Last month, CCN reported on CoinDash’s ICO being hacked. Hackers managed to change the address on its website and made over $9 million. Now, despite not making as much money, a hacker managed to compromise Enigma before its ICO in a similar way, and has netted over 1,500 Ether (over $500,000) from the community.
Enigma, a project started by MIT graduates whose ICO was scheduled for September, didn’t lose any money itself, as the hacker only managed to get his hands on the company’s website, mailing list, and Slack group.
After the hacker managed to compromise Enigma’s social accounts, he started to send emails and post Slack messages to urge the community to send funds to his Ethereum address claiming Enigma opened its pre-ICO. In sent emails, according to reports, the hacker stated it had a hard cap set at $20 million. The email read:
We are pleased with the enormous support we have gotten in the last couple of weeks. The Enigma team has decided to open the Pre-Sale to the public. The hard cap for this pre sale will be 20 Million. Please note that tokens will be calculated and distributed based on how much the Pre-Sale raises.”
After being compromised, the Enigma team quickly warned the community and news of the hack spread fast. Nevertheless, about 200 transactions were made. At press time, the hacker has already started moving its Ether to various other addresses.
WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put.
— Enigma Project (@EnigmaMPC) August 21, 2017
In response to the incident the company took its websites and Slack group offline, and keeps on updating users via Telegram and Twitter. According to users on Reddit, after the website was knocked offline the hacker tried to justify it by claiming it was receiving a lot of traffic. On Etherscan, a warning has already been added to the address to prevent users from sending funds. Enigma’s team issued a statement on Twitter informing users.
How the Hacker Compromised Enigma
While trying to know more about the incident and help other users know about it, redditors found out that Enigma CEO Guy Zyskind’s email had been accessed by the hacker. His email, according to reports, had been dumped on the internet in the past due to other services being compromised. After these occurrences, Zyskind reportedly never changes his password, and no two-factor authentication was enabled.
Speaking to TechCrunch, a spokesperson stated that certain team passwords were compromised, and that the dedicated website for the token wasn’t affected as it resides on a “separate, more secure server.”
The company added that it has implemented new security measures, including strong passwords and two-factor authentication. The hack, however, is pretty embarrassing taking into account that one of Enigma’s co-founders recently gave Business Insider his “one way” to prevent ICO hacks. This year, over $1.2 billion have been raised by ICOs, and this means a lot of bad actors will always try to get their hands on a share of the money.