The Enigma/Catalyst ICO – conceived as transparent, Blockchain-based algorithmic trading platform, is preparing for its upcoming ICO this month. Recently, however, the company has had to announce that it will be returning money to community investors who lost their money thanks to a compromised social network accounts.
Around $500,000 worth of crypto coins were stolen. The hacker re-directed investors in Enigma’s ICO to their own Ethereum wallet. The attacker also gained access to Enigma’s mailing lists, website as well as its Slack community. from which messages were posted with the fraudulent investment address. It is alleged that CEO, Guy Zyskind, had not changed the password of his email account which had been known to be compromised on a previous occasion.
Social Engineering – An Invitation to Scammers
Social engineering in such communication channels like Slack and Telegram has become the norm for ICOs. Clearly, scammers are drawn to such opportunities where they can reach 1000s of people who are looking to make money.
Companies are generally aware of this. Enigma itslef had issued warnings to would-be investors that they should not be sending any investments before its public ICO on September 11. However, it has still confirmed that it will help those who were scammed to get their money back. Fortunately, this is something that the company can afford at this time.
Created by MIT students, Enigma just completed a $20 million pre-sale allotment for its ICO. With the ICO sale itself taking place this month, it plans to add an extra $10 million. The lost $500,000 represents a small percentage in monies lost but will nonetheless be of concern to other investors who will effectively see their investment diluted as a result.
Learning from its own mistakes, Enigma has now introduced new security measures including two-factor authentication for all of its employee email accounts ahead of the upcoming token sale.
In the past, there have been ICOs that were affected when attackers took over token sale sites and added third-party wallet addresses in order to siphon the money into their accounts. In July, CoinDash lost $7 million. In the same month, Veritaseum had $8.4 million stolen in a victimless hack where no investor suffered any financial losses.