Hackers steal over $1 million in Ethereum in BeeToken ICO Phishing Scam

Third Ethereum Theft in a Week Took $8.4M Worth of Tokens

Hackers used phishing scam and have stolen over $1 million worth Ethereum from investors in BeeToken’s ICO sale.

A group of hackers has cast a grim shadow over BeeToken’s ICO as they have stolen more than $1 million from investors. The hackers got their hands on the investor mailing list from BeeToken and sent out phishing emails to get Ethereum transferred to their own address.

The emails come from multiple accounts and have different natures. While all will ask the investors to transfer Ethereum, their method of asking differs, with one email also stating a fake partnership with Microsoft. Investors are receiving phishing emails as well as Telegram messages, asking them to transfer Ether into the address mentioned.

While there’s still no concrete information as to how the hackers got their hands on the mailing list of investors in the first place, a report by The Next Web states that the group of hackers has already amassed half the funds that BeeToken was able to generate using its ICO. BeeToken also issued the following message through Medium:

“Please note that we will NEVER EVER communicate an Ethereum address through an email or Direct Message to you via Telegram. We will NOT be using any QR codes in our communications. We will also NOT be giving 100% bonuses and we will NOT accept more than 0.3 ETH for the first 24 hours of our Token Generation Event. In addition, we will NOT be partnering with Microsoft.”

According to BeeToken, the only valid funding address for the ICO is available at https://tokensaleinfo.beetoken.com. Along with the funding address, there is also a video of BeeToken CEO Jonathan Chou holding the same address written by hand on a piece of paper. BeeToken also said that if users see a video that has only one ETH address instead of two, then that video is fake as well and they should not transfer funds to the address in the video.

According to a CoinDesk report, the amount gathered by the hackers using the three Ethereum addresses is over $928,000. It’s still not known, though, how many investors were affected by this phishing scam. Ilia Kolochenko, CEO of High-Tech Bridge, said that hackers target the cryptocurrency community because it’s a lot simpler to attack users, evade the authorities, and come away with large sums of money. Law enforcement agencies are already lacking in resources and manpower when it comes to tackling the issue of cybercrime. With 2018 set to witness another rise rather than a slump in cybercrime, such instances might become more commonplace and less surprising.

The onus lies with the users to take care of themselves when interacting with the online world. Any communication that requests transfer of funds or divulgence of personal information, no matter how credible it might seem, should be dealt with the utmost care and skepticism. You should always request the firm or organization of the communication whether it is authentic. It never hurts to ask and be sure. What hurts is carelessness.