Being a crypto hacker seems to be paying off these days. After last month’s CoinDash ICO hack, where hackers were able to get away with $7 million worth of Ether, it seems they have managed to hit yet another payday this Sunday. This time, hackers were able to steal 1,500 ETH, worth over $500,000, from willing Enigma investors.
Enigma is a decentralized investing platform, that will allow users to build their own crypto hedge funds, and their ICO is scheduled for the 11th of September. The hacker was able to get access to the CEO email, Guy Zyskind, and to the company’s website and Slack group. He then proceeded to alter the website and started communicating that a pre-sale ICO was taking place, although Enigma had previously informed that it wouldn’t be collecting money prior to the ICO.
The Enigma team quickly warned the community that they had been compromised, but it was already too late. The company itself didn’t lose any funds, nor were there wallets stolen. The money was all transferred from the community directly to the hacker’s address, who quickly started moving his funds to other addresses.
The Enigma website and Slack group are currently offline, and the team is only communicating via Twitter and Telegram. They recently announced that critical security measures will be implemented for all the members of the team, including two-factor authentication and strong, weekly rotated, passwords for all accounts. It’s important to note that Reddit users found out that Enigma CEO’s email had been previously hacked and dumped on the internet. Apparently, Zyskind didn’t change his password after this occurrence and two-factor authentication was disabled.
All of these factors, coupled with the fact that the team is made of MIT students, makes the whole situation a little embarrassing. In fact, not only is it embarrassing but ironic as well, considering that one of Enigma’s co-founders, Can Kisagun, participated in an article on how to prevent hackers from stealing from Initial Coin Offerings.
Although the fault may lie with the team, users should also do their homework before sending ETH to an unknown address and check if the contract code is published and verified by Etherscan.
It is still unclear if Enigma plans to compensate the users affected by the attack but the team will carry on with the project and intends to do a live stream during the crowdsale, in order to ensure the trust of the community and the transparency of the project.