The latest target of the ICO hackers is Enigma, a decentralized platform that was preparing to host a cryptocurrency token sale. But then, the hackers took over their website and got a hold of their social accounts and managed to get almost $500,000 in digital coin by sending spam.
The platform itself did not lose any money during the attack, although its community suffered a loss. The organizers of the hack made this possible, targeting anyone who has joined Enigma’s mailing list or members of a Slack group that has over 9,000 users wanting to learn more about its ICO in September.
The hackers managed to get people to send money to their crypto wallet by posting Slack messages, changing the website and sending out spoofed emails to the list of people in the community, which all looked authentic enough.
Their profit from the hack was 1,492 in Ether coin (worth $494,170.68) at the time of writing, according to Etherscan. It’s interesting that this amount of money has been taken when the Enigma team itself warned its users that they won’t be collecting money before the ICO scheduled for September.
As a response to the attack, Enigma decided to shut down its websites and Slack group and post updates via Telegram group and Twitter account.
— Enigma Project (@EnigmaMPC) August 21, 2017
According to some Reddit users who looked into the situation, the Enigma CEO Guy Zyskind’s email was compromised by the hacker. They’ve found his email to be included in the previous hackings of different services, but Zyskind has yet to change his password. There is no two-factor authentication or last line of security that might keep anyone with the password out.
An Enigma spokesperson said that some team passwords were compromised for the Enigma’s landing page and their Slack, but the page dedicated for the token sale was not affected due to it residing on a separate and more secure server.
Previous ICOs were compromised in such a way that attackers took control of the ICO sites and added their wallet addressed so the money would be sent directly to them. This happened with CoinDash, which suffered a $7 million loss this July, and also Veritaseum who lost $8.4 million the same month.
Enigma says they’ve been putting up new security measures, like strong passwords and two-factor authentication for emails of all employees, alongside proper access control management and compartmentalization.
What’s not really understandable is why these security measures weren’t there from the very beginning. The simplicity of gaining access made the situation even more embarrassing, especially when you realize that Enigma’s co-founder shared his solution for preventing ICO hacks just last month.
This should be also a lesson for people who want to take part in the ICO market about being cautious. These ICOs, or token sales, raised more than $1.2 billion in the first half of this year – which is more than the entire amount invested in early-stage startup funding and it seems the numbers will only get higher.