Sunday, November 27, 2022

$7 Million CoinDash Hack Highlights Another ICO Risk

$7 Million CoinDash Hack Highlights Another ICO Risk

In another setback for Ethereum-based token sales, an attacker has made off with over 43,000 ETH (roughly $7.4 million USD). ICO tracking website CoinDash was allegedly hacked to display a wrong sending address for users to participate in its own token sale.

Also read: Moeda’s Christina Hutchinson Says Brazil Fintech has Bright Future

This latest cryptocurrency theft is a reminder that even well-known third-party services may have large vulnerabilities. It also highlights the risky and unregulated nature of ICOs in general.

CoinDash Shuts Down, Warns ICO Investors

CoinDash suspended all trading, and tweeted out a nondescript warning. It also attempted to communicate with buyers over other social media and chat channels like Slack.

Coindash replaced its home page with an official statement on the incident in English, Chinese and Korean. It promised to compensate users who lost ETH with “CDT tokens” of equivalent value. However the company will not compensate users who sent ETH to the fraudulent address after it shut the site down.

It also warned users the platform remained under attack (at press time) and advised not to send ETH to any address there, even those unrelated to the ICO.

“This was a damaging event to both our contributors and our company but it is surely not the end of our project. We are looking into the security breach and will update you all as soon as possible about the findings.”

“The CoinDash vision, product and team will continue to live on. We will be fast to recover and we will create the future of trading.”

CoinDash Reputation Damage Highlights Token Sale Risks

CoinDash ICO teaserCoinDash was reportedly trying to raise $12 million in its own ICO. The amount is quite modest compared to other ICOs recently that raised nine-figure USD sums. In the end, it raised only $6.4 million before shutting down — and will need to find more to make its defrauded investors whole again.

The company received little sympathy from the community on forums like Reddit. Posters said CoinDash should have published its contract in advance, so investors could guarantee it was the genuine item.

ICO’s, crowdsales and token sales — no matter what the platform — have little or no regulation. There are no consumer protections when things go wrong, and no conditions governing who may raise millions and how much investor information they should provide.

Fraudulent address listing remains a problem for any blockchain-based currency, since transactions are final and it’s relatively easy to do. Grassroots attempts to raise funds for political or legal campaigns routinely have to warn against fraudsters posting their own receiving addresses on social media.

Have you ever been ripped off in a cryptocurrency hack/fraud? Tell us about your experience.

Images via CoinDash, Pixabay

Bitsonline Email Newsletter