Coindash ICO encounter hackers, was “extremely simple” way to stolen $ 7.4 million in ether

nnnAdventure: Encrypting money investment boom tends to make some projects complete in a matter of minutes. But the Coindash, which provided the coin trading platform, issued a warning within minutes that a hacker attacked the project site and tampered with an e-mail address, hoping that investors would stop investing. But the speed of hackers, has stolen $ 7.4 million in ether. This is the biggest attack on the tower after the Dao encounter, was strongly protested by investors. But the project developer said it was trying to return investor funds.n
nnTranslation: Annie_Xun
nThe cheat of the ICC investors will send the encrypted currency to the wrong address.n
nAllegedly a hacker to deceive the victim to transfer funds to the wrong ICO project address, stolen $ 7.4 million to the ether platform platform. Coindash said the investors remitted the money to hackers.n
nAt that time, Coindash, which provided the coin trading platform, will launch ICO. Around the project investors through the purchase of tokens to obtain the application shares. ICO is the most popular way to use the IT package, and some ICOs have launched millions of dollars in a few minutes. Even the worst applications can raise thousands of dollars in ICO tokens.n
nCoindash’s ICO, like other projects, only publishes a series of text representing the address of the APF, and investors can send money to the address on the application site. However, ICD, which had been successfully completed in a few minutes, warned that its site was being attacked so that people would not transfer to the release address.n
nIt is not clear what happened in the end, but it seems that the attack is very simple. It was alleged that the hacker controlled the Coindash website and modified the previously published text, replacing Coindash with his purse address. When people invest in Coindash, it is actually remitted to the hackers, not the company.n
nEven if Coindash noticed the attack, he soon warned investors within three minutes of ICO, but the loss had already been caused.n
nCoindash employee Emmanuel Gimenez wrote in the corporate Slack official account that “the site was black”.n
nICO released six minutes later, that is, at about 9:06 AM EDT, Coindash in the well-known Bitcointalk forum on the release of the account, “guys, the site was black, do not send you to the currency”.n
nCoindash Twitter, “tokens have been sold, do not send any currency to any address.”n
nAs of the time of writing, potential investors have sent 43,438.45 coins (about $ 7.4 million) to the hacker’s Coindash address. The webpage tool for tracking the currency exchange for Etherman EtherCan warns that “reports that Coindash has been attacked.”n
nCoindash marketing director Ram Avissar posted by Slack said:n
nn”We know that the external attacker changed the address immediately after the start of the sale.We have stopped the tokens offering agreement and tried to find the best way to compensate the victim.”n
nnCoindash Slack Channel wrote:n
nn”Hacker attack”, “unknown intruder” or hacker “malicious release” false ether square address.n
nnSome users are strongly protesting in social media. For example, Reddit users guess the attack is actually “internal”, the purpose is to let Coindash founder cheated millions of dollars, but shirk responsibility to anonymous hackers who, after all, these hackers may simply not find. It is unclear whether Coindash has a foul, but the simple and effective principle (Occam’s Razor) tend to Coindash’s explanation: hackers only use the ICO the weakest part of the security, that is, Coindash website.n
nWhatever the criminals are, the investor’s anger is against Coindash. Bitcointalk users wrote:n
n”Well, I have sent the ether coins.” Another person who says the investment token is on Bitcointalk and says that I want to get back to my money, which is your site, do not make security is your fault. “Too late, I have already invested. Has sent 31,000 yen to this address. You guys are the best of my money. “It is not possible to confirm whether these people have invested, but Etherscan has confirmed that the bulk of the currency is included in this address.n
nThe attack is currently the largest attack on the ether square. In the last year, based on the tokens of the Taifang investment fund The Dao loss of 50 million US dollars, the developers decided to take a fork, in order to recover the funds. But many people think that this brings an unnecessary risk, and produced a hostile encrypted currency, and will not happen again.n
nCoindash official Slack channel pointed out that the application developers that all investors, even if the false address has been sent to Taitong people, can be recovered tokens.n
nDevelopers wrote in Slack, “All CoinDash investors will close the token, we’re working on this problem.”n

Leave a Reply

Your email address will not be published. Required fields are marked *