addresses until we say otherwise. We are currently examining the situation and will shortly send further instructions.

In the official statement about the hack, CoinDash said:

It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack $7 million were stolen by a currently unknown perpetrator.

“This was a damaging event to both our contributors and our company, but it is surely not the end of our project,” CoinDash said. “We are looking into the security breach and will update you all as soon as possible about the findings.”

Although CoinDash says more than $7 million was stolen, Etherscan currently shows 2,134 transactions with a U.S. value of $9,029,073.26 in the hacker’s wallet.

“CoinDash is responsible to all of its contributors,” the statement reads, and it will send CoinDash tokens “reflective of each contribution.” Affected investors are to submit information in order to collect their tokens.

FYI: Steal of a deal on cybersecurity book bundle

Totally unrelated, but worthy of being noted, there is an impressive Humble Book Bundle of cybersecurity books that might interest you. In total, there are $726 worth of DRM-free digital books in a “pay what you want” bundle. Several of those books were written by Bruce Schneier, who said, “This is the cheapest you'll ever see these books.”

This artcile was originally posted on CSO US July 18 2017.


Tags cyber crimeEthernetcyber attacksscamsicoKnightscopecryptocurrencyCoinDashToken Sale

Show Comments