A lightning-fast raid on a cryptocurrency platform's website earned a hacker $7 million in three minutes yesterday. Moments after CoinDash launched its ICO (Initial Coin Offering, the cryptocurrency version of an IPO), the attacker modified the address of the wallet it used and watched as millions poured into their own account.
The website was shut down as soon as the hack was discovered, but by this time $7 million had already disappeared. CoinDash managed to gather $6 million from investors, but funds stopped arriving with the shutdown.
In a statement issued on its website, CoinDash acknowledged the incident, warned that the attack was still on-going, and advised people to stop sending Ethereum to any wallet.
But, online, suspicion was voiced about a possible planned inside job. With CoinDash saying it will give tokens to contributors, this does seem unlikely, but in an unregulated market, there is little legal recourse available when problems like this arise.
Here's the CoinDash statement in full:
Dear CoinDash contributors,
It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack $7 Million were stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 Million from our early contributors and whitelist participants and we are grateful for your support and contribution.
CoinDash is responsible to all of its contributors and will send CDTs reflective of each contribution. Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly. Transactions sent to any fraudulent address after our website was shut down will not be compensated.
This was a damaging event to both our contributors and our company but it is surely not the end of our project. We are looking into the security breach and will update you all as soon as possible about the findings.
The CoinDash vision, product and team will continue to live on. We will be fast to recover and we will create the future of trading.
Reminder: We are still under attack. Please do not send any ETH to any address, as the Token Sale has been terminated.
More information will be published on our social channels and our website.
Claims forms have been set up for anyone who needs to contact the company.