Hackers attack cryptocurrency platform Enigma, steal USD 500,000
CEO's poor password security allegedly enabled hackers to steal 1,492 in Ether coin only weeks before Enigma Catalyst’s initial coin offering.
With digital currency, crypto trading and investment becoming more prevalent in the market, it seems like cryptocurrency issuers are becoming more and more prone to getting hacked. With four incidents of Ethereum theft in July 2017 alone, cryptocurrency issuers might have to either strengthen their security measures with more efficiency or move to physical vaults.
Only a few weeks away from its initial coin offering (ICO), cryptocurrency trading platform Enigma Catalyst was hacked on August 21 by an unknown entity. The hacker has managed to steal close to USD 500,000 worth of Ether coin so far. However, all the currency stolen was taken from the company’s community and not the company itself.
The hacker uploaded a fake pre-sale page for investors to send money, spammed the company’s newsletter, and even succeeded in tricking the company's 9,000 Slack channel users in sending cyptocurrencies to their address. However, TechCrunch reports that the incident did not affect the company’s token sale site, which resides on a separate server.
Enigma made the hack official on its webpage and has put up a warning stating that the company’s “Slack channel and certain email lists have been compromised,” urging its users to not send any funds until the issue is resolved. Additionally, the company posted an official tweet explaining the incident, addressed the rumours and its action plan.
Enigma is a digital currency startup founded by a group of MIT graduates, with Guy Zyskind as the CEO. A Reddit user, iCantHack claimed that the entire hack took place only through Zyskind’s email address, which was apparently a part of another hacked database earlier. The user alleged that even after being hacked, Zyskind continued to use his email address without changing his passwords, and the hacker was able to access the company’s website, Slack channel and the pre-sale page by accessing Zyskind’s account.
Ironically, this hack comes only a few days after the company posted an article on its Medium page on how to stay safe during a token sale, and avoid scammers, spammers and phishers.
This is the third ICO related cyber-attack on cryptocurrency issuers, including the USD 8.4 million Ethereum hack during Veritaserum's ICO and the CoinDash ICO hack where USD 7 million worth of Ethereum was stolen. In July 2017, one of the world’s largest Ethereum exchange platforms, Bithumb was compromised, resulting in the theft of USD 1 million worth of cryptocurrency.
While ICOs have managed to raise more than USD 1 billion this year, actually surpassing angel and VC funding in the last couple of months, these successive hacks clearly raise questions about security measures adopted by these companies. Exactly how long till cryptocurrency issuers secure themselves better?