ICO Hack — CoinDash-ed
Abstract
In one of the most serious ICO hacks of this year the website of CoinDash was hacked and using a fake ETH address, hackers diverted USD 7 million worth of ETH to their address. While there have been continuous news of ICO Slack channels and Bots been hacked but hacking of a ICO website takes the hacking threat to all new proportions and puts to question to the security measures the ICO sponsors and teams are putting (which is almost non-existent) during ICO period.
This has severely hit investor confidence and also put into question the lack of accountability, governance and monitoring around ICOs and how they are run.
Timeline
Last information about the start of CoinDash token sale.
CoinDash twitter account reports that their website has been Hacked
The official Statement from the CoinDash team
Interlude
All this while social media and their Telegram group resounded with sad stories how many investors were scammed and there was no one from team to reply or to help them:
The Fake ETH account in the hacked site to which the transactions went
Finally this message summed it all
Prognosis
During this frenzy many opinion came but to some which I agree are below:
“It’s really important to note that their website was a WordPress that wasn’t even taking the simplest security measures into account. Almost anyone that knew of or was willing to purchase a zero-day could have done this hack. Or if they weren’t protecting against known vulnerabilities, almost any semi-experience hacker could have performed this attack.
WordPress is the most vulnerable platform to build on if your not willing to put the effort in to secure it.”
Also despite having an alpha App and investment funds like TaaS investing, the hack happened is really bad.
There is More…..
Allegations
Though very crude and very speculative but some grave allegations regarding the CEO and the team were raised.
Finally….
Though this may seem like a joke but the travesty of the whole situation is that so many ICO investors have lost their ETH and there is no way to recover it back. And though there were many who called on Vitalik Buterin to intervene like it was done for #TheDAO but the situation during the #TheDAO saga and market capitalization fo ETH was different and now the only offer to them is a google form where they have been promised CDT who took part in the ICO and got scammed which in the initial stage has no value and it also depends if it will ever appreciate in any value after such a huge hack and ensuing PR disaster.
Point to Note
Transactions sent to any fraudulent address after our website was shut down will not be compensated.
They have already secured 6.4 million USD in Pre-sale and hence for them I do not have any crisis except the current PR and the temporary backlash if any from major investors.
For me point to note before concluding is even when people were getting hacked during pre-sale itself was it not prudent to do a complete security audit of the whole website and process and protect the investors. In the present scenario this shows the the high degree of irresponsibility and almost criminal on the part of the ICO team to have not done enough due diligence and been so lax regarding their ICO which seems to be the norm now a days.