$7m of Ethereum was stolen with a ludicrously simple hack
Cryptocurrency darling Ethereum has been dealt a massive blow as a single, unknown hacker has stolen around $7.4 million worth of ether from currency exchange CoinDash.
The hacker didn’t manage to crack Ethereum itself, but instead exploited CoinDash’s own lax security by taking control of the website just minutes after it opened up an ICO (initial coin offering) on Ethereum. ICO’s work in very much the same way as a business’ IPO, meaning people make payments to snap up a share of mined ether.
This wasn’t a complex hack, the attacker simply switched the cryptocurrency wallet CoinDash pointed to on its website. This meant that, once the hacker took over around three minutes into the ICO, all future payments filled their wallet instead of CoinDash’s.
CoinDash locked their website down once they noticed the attack but it looks likely that the hacker made off with a lot of money. The company says that, within the first three minutes of its ICO, they received around $6 million worth of Ethereum. As Ethereum is like Bitcoin, transactions are traceable and CoinDash can see that around 43,438 ether has landed in the hacker’s wallet – this currently equates to around $7.4 million.
The currency exchange has said that it will honor all those who made successful payments, and the same for those who made payments that were stolen. All payments made once CoinDash shut off its site are, however, lost.
“CoinDash is responsible to all of its contributors and will send CDTs reflective of each contribution”, reads a statement on its website. “Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly. Transactions sent to any fraudulent address after our website was shut down will not be compensated.”
As with every major cryptocurrency debacle, some corners of the internet are claiming that the hack is an elaborate ruse by CoinDash. Some claim they’ve been at the heart of other scams and this is just another way to weasel some money out of the new Ethereum craze.
It does have to be said that it’s alarming that a cryptocurrency exchange site like CoinDash could be so easily hacked – but that’s a reason to question their competence, rather than their honesty.
“This was a damaging event to both our contributors and our company but it is surely not the end of our project,” CoinDash said. “We are looking into the security breach and will update you all as soon as possible about the findings. The CoinDash vision, product and team will continue to live on. We will be fast to recover and we will create the future of trading.”