$7,600,000 Crypto Scammed
The result? $7.6m scammed over 3 hours.
Well done. Very well done, I must say.
Instead of launching scam coins and sham ICOs, I think a lot of scammers and hackers have realized that it is just more profitable to outright scam people.
Why come up with a huge elaborate ICO scam idea when simple scams work out so well?
Creating fake twitter accounts and slack accounts with admin-sounding names are all free too.
I think the loophole of slackbots and slack DMs were also quite effective.
After watching the evolution of scamming go, I really have to say that this takes the cake.
What these hackers did was freaking ingenius.
1) They managed to access the website
2) They posted their own address instead of the real address during the actual start of the ICO
$7.6m worth of Ethereum in the bank.
Honestly, it was a very smart scam because they took full advantage of the FOMO and rush of a popular ICO and just did a simple switch.
Unlike other silly ICOs that got compromised whose hackers tried to "launch early" and basically gave away that they were compromised, this tactic managed to trick a lot a lot of people.
They did not make the mistake of showing their hand too quickly.
I believe that this really sets the precedence for best practices for future ICOs. Part of the actual ICO address should be released beforehand. The address should be resolved to an ENS name which is also publicly known to have been legitimately acquired beforehand. Also, the address should be published slightly before the start of the ICO, so people can quickly look through the code and also verify the address. Finally, the smart contract should just be able to bounce all incoming early transactions.
To those points, I must say that TenX that launched last month did a perfect play that effectively would have rendered a similar hacking situation like this to not even be able to go through.
For hopeful ICO participants, I have some tips to share. Why trust me? I've successfully taken part in more than 1 ICO. Have you?
Tip #1: Only send from wallets which you own the private key. Don't have one? Generate one at myetherwallet. It's free and it takes like 2 minutes.
Tip #2: Double and triple check the ICO details and address from a few of their official channels: website, twitter, facebook, reddit, youtube, slack.
Tip #3: Etherscan an address before you send to it
Tip #4: Don't set gas limit too low, transaction will fail
Tip #5: Don't set gas price too low, transaction might take a very, very low time to go through
With these 5 tips, I hope that you guys can stay safe and will be able to participate in future ICOs safely and successfully.
Remember, Ethereum itself launched as an ICO for $0.30 an ETH. Even after ridiculous declines in recent weeks, it is still worth $175 (at time of writing). 500+ times returns investment? You tell me a stock that can give you that over the past few years and I will clap for you. In case my point flew over your head, "all ICOs are scams" is not a true statement.
Stay safe, remember, cryptos is the wild wild west. Anything goes. Like making away with $7.6m.