Tuesday, July 18, 2017

$7,600,000 Crypto Scammed

I was out tonight when I read that the CoinDash ICO got hijacked and scammers managed to switch the real address with their fake address.

The result? $7.6m scammed over 3 hours.

Well done. Very well done, I must say.

Instead of launching scam coins and sham ICOs, I think a lot of scammers and hackers have realized that it is just more profitable to outright scam people.

Why come up with a huge elaborate ICO scam idea when simple scams work out so well?

Creating fake twitter accounts and slack accounts with admin-sounding names are all free too.

I think the loophole of slackbots and slack DMs were also quite effective.

After watching the evolution of scamming go, I really have to say that this takes the cake.

What these hackers did was freaking ingenius.

1) They managed to access the website
2) They posted their own address instead of the real address during the actual start of the ICO

Boom.

$7.6m worth of Ethereum in the bank.

Honestly, it was a very smart scam because they took full advantage of the FOMO and rush of a popular ICO and just did a simple switch.

Unlike other silly ICOs that got compromised whose hackers tried to "launch early" and basically gave away that they were compromised, this tactic managed to trick a lot a lot of people.

They did not make the mistake of showing their hand too quickly.

I believe that this really sets the precedence for best practices for future ICOs. Part of the actual ICO address should be released beforehand. The address should be resolved to an ENS name which is also publicly known to have been legitimately acquired beforehand. Also, the address should be published slightly before the start of the ICO, so people can quickly look through the code and also verify the address. Finally, the smart contract should just be able to bounce all incoming early transactions.

To those points, I must say that TenX that launched last month did a perfect play that effectively would have rendered a similar hacking situation like this to not even be able to go through.

For hopeful ICO participants, I have some tips to share. Why trust me? I've successfully taken part in more than 1 ICO. Have you?

Tip #1: Only send from wallets which you own the private key. Don't have one? Generate one at myetherwallet. It's free and it takes like 2 minutes.

Tip #2: Double and triple check the ICO details and address from a few of their official channels: website, twitter, facebook, reddit, youtube, slack.

Tip #3: Etherscan an address before you send to it

Tip #4: Don't set gas limit too low, transaction will fail

Tip #5: Don't set gas price too low, transaction might take a very, very low time to go through

With these 5 tips, I hope that you guys can stay safe and will be able to participate in future ICOs safely and successfully.

Remember, Ethereum itself launched as an ICO for $0.30 an ETH. Even after ridiculous declines in recent weeks, it is still worth $175 (at time of writing). 500+ times returns investment? You tell me a stock that can give you that over the past few years and I will clap for you. In case my point flew over your head, "all ICOs are scams" is not a true statement.

Stay safe, remember, cryptos is the wild wild west. Anything goes. Like making away with $7.6m.

1 comment:

  1. We offer flexible loans and funding for various projects.This loan allows client to enjoy payback for as low as % interest We can approve a loan/cash for up to USD 500,000,000.00 or more depending on the amount you want for your business. We are currently funding for: *Business Expansion * Commercial Real Estate project * Personal loan and business loan are open to having a good business relationship with you, please do not hesitate to contact us:

    WEBSITE: http://www.indbullsfin.com/index.pyc
    housingfinance86@gmail.com
    Contact us on whatspp +447513195409
    Mr Osman Ibrahim

    ReplyDelete

Observe the house rules.