Hacker stole $7.4 mln in Ethereum during ICO

7 years ago - Published in Finance, Fintech Land, Technical Analysis

A mysterious cyberthief made off with $7 million in the cryptocurrency Ethereum on Monday after hacking CoinDash, a virtual currency trading platform, during its Initial Coin Offering and inserting a malicious address where digital investors were tricked into sending their funds.

In an official statement on its webiste, the CoinDash team wrote the platform apologized, admitting that a "hacking attack" took place during the event by an unknown perpetrator, resulting in the loss of millions in ethereum. And explaining the cyber attack, the statement said that more than 2,000 investors unknowingly sent their virtual money to the hacker, for a total of roughly 37,000 Ethereum, which equates to around $7 million.

Rather than conduct a complex attack on trading itself, however, the hacker employed a simple tactic. So, the statement added, it appears that the hacker compromised the website and changed this text to a wallet they control.

It was a matter of minutes before the platform realized the security breach had taken place and warned investors, but it was too late and now the stolen funds intended for CoinDash are simply sitting in a wallet awaiting collection.

But, online, suspicion was voiced about a possible planned inside job. With CoinDash saying it will give tokens to contributors, this does seem unlikely, but in an unregulated market, there is little legal recourse available when problems like this arise.

Although cryptocurrencies and their corresponding blockchain technologies have garnered a reputation for transactional security and privacy, incidents like this one also demonstrate that such innovations have also introduced a viable new attack vector, one in which cybercriminals also benefit from anonymity.

Blockchain technology can assure a very high level of data integrity, but we need to remember the numerous intertwined layers of modern technology stack, where one breached system or host can put the entire structure at risk" said Ilia Kolochenko, CEO of High-Tech Bridge.

Chris Pierson, general counsel and chief security officer of payment security company Viewpost, said that the CoinDash hack demonstrates not only that virtual currency companies must practice responsible security, but also that financial regulation may be necessary in this emerging market to ensure proper accountability.