Hackers hijacked CoinDash’s initial coin offering Monday, stealing $7.7 million in cryptocurrency from the nascent trading platform.
The attack occurred during a 15-minute period for “whitelist contributors” prior to the public ICO. During that time, the hackers were able to compromise the CoinDash website and swap out the CoinDash Token Sale address with one under their control.
CoinDash said in an advisory published today that more than 2,000 investors sent 37,000 ETH, (Ether or ethereum). ETH is trading this afternoon at approximately $209 per.
The organization said it has brought in law enforcement and is investigating the attack. Investors, meanwhile, will be credited, CoinDash said in its statement.
“CoinDash will credit investors who sent ETH to the fraudulent address with the CDT amount they would have received by sending their ETH to the correct smart contract address. We are currently gathering information regarding each of the attack victims and will release the complete list for our contributors and community review shortly. CoinDash will further compensate its contributors using the resources at its disposal. More details will be released as soon as we have a complete list of all the people who were affected by this attack.”
CoinDash is an ethereum trading platform, and its ICO yesterday was meant to raise funds for further development and to allow investors to buy tokens and a relative share of the platform.
CoinDash provided investors an address, but hackers were able to insert their address instead and any ETH meant for CoinDash was instead on its way to the attackers.
Website has been hacked.
— SSV Network (@ssv_network) July 17, 2017
The Token Sale is done, do not send any ETH to any address. Official statement regarding the hack will be released soon.
— SSV Network (@ssv_network) July 17, 2017
A post to the ethereum subreddit questioned why CoinDash was using a WordPress site, why it couldn’t secure its site and the ICO, and how a relatively easy the hack was pulled off.
The ICO was expected to go on through Aug. 17; investors who sent Ether to the crowdsale contract were to receive CoinDash Tokens in return. According to an analysis published prior to the ICO, CoinDash was expected to sell half of its tokens during its tokensale and the other half would to go toward product development, marketing and PR efforts, and more.
CoinDash said it considered alternatives to ensure the token sale remains fair.
“Distributing the tokens is the only way to ensure its value will not be lost completely. It is incumbent upon us as a company to continue to build the product that our investors valued,” CoinDash said. “The only way now is to move forward. The company’s vision is intact and the products we are developing are still in high demand (even more so now). Such malicious attacks will not divert us from developing a product that will make crypto investments more accessible to the public.”