Cryptocurrency investment platform falls victim to hackers in major heist.
In a crippling attack, Enigma, a project started by students at MIT, was compromised yesterday (21 August).
The company was preparing for a crypto-token sale as part of its initial coin offering (ICO) when its website, mailing lists and Slack accounts were overtaken by hackers. The ICO, an unregulated method of raising capital using cryptocurrency, had been planned for 11 September.
TechCrunch reported that $500,000 worth of ethereum was not stolen from the company itself, but from the Enigma community in its 9,000-strong Slack group and mailing list.
The Enigma website was changed and fake emails and Slack messages were sent to those interested in the company’s ventures, urging them to deposit money in its crypto wallet.
The large quantity of digital coin stolen comes despite a warning from Enigma staff that they would never seek money in this way.
Wired reported that the scammers compromised Enigma’s channels to “create a sense of legitimacy and urgency”, making users believe the request for funds was legitimate.
Glaring security problems
In terms of how an attack on this scale could be pulled off, reports show that there were some glaring security issues, with two-factor authentication missing from the affected company channels. At least one of the account passwords had also previously leaked.
A spokesperson for the company informed TechCrunch that the dedicated website for the Enigma ICO was not affected. Enigma told Wired it is now adding random passwords and two-factor authentication for each account. In a statement, the company announced temporary closure of its Slack channel.
Protecting the cryptocurrency community
Tor Bair, head of marketing and growth at Enigma, said: “We’ve moved up a number of critical security steps and taken additional measures to protect the community going.
“We’re now very well aware of the potential threats and are taking no chances.”
Although the bulk-up of security by Enigma is welcomed, the hack has many people questioning why a cryptocurrency company was not implementing proper measures in the first place.
The incident follows the major hack of CoinDash’s ICO, where hackers managed to change the company’s web address and snagged more than $9m, according to Fortune. The Israeli company had planned its own ICO, but the hackers reached its website a mere 13 minutes into the sale.
