ICO Hack — CoinDash-ed

Abstract

DailyPriyab
Jul 17, 2017 · 4 min read

In one of the most serious ICO hacks of this year the website of CoinDash was hacked and using a fake ETH address, hackers diverted USD 7 million worth of ETH to their address. While there have been continuous news of ICO Slack channels and Bots been hacked but hacking of a ICO website takes the hacking threat to all new proportions and puts to question to the security measures the ICO sponsors and teams are putting (which is almost non-existent) during ICO period.

This has severely hit investor confidence and also put into question the lack of accountability, governance and monitoring around ICOs and how they are run.

Timeline

Last information about the start of CoinDash token sale.

CoinDash twitter account reports that their website has been Hacked

End of Token Sale to mitigate damage but still users were sending ETH to the hacker’s ETH Address
Efforts were underway to prevent further hack
News of Official Statement from coindash.io which reflects they have got back their domain.

The official Statement from the CoinDash team

Claims Form link to describe how to recover the ICO

Interlude

All this while social media and their Telegram group resounded with sad stories how many investors were scammed and there was no one from team to reply or to help them:

The Fake ETH account in the hacked site to which the transactions went

The Fake_Coindash ETH address to which all ETH went. the name looks lame but the damage was huge.
Complains about how the team members were missing as users were getting scammed
There were many who just lost their ETH
Even the Telegram chat was not secure and many scammers were posting fake addresses
There was dismay and panic
There were some who were trying to calm down
And there ware many scammers who wanted to cash into this panic

Finally this message summed it all

Prognosis

During this frenzy many opinion came but to some which I agree are below:

“It’s really important to note that their website was a WordPress that wasn’t even taking the simplest security measures into account. Almost anyone that knew of or was willing to purchase a zero-day could have done this hack. Or if they weren’t protecting against known vulnerabilities, almost any semi-experience hacker could have performed this attack.
WordPress is the most vulnerable platform to build on if your not willing to put the effort in to secure it.”

Also despite having an alpha App and investment funds like TaaS investing, the hack happened is really bad.

There is More…..

Allegations

Though very crude and very speculative but some grave allegations regarding the CEO and the team were raised.

Finally….

Though this may seem like a joke but the travesty of the whole situation is that so many ICO investors have lost their ETH and there is no way to recover it back. And though there were many who called on Vitalik Buterin to intervene like it was done for #TheDAO but the situation during the #TheDAO saga and market capitalization fo ETH was different and now the only offer to them is a google form where they have been promised CDT who took part in the ICO and got scammed which in the initial stage has no value and it also depends if it will ever appreciate in any value after such a huge hack and ensuing PR disaster.

Point to Note

Transactions sent to any fraudulent address after our website was shut down will not be compensated.

They have already secured 6.4 million USD in Pre-sale and hence for them I do not have any crisis except the current PR and the temporary backlash if any from major investors.

For me point to note before concluding is even when people were getting hacked during pre-sale itself was it not prudent to do a complete security audit of the whole website and process and protect the investors. In the present scenario this shows the the high degree of irresponsibility and almost criminal on the part of the ICO team to have not done enough due diligence and been so lax regarding their ICO which seems to be the norm now a days.

CRYPT BYTES TECH

Articles on ICO, Cryptocurrency, Blockchain.

CRYPT BYTES TECH

Articles on ICO, Cryptocurrency, Blockchain. If you like the blog then please help support the publication via https://www.patreon.com/cryptbytestech. You can join to chat with me at https://t.me/joinchat/E-6WAkQsiIyJ2tQ4423hrA.

DailyPriyab

Written by

CRYPT BYTES TECH

Articles on ICO, Cryptocurrency, Blockchain. If you like the blog then please help support the publication via https://www.patreon.com/cryptbytestech. You can join to chat with me at https://t.me/joinchat/E-6WAkQsiIyJ2tQ4423hrA.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store