A number of participants in the Experty ICO have had their emails addresses and other personal information compromised, it has been revealed.
Unidentified parties who gained access to an Experty contact list sent out an email over the weekend containing a pre-sale announcement requesting ETH payments for a wallet address unaffiliated with the ICO.
Experty is developing a platform for experts to monetise their knowledge and was chosen by Inc.com as one of the top ICOs of 2018.
At present 71 people are known to have been duped by the phishing scam to a total of around $150,000 at current ETH prices. The largest contributor has been swindled out of 25 Ether, almost $30,000 at time of writing.
The actual ICO is slated for January 31st with all sales handled by Bitcoin Suisse, who have issued a statement on the security breach. They say that, “it is only data, which was submitted to Experty’s own site, that has been compromised and leaked. No data from Bitcoin Suisse has been leaked.”
Experty have issued their own statement, saying they have identified the source of the hack. “During the Proof of Care (PoC) review,” they said, “one of our reviewers was compromised and hackers gained access to some information about users from PoC.” They emphasised that “funds sent to Bitcoin Suisse are safe and KYC information was not compromised.”
“I do not trust them any more”
The news first appeared on social media sites where some shocked investors vented their fury. One said that the email was “the most professional scam email I have seen so far”, adding that “any further participation in experty ico is out of question. I do not trust them any more.”
Others worried that compromised personal details could make them targets for future scams. “Does your ETH wallet look nice and fat? Lots of ETH and lots of juicy tokens?” was the question one investor asked to those whose details have been betrayed.
Experty have responded to the news with an apology and a donation of 100 EXY tokens (around $120) to those on the email list. Experty add that they are “taking precautions and increasing security.”
Investors in any ICO are advised to always double-check the contributions addresses provided by any project team. New address verification services such as the Clearify.io platform are emerging to tackle what has been an endemic issue with ICO fundraisers, with only a minority of ICOs taking advantage of such services.
According to one recent audit by Ernest & Young, as much as 10% of all ICO investment contributions to date may have fallen victim to phishing scams.