Home Unlabelled Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes

Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes

By
Tuesday, July 18, 2017
Read
Add Comment

All it took was just 3 minutes and '

a simple trick

' for a hacker to steal more than $7 Million worth of Ethereum in a recent blow to the crypto currency market.

The heist happened after an Israeli blockchain technology startup project for the trading of Ether, called

CoinDash

, launched an Initial Coin Offering (ICO), allowing investors to pay with Ethereum and send funds to the fraudulent address.

But within three minutes of the ICO launch, an unknown hacker stole more than $7 Million worth of Ether tokens by tricking CoinDash's investors into sending 43438.455 Ether to the wrong address owned by the attacker.

How the Hacker did this?

CoinDash's ICO posted an Ethereum address for investors to pay with Ethereum and send funds to the app's website.

However, within a few minutes of the launch, CoinDash

warned

that its website had been hacked and the sending address was replaced by a fraudulent address, asking people not to send Ethereum to the posted address.

But before that, this little change of address redirected cryptocurrency by investors slated for CoinDash into the wallet of the hacker.

"It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event," reads a statement posted on the company's official website. 
"During the attack, $7 Million was stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 Million from our early contributors and whitelist participants, and we are grateful for your support and contribution."

CoinDash doesn't know who is responsible for the attack, and the worst part is that the company is still under attack.

Investors are strongly advised to DO NOT send any Ether (ETH) to any address on the site, as CoinDash has terminated the Token Sale.

According to a CoinDash Slack channel screenshot

posted

to Reddit, CoinDash realised what was happening within 3 minutes, but it was too late.

Some people even believe that the incident was not a hack, rather an insider's job. One user

said

: "Is there any proof that this was a hack. What if Coindash put an address in and then cried hacker to get away with free ETH?"

The CoinDash website is offline, at the time of publication, and the company is asking affected investors who sent their Ether to the wrong address to collect the CoinDash token (CDT) by submitting information to this

link

.

However, investors sending Ether to any fraudulent address after the website was shut down will not be compensated.

"CoinDash is responsible to all of its contributors and will send CDTs [CoinDash Tokens] reflective of each contribution," the company noted. 
"Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly."

This isn't the first time an ICO funding has been hacked. Last year, $50 Million was disappeared after hackers exploited code weaknesses in the Decentralised Anonymous Organisation (DAO) venture capital fund.



from The Hacker News http://ift.tt/2utWeGu
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us