Cryptocurrency platforms have always been a target for hackers over the years. Recently though, as more and more decentralized platforms, and crypto start-ups are being developed, they have become an even more popular focus for cyber criminals. Over the last month there has been 4 such platforms that have been hacked in one way or another and all have had their Ethereum stolen. Below is a run down of the 4 most recent ones.
HACKED
The most recent to be hacked was Enigma, a decentralized, open, secure data marketplace, which only happened 2 days ago. This seems to be a hack that could easily have been avoided. According to one Reddit user the security breach came about after the hacker found Enigma's CEO Guy Zyskind password in a data dump somewhere online. This allowed them to take over the companies website, Google account and Slack account.
After 30 seconds of looking online I found an email for Guy Zyskind. I then searched it on the data breach checking website Have I Been Pwned. Sure enough he had be pwned (owned). This essentially means that his email and password had been exposed in a data breach one time in the past and was out there online somewhere. Probably as part of one of the many data dumps regularly traded on the dark web.
Once the hackers gained control of Enigma's various accounts they then set up a fake pre-sale page with their own Ethereum address and started sending out messages and emails to Enigma customers stating that the pre-sale was now open to the public, and directed them to the pre-sale page.
Once the real owners regained control of the site they placed a banner at the top of their homepage warning people not to send funds to any Ethereum addresses. This message has been taken down during the time I've been writing this. So I assume everything is back to normal for them.
Funnily enough in DuckDuckGo's search cache Guy Zyskind's Twitter bio had said he was a Blockchain, security, & Data geek. It's since been changed to Blockchain, crypto, & Data geek.
Most of the scammed funds have since be transferred out of the original Ethereum wallet and distributed to a handful of different ones. Yes the wallets were named *Fake Phishing. The total amount the hackers scammed was $467,488.
On July 24th this year Veritaseum, a platform that lets you perform trades without brokers, loans, banks, contracts or lawyers, was hacked. According to the founder Reggie Middleton the hack was "very sophisticated" and eventually netted the hackers $8,400,000. Below is a discussion on BitCoin Talk where he explained what happened.
The stolen VERI tokens were transferred to 2 Ethereum wallets. But only one wallet held the majority of the stolen tokens. A HackRead article at the time said the hackers then sold the stolen tokens for Ethereum and transferred the funds to two further wallets.
Parity Technologies, a MultiSig wallet, issued a security statement on July 19th alerting its users of an exploitable vulnerability in the code of their wallets software. Hackers exploited this vulnerability and eventually stole 150,000 ETH around $32,000,000.
Fortunately for some of Parity's customers an organization called The White Hat Group used the same exploit to drain 100's of wallets and was able to keep a portion of the vulnerable ETH safe until the vulnerability was fixed.
Finally last month the Israeli cryptocurrency social trading start-up, CoinDash, experienced a security breach on July 17th this year. This time their websites crowdfunding page was hacked during it's token sale event resulting in the hackers steeling $7,000,000 in Ethereum. As what happened in the Enigma hack the hackers replaced the CoinDash Ethereum wallet address with their own leading to 100's of users sending Ethereum to the wrong address.
You can never keep your cryptocurrencies 100% safe. Even an offline cold storage wallet can be stolen or lost. But as you can see from these recent hacks outlined above the currency itself was never the problem. Most of the hacks were down to human error or poor security. So you should never rely on anyone else to keep your crypto safe. Try and be vigilant when transferring funds around and make sure you double check wallet addresses before sending anything. Always keep your software up-to-date and make sure you follow the latest crypto and hacking news.
