An unidentified hacker (or hackers) has taken control of the Enigma Project website, Slack channel, and mailing list, and tricked users into sending funds to a wrong Ethereum account.
The hack took place during the company’s ICO. An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum.
During the last few days, Enigma was holding an ICO pre-sale in preparation for the main token sale, set for September 11.
Hacker takes control of website, mailing list, Slack channel
The hacker took over the Enigma Project website yesterday and replaced the Ethereum pre-sale address where users had to send money to buy their ICO tokens.
The attacker also gained access to the company’s mailing list and sent out emails to some of Enigma’s mailing list subscribers. A copy of this email is available below.
In addition, the hacker also appears to have compromised the account of a Slack admin and used this access to send messages to users via the company’s official Slack channel, urging users to visit the compromised site and buy tokens in the ongoing pre-sale event.
A copy of the message is available below, and appears to belong to Guy Zyskind, the Enigma Project’s CEO.
The company tried to warn users about the hack via Twitter, Facebook, and a message on its site. Users also tried to warn each other on Twitter, Reddit, and personal blogs [1, 2, 3].
Company regains access over hacked accounts
Hours later, the company’s IT staff managed to regain access over the hacker servers. In a statement on Twitter, the Enigma Project admitted the hack.
IMPT: read the following info from Enigma re: recent scam attempt. Join our Telegram to speak with team admins: https://t.co/SSGIsJ2ZWe pic.twitter.com/mM5mcaAzqG
— Enigma Project (@EnigmaMPC) August 21, 2017
A similar incident happened to CoinDash in mid-July. A hacker hijacked its website during its ICO and replaced the token sale Ethereum address. Hackers stole over $7 million from CoinDash ICO participants.
For the Enigma Project hack, the attackers used the following Ethereum address, currently holding 1,487.9 Ethereum, which is just over $475,000 at today’s exchange rate.
In the end, CoinDash agreed to issue tokens to almost all the persons who sent money to the hacker’s wallet. Enigma has not published any information about how it intends to handle the hack’s aftermath.
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube
