Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by martyb on Wednesday July 19 2017, @01:32AM   Printer-friendly
from the invest-in...-security? dept.

A hacker has allegedly just stolen around $7.4 million dollars worth of ether, the cryptocurrency that underpins the app platform ethereum, by tricking victims into sending money to the wrong address during an Initial Coin Offering, or ICO. This is according to a company called Coindash that says its investors were sending their funds to a hacker.

On Monday, Coindash, which offers a trading platform for ether, was slated to launch its Initial Coin Offering. These are essentially crowdfunding drives that allow investors to own a stake in the app by buying digital assets called tokens. Initial Coin Offerings are an incredibly popular method of funding an app on ethereum, and some ICOs have raked in millions of dollars within minutes of going live. Even the silliest apps have been able to raise thousands of dollars in token investments during recent ICOs.

Coindash's ICO, like many others, launched simply by posting a string of text representing an ethereum address for investors to send money to on the app's website. However, mere minutes into what was supposed to be another successful ICO, Coindash warned that its website had been hacked and asked people not to send ethereum to the posted address.

It's still unclear exactly what happened, but it seems like the hack was incredibly simple: The hacker allegedly took control of the Coindash official website and changed the text on the site, publishing their own ether wallet address instead of Coindash's. When people went to "invest" in Coindash, they actually sent their ether to the hacker, not the company.

Even though Coindash noticed the hack and warned investors quickly—just three minutes after the ICO launch—the damage was done.

Source: MotherBoard


Original Submission

Related Stories

Robbing the Ethereum Stagecoach 17 comments

Some time ago, I wrote that I had given up on Ethereum. While the problems coming from the DAO hack are now in the past Ethereum has had a few other problems.

Granted, these problems have nothing to do with Ethereum itself. They are all exploits in the surrounding ecosystem. Hacking the CoinDash website to replace their public wallet address was particularly cheeky. This all reminds me of tales of the Wild West, when money was transferred between banks by stagecoach or by train. The technology simply didn't exist to provide the necessary security way the heck out on the prairie.

Seems like that's where we are now. The necessary technology does not exist, to provide the security that currencies like Ethereum and Bitcoin really require. Website hacks are a dime a dozen, and when a hack can be worth $millions... The same for software: When professional programmers still write code vulnerable to SQL injection - when our platforms even allow this as a possibility - then we simply do not have the technology to secure the stagecoach.

Previously:
$30 Million Below Parity: Ethereum Wallet Bug Fingered in Mass Heist
Hacker Allegedly Steals $7.4 Million in Ethereum During ICO
Used GPUs Flood the Market as Ethereum's Price Crashes Below $150
Ethereum Mining Craze Leads to GPU Shortages
Ethereum Unusable, DAO Refunds Possible


Original Submission

Cryptocurrency Market Evolves with Pre-ICO Options 11 comments

ICOs [Initial Coin Offerings] are becoming so hot that one issuer has been able to sell options prior to the funding round. Monkey Capital, a decentralised hedge fund that invests in SpaceX supply contracts, hostile public company takeovers and Blockchain systems, while simultaneously speculating on large blocks of Crypto, made history Thursday by becoming the first ICO to successfully sell options.

The options, called COEVAL, trade on Waves Decentralised Exchange (DEX), and did robust business out of the gate during a discussion in which Monkey Capital's CEO talked to hundreds of investors in the company's Slack about valuation premiums.

[...] Earlier in the week, Huffington Post labelled Monkey Capital's ICO "the billion dollar baboon" with senior writer Azeem Khan reporting that "chat rooms already have the offering pegged to raise a billion dollars or more, becoming the first ever 10-digit sum raised in a crowdfunding campaign."

[...] On July 15, Monkey Capital will launch its ICO when buyers will have a chance to subscribe for Monkey (MNY). Some months ago however, the management team distributed tokens called COEVAL out to friends and family, as well as "hot girls" according to Harrison.

