Israeli blockchain technology startup CoinDash is the latest company to fall victim to hackers. During its initial coin offering (ICO) launched on July 17, an unknown hacker orchestrated the heist making off with over $7 million in ether (ETH).
CoinDash aims to create a blockchain asset social trading platform. For the purposes of the ICO, the startup had set up an Ethereum smart contract address. Investors participating in the token sale were instructed to send ETH to that address, which was provided on the startups’ website.
As is explained by a statement on the company’s website, the ICO’s private sale proceeded well with no security issues. “The CoinDash Token Sale opened to the public on July 17 at 13:00 PM GMT, starting with a 15-minute heads up for whitelist contributors. During these 15 minutes, 148 whitelisted contributors sent 39,000 ETH to the token sale smart contract that were secured with a multisig wallet.”
However, a few minutes after the token sale was opened to the public, a hacker was able to gain access to CoinDash’s website and change the ETH smart contract address provided for the token sale. Subsequently, more than 2000 investors sent approximately 37,000 ETH to the malicious address.
According to reports, the startup quickly realized the hack was in progress and warned users on Slack, Twitter, and other forums to stop sending funds to the address. Unfortunately, the damage had already been done. Investors, on different forums, complained about the loss of funds with some going as far as to speculate on the possibility of an inside job.
In an effort to bring the assailants to justice and allay investors’ fears, the startup has launched investigations in collaboration with law enforcement. “CoinDash has launched an internet forensic investigation to determine who was behind the hack. We will do our best to identify the responsible parties, and are exploring options for further assistance. We have contacted law enforcement agencies and fully cooperate with them on all matters of this incident the community and our contributors will be updated as soon as we have answers.”
In addition to the investigation, CoinDash will ensure all the investors who participated in the token sale will get their money’s’ worth. “CoinDash will credit investors who sent ETH to the fraudulent address with the CDT amount they would have received by sending their ETH to the correct smart contract address.”
The company is requesting investors who sent funds to the malicious address to submit their information through this link in an effort to compile a full list. “We are currently gathering information regarding each of the attack victims and will release the complete list for our contributors and community review shortly. CoinDash will further compensate its contributors using the resources at its disposal. More details will be released as soon as we have a complete list of all the people who were affected by this attack.”
CoinDashs’ website is still offline as the startup works to resolve all issues connected to the hacking.