Soon after the launch of its Initial Coin Offering (ICO), CoinDash, a startup that supposed to create a social trading platform for crypto-markets, has announced that it was attacked by hackers and lost over $7 million in Ether.
The CoinDash team stated that hackers managed to break into the system and placed a malicious Ethereum address on CoinDash’s crowdsale web page. As a result, more than 2,000 backers have sent their funds – 37,000 ETH – to the fraudulent address.
The official statement from the CoinDash says:
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack $7 Million were stolen by a currently unknown perpetrator.”
The fact that hackers were able to break into the system and changed the crowdsale address unnoticed raises more questions than answers.
Bas Wisselink, Board Member at NXT Foundation, Co-Founder and Co-Owner at Blockchain Workspace, a company that offers blockchain education, shares his opinion with Coinidol.com:
“Frankly, the Coindash failure is far from problems with the actual ICO. It was a problem with their site security. If you haven't protected from that, it's like putting on a 30kg armor but forgetting you are supposed to be battling on a mudplain. Very safe, but the basics were forgotten. In this case their WP website was hacked into and the address was changed. That seems so basic to protect against, it's really weird it got left out.”
According to the official statement from CoinDash, it will now credit investors who sent ETH to the fraudulent address with the CDT amount they would have received by sending their ETH to the correct smart contract address.
The main question is, are other ICO projects secured against similar situations? We now see dozens of ICOs launching every week. Sometimes investors find it difficult to understand how professional the team of the project actually is, whether they have a good website and software developers, or are familiar with cryptocurrencies at all.
Dima Voloshchuk, a developer of the CR!PTO Travel media project and co-organizer of the Blockchain Africa conference, commented to Coinidol.com:
“When you start an ICO company, one of the main problem is on which platform to create tokens and how to sell it. From a security point of view, the weakest part is the private account on the website for investors, which is very often, did by programmers who are not familiar with the bitcoin sphere.
For ICO is very important to create security standards for investors because they have to be confident to get their tokens.”
The ICO field is very new and completely unregulated today. New cryptocurrency ventures use it to raise funds for their further development. Usually, such projects only have ideas, a website, and nothing more when they launch the ICO. Only when (or if) seed money is collected, do they involve more people into the team, write whitepapers and start developing the first product.
To date, as the case with CoinDash shows, this field isn’t secure enough. Despite all the promises from advertisements, investors must always remember that they should double check the information that the projects having ICOs provide.
Coinidol’s team reminds investors that they should always do their own research before investing funds in any company.
George Gor, CEO of Coinidol.com, the world blockchain news outlet, commented:
“Reputation is the only real asset of any world news outlet like Forbes.com or Coinidol.com. It's almost impossible to say for sure, if ICO project is a scam or not, even when you dig around it. But there are tons of companies, asking Coinidol to publish their announcements about ICOs. We are checking every new company before the publication, even if they buy an advertisement placement. If we have a suspicion, that the company is not crystal clear, we warn our readers in "nota bene" after the publication. If we know for sure, that the company is a scam, we fight with such a company and we warn the community about the threat. There was a case when the money of scammers was sent to the charity fund BitGive. Every article about ICO has a "disclaimer", warning that you need to check the information twice before investing.”