ICO's have been the talk of the town lately, and some projects managed to raise hundreds of millions of dollars during their crowdsale.
But this can also go wrong:
During the recent CoinDash ICO, Hackers managed to steal Ether worth $7 Million.
Initially, the ICO was set for a period of 28 days, with a limit of $12 million.
But only 13 minutes after the start of the token sale, an unknown Hacker managed to work his way into the system and replace the ETH address on the website with a fake one.
As a result, ETH tokens worth $7 million were sent to the Hacker's address - although the company still managed to raise about $6.4 million from early investors.
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack, $7 mln were stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 mln from our early contributors and whitelist participants and we are grateful for your support and contribution.”
This event will remind many of the DAO hack last year, where Hackers managed to steal over $50 million.
The DAO Hack was followed by a lot of criticism and press, creating a very negative influence on the cryptocurrency market as a whole.
Despite the attack, CoinDash still promised to compromise for the loss and still give out tokens to everyone who sent funds to the hacker's address.
The company stated that they are wholly responsible for the attack and that apologized to their contributors.
"CoinDash is responsible to all of its contributors and will send CDTs reflective of each contribution. Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly"
It's great to see that the company is taking responsibility for their lack of security measures - afterall, a hack like this could have been prevented.
Nevertheless, this event took a huge toll on both the company's financial situation as well as its relationship to the customers.
But CoinDash remains positive and stated that they will continue with their work like normal.
"This was a damaging event to both our contributors and our company but it is surely not the end of our project."
How was an attack like this possible?
CoinDash itself have not released a statement about the cause of the hack yet.
But there have been some assumptions posted from a social media account:
Wu Guanggeng, COO of Chinese mining pool Bixin, assumes that the breach might have been made via the domain name server provider. According to CoinDesk, he indicated that "his source for the information was a WeChat official account that publishes cryptocurrency news for subscribers."
That WeChat account suggested that the hacker first cloned the website CoinDash.io using a fake contact address, to create a website that looks almost identical to the real one.
Then, he might have contacted the DNS provider using the registered email to request that the traffic gets redirected to his fake site.
... And how could this have been prevented?
Critics say that the company shouldn't have simply published an ETH address on their website.
That makes it way too easy for Hackers to simply replace that address with their own.
Instead, CoinDash should have set up a smart contract like most ICO's do.
What consequences will this event have?
Obviously, most ICO providers will now re-check their security measures to make sure something like this won't happen again in the future.
We can also be sure that a lot of negative press will follow this event, especially from mainstream media and cryptocurrency critics.
Many people have been criticizing ICO's and were only waiting for an opportunity like this to condemn the technology and claim that ICO's are not safe.
While most "insiders" in the crypto scene will know that this was an exception and has nothing to do with the whole concept of ICO's or even the security level of cryptocurrencies in general, it still reminds us how important it is to be aware of hackers at all times.
What do you think - did CoinDash handle the situation well? How will this hack affect the future?
© Sirwinchester