Investors in initial coin offerings (ICOs) should take necessary precautions when sending Ether, the native token of Ethereum, to ICOs due to potential hacking attacks and security breaches.
Coindash Hack, $7 Million in Losses
Recently, Coindash, a Blockchain-based trading platform, which was set to raise $12 million in its ICO, had over $7 million worth of Ether stolen and redirected. While the ICO was ongoing, the website of Coindash was hijacked and the publicly available Ether wallet address of Coindash was altered. As a result, the majority of funds were redirected to the wallet address of the hacker.
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack, $7 mln were stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 mln from our early contributors and whitelist participants and we are grateful for your support and contribution,” said the Coindash team in an announcement.
Controversy emerged immediately after the disclosure of the Coindash team’s announcement. In an online community, one of the investors revealed that he personally notified the Coindash development team of the insecure ICO and fundraising method the team was relying on to raise tens of millions of dollars.
MJ Dillon wrote in a public slack channel of Coindash:
“Has anyone mentioned how bad an idea it is that you have a whitelist of people you’ll be emailing a contract address to with a ‘send money now!’ message before the address is public? Isn’t that just asking someone to try to hijack that process?”
However, the Coindash development team responded rather irresponsibly. Instead of looking into the security issue Dillon noted, the team ignored it and ultimately suffered a $7 million loss as a consequence.
Coindash and its executives including CEO Alon Muroch tried to stabilize the situation after the hack. In an interview with Bloomberg, Muroch stated:
“Our vision is still viable. We want to make sure to communicate a message of hope and continuity. There’s still money in the company and we will just double our efforts to make it much more effective.”
Still, $7 million was lost in the process and both users and Coindash suffered as a result of poor security measures and the failure to implement proper security measures while running a large-scale ICO.
$30 Million in Loss, ICOs Suffer Multi-Million Dollar Losses Due to Hacks
Earlier this week, analysts including Tuur Demeester revealed that over $30 million worth of Ether were stolen by hackers from three different ICOs.
“~$32M (~153k ether) stolen from three ICOs today. What is that, like 3% of total ICO money raised?,” wrote Demeester.
TokenData, a cryptocurrency and asset analytics platform, further revealed that including the $7 million Coindash hack, total amount of Ether from ICOs stolen in July amount to 3 percent of total amount raised by ICOs, which adds up to $1.5 billion.
On July 20, Blocktix, revealed in an official announcement that a vulnerability in the codebase of Parity’s multi-signature codebase led to the loss of millions of dollars worth of Ether.
Blocktix was using the same contract source to multisig our own ethereum wallets of which we owned two, one for our presale and one for our old contract. We choose the multisig contract to provide additional security.
“Today the news broke that Parity’s Multisig codebase had a vulnerability in their codebase, allowing funds to be drained from Multisig addresses. The Presale multisig got hit by the Whitehat group, and currently the funds are in their address,” said Blocktix.
Some analysts claimed that the same hacking group that successfully breached into the Decentralized Autonomous Organization (DAO) and stole millions of dollars in Ether hacked the three ICOs.
What Should Investors Takeaway From These Hacks?
Admittedly, the vast majority of investors within the ICO market have become involved in the market to place speculative investments. Most of the investors are simply trying to learn more about the space, gain short-term profit or expose themselves to the asset class.
It is of utmost importance of investors for security reasons to ensure that each ICO has proper security measures in place. For instance, analysts and investors of Coindash already knew that there was risk involved in the way Coindash conducted its ICO.
Investors must consult security experts to ensure that ICOs are safe to invest in and that ICOs implemented proper security measures.