Source: Coinspeaker.com

Previously:

https://soylentnews.org/article.pl?sid=17/07/27/1640225

https://soylentnews.org/article.pl?sid=17/07/20/1430212

https://soylentnews.org/article.pl?sid=17/07/19/0123201


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Offtopic) by Anonymous Coward on Wednesday July 19 2017, @01:39AM

    by Anonymous Coward on Wednesday July 19 2017, @01:39AM (#541267)

    spread the wealth mofo

  • (Score: 0) by Anonymous Coward on Wednesday July 19 2017, @01:47AM

    by Anonymous Coward on Wednesday July 19 2017, @01:47AM (#541272)

    If an important person or important corporation lost any money, the good folks at Ethereum will just rewind this transaction. No, not you. You are not important.

  • (Score: 1) by nnet on Wednesday July 19 2017, @02:30AM (4 children)

    by nnet (5716) on Wednesday July 19 2017, @02:30AM (#541282)

    so how is the perp actually going to get hard cash from this?

    • (Score: 0) by Anonymous Coward on Wednesday July 19 2017, @03:19AM

      by Anonymous Coward on Wednesday July 19 2017, @03:19AM (#541304)

      No idea. But however it was done, my guess is that speed was important.

      Speculation -- convert to other digital currencies several times, split into smaller amounts, then to something popular like bitcoin where it can be changed into dollars or other regular currency?

    • (Score: 0) by Anonymous Coward on Wednesday July 19 2017, @03:26AM (1 child)

      by Anonymous Coward on Wednesday July 19 2017, @03:26AM (#541306)

      Isn't there "whirlpool" services for this? Constant stream of bitcoins/whatever transactions of various values go in and a constant stream of transactions of various values (less a small fee, of course) go out. No way to tie inputs to outputs, so they say.

      • (Score: 2, Funny) by Anonymous Coward on Wednesday July 19 2017, @03:52AM

        by Anonymous Coward on Wednesday July 19 2017, @03:52AM (#541314)

        google tells me to look here, https://www.whirlpool.com/services/about-us.html [whirlpool.com]

        At Whirlpool, we advance technology to the point of Simplicity. Creating innovation that's forward thinking for what we choose to put in it – and what we don't. Great design that fits seamlessly into life. And is truly a pleasure to live with.

        Perfect match for anyone new to money laundering... (ducking)

    • (Score: 1, Informative) by Anonymous Coward on Wednesday July 19 2017, @04:16AM

      by Anonymous Coward on Wednesday July 19 2017, @04:16AM (#541323)
  • (Score: 2) by coolgopher on Wednesday July 19 2017, @05:32AM (1 child)

    by coolgopher (1157) on Wednesday July 19 2017, @05:32AM (#541339)

    Is there any way to undo such a thing when you're using a block-chain? My (limited) understanding is that there wouldn't be, but I'm happy to be corrected.

  • (Score: 1, Informative) by Anonymous Coward on Wednesday July 19 2017, @11:10AM

    by Anonymous Coward on Wednesday July 19 2017, @11:10AM (#541389)

    Making a app to do with digital currency transactions ... Fuck up their digital currency transactions.

    so, why should anyone trust them?

  • (Score: 0) by Anonymous Coward on Wednesday July 19 2017, @11:39AM

    by Anonymous Coward on Wednesday July 19 2017, @11:39AM (#541393)

    Stupid bean counters, take notice.

  • (Score: 0) by Anonymous Coward on Wednesday July 19 2017, @06:17PM

    by Anonymous Coward on Wednesday July 19 2017, @06:17PM (#541562)

    It would utterly destroy trust in the system if valid, intentional, legitimate transactions can be reverted because someone made a mistake and regrets sending money to a certain address.

    The person responsible should go to prison, and have their key sized and used to return the coins, but it must not be imposed from outside the system but conducted within the system.

    When someone steals cash we would never even consider registering those bill's serial numbers as invalid and printing replacements to reimburse the victims, because that would utterly destroy trust in the cash.

    Of course people will try to do so nonetheless, this will be a good test of the security of the system.

(1)