Cryptocurrency platforms have always been a target for hackers over the years. Recently though, as more and more decentralized platforms, and crypto start-ups are being developed, they have become an even more popular focus for cyber criminals. Over the last month there has been 4 such platforms that have been hacked in one way or another and all have had their Ethereum stolen. Below is a run down of the 4 most recent ones.
HACKED
The most recent to be hacked was Enigma, a decentralized, open, secure data marketplace, which only happened 2 days ago. This seems to be a hack that could easily have been avoided. According to one Reddit user the security breach came about after the hacker found Enigma's CEO Guy Zyskind password in a data dump somewhere online. This allowed them to take over the companies website, Google account and Slack account.
After 30 seconds of looking online I found an email for Guy Zyskind. I then searched it on the data breach checking website Have I Been Pwned. Sure enough he had be pwned (owned). This essentially means that his email and password had been exposed in a data breach one time in the past and was out there online somewhere. Probably as part of one of the many data dumps regularly traded on the dark web.
Once the hackers gained control of Enigma's various accounts they then set up a fake pre-sale page with their own Ethereum address and started sending out messages and emails to Enigma customers stating that the pre-sale was now open to the public, and directed them to the pre-sale page.
Once the real owners regained control of the site they placed a banner at the top of their homepage warning people not to send funds to any Ethereum addresses. This message has been taken down during the time I've been writing this. So I assume everything is back to normal for them.
Funnily enough in DuckDuckGo's search cache Guy Zyskind's Twitter bio had said he was a Blockchain, security, & Data geek. It's since been changed to Blockchain, crypto, & Data geek.
Most of the scammed funds have since be transferred out of the original Ethereum wallet and distributed to a handful of different ones. Yes the wallets were named *Fake Phishing. The total amount the hackers scammed was $467,488.
On July 24th this year Veritaseum, a platform that lets you perform trades without brokers, loans, banks, contracts or lawyers, was hacked. According to the founder Reggie Middleton the hack was "very sophisticated" and eventually netted the hackers $8,400,000. Below is a discussion on BitCoin Talk where he explained what happened.
The stolen VERI tokens were transferred to 2 Ethereum wallets. But only one wallet held the majority of the stolen tokens. A HackRead article at the time said the hackers then sold the stolen tokens for Ethereum and transferred the funds to two further wallets.
Parity Technologies, a MultiSig wallet, issued a security statement on July 19th alerting its users of an exploitable vulnerability in the code of their wallets software. Hackers exploited this vulnerability and eventually stole 150,000 ETH around $32,000,000.
Fortunately for some of Parity's customers an organization called The White Hat Group used the same exploit to drain 100's of wallets and was able to keep a portion of the vulnerable ETH safe until the vulnerability was fixed.
Finally last month the Israeli cryptocurrency social trading start-up, CoinDash, experienced a security breach on July 17th this year. This time their websites crowdfunding page was hacked during it's token sale event resulting in the hackers steeling $7,000,000 in Ethereum. As what happened in the Enigma hack the hackers replaced the CoinDash Ethereum wallet address with their own leading to 100's of users sending Ethereum to the wrong address.
You can never keep your cryptocurrencies 100% safe. Even an offline cold storage wallet can be stolen or lost. But as you can see from these recent hacks outlined above the currency itself was never the problem. Most of the hacks were down to human error or poor security. So you should never rely on anyone else to keep your crypto safe. Try and be vigilant when transferring funds around and make sure you double check wallet addresses before sending anything. Always keep your software up-to-date and make sure you follow the latest crypto and hacking news.
I really like the summary you gave. Thanks for that. The Story with Enigma is unbelievable. I just checked one of my trash email accounts via https://haveibeenpwned.com/ and it seems like two accounts of me got hacked. Everyone should check for their important email accounts if they ever got pwned.
No problem.
Yes I expect there are more accounts that have had their data leaked on line than haven't. The only thing stopping all the accounts being hacked is the shear amount of accounts details dumped online.
It's unfortunate but I think these kinds of things are just going to make crypto better. These events will highlight the security problems of current systems and will make developers create stronger and more secure platforms for us to use.
I agree. But due to developers having to second guess all the potential exploits and a hacker only has to find one nothing will ever be completely secure.
I wonder how this will affect Ethereum and Ethereum holders in the future
ETH wasn't effected itself. Just the platforms that were using them. ETH has actually gone up by $100 in the last month.
In a weird way if hackers are willing to steal it then it kind of reinforces its value I guess.
Usually, when this kind of stuff happens the price of ETH dips a bit. It's an unfortunate event, but it may be a good time to pick up some more ETH.
Hey I see you have your own footer image. I could turn it into a nice animated gif for a small fee if you want. Check out my other account @animate if you're interested.
Another day, another Ethereum 💩
It's an interesting case. Thank you for sharing it.
what about myetherwallet
Single current ETH wallets are fine. These were either multi currency wallets or websites that were hacked.
assholes will be assholes. People just need to ask themselves straight up: does this seem legit? Does this seem too good? Do they have a #slack channel / twitter / whatever? That sucks for the people that lost their money. It hurts I'm sure.
Yes even with all the due diligence in the world one could still get stung by one of these hacks.
I wonder if there really is a secure & fully functional way to store crypto-currency, if not then I wonder what would happen if the platform developers aimed some of their innovation and engineering skills towards security of the currencies/platforms they are building - then again they can't stop people being their own weakest link.
Nothing will ever be 100% secure. Developers have to try and patch ever bug when building something but a hacker only has to find one way in. I've heard anecdotally that developing something is 20% build and 80% bug fixing anyway.
I say the safest solution is a paper wallet with your own private key. Then the only person you have to trust is yourself.
Definitely worth an upvote and a resteem :)
Respect
ETH seems be the main target :(
If hackers are going after it I guess it reinforces its value.
How can a MIT and a CEO get so easy hacked with a public database, this is very bad for the team reputation
Good content, i will follow for more :D
Yes its pretty bad. They should be better at opsec really. Especially dealing will 100 of 1000 of other peoples money.
Thanks for your kind words
@fortified
They probably still send the tokens for the people that sent Ethereum but is a very bad negative way to start a ICO.
Check my channel and see if you like the content too
I'm intrigued to see how the hack will effect the ICO. It's such a shame, not only to think of how many people were conned, but also how it will shake investor confidence in what was one of the most exciting Initial Coin Offerings of the year. I personally don't foresee the problems stopping the ICO from selling out.
Me neither. There will still be plenty of other people wanting to throw money at it. The desire to get rich quick from the ICO is greater than worrying about this hack.
Congratulations @fortified! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of comments received
Award for the number of comments
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
REALLY
i guess i should keep all my coins in private held wallets.
Someone is making money by thieving
Guys, my name is Leo I'm new here on steemit, I'm an ecommerce and marketing expert would love to bring some of my stuff over to steemit in the future, so please check out my profile, thanks!
https://steemit.com/bitcoin/@leo-tmp/2ua7wx-steemit-meets-ecommerce
See my last reply to you in your previous spam comment.