Reports alleging a hack involving the Experty initial coin offering (ICO) in which hackers made off with an excess of $150,000 are now surfacing.
Successful Phishing Attempt
The hacker successfully managed to trick people into sending ether funds to a wrong address. Users that had signed up for notifications related to the ICO received an email stating that they could buy Experty tokens (EXY) in exchange for ETH transferred to a particular wallet.
Experty is a technology company engaged in making a VoIP enabled calling system. It is similar to Skype except for the fact that strangers are paid to share their expertise over phone calls. As stated on their website, through Experty any influencer, professional, or expert can grant instant access to their knowledge from anywhere in the world to anyone in the world.
The Experty token (EXY) is used over the platform for payments between users and experts, and the ICO has set a maximum supply of 100 million EXY tokens.
In its official press release, Experty stated that the company’s mission is to focus on solving the talent crisis in the blockchain community by allowing experts to monetize their skills through a Skype-like voice and video application. Payments are handled through an automated smart contract system using Experty’s native token EXY, allowing companies to obtain the talent they need and the blockchain community to continue to expand and flourish.
All users that had subscribed to the Experty ICO notifications received a phishing email on January 26 and 27, 2018 announcing the pre-sale phase of the EXY tokens. Individuals interested in the ICO were asked to transfer Ethereum to the hacker’s account. In this way, several users were easily duped into transferring ether to an anonymous account.
Those who had done their due diligence would have noticed that the original ICO sale is scheduled for January 31, 2018. Despite an announcement by the Experty team that only Bitcoin Suisse will be handling the sale of tokens, several overly enthusiastic users fell victim to the phishing scam.
Assessing the Damage
The scam affected over 71 people, netting the hacker an ether amount worth a surplus of $150,000. However, as per the screenshot posted by Chris Koerner, there remains a possibility that the total number of people scammed is much higher, given that the hacker is said to have used multiple wallets to transfer money.
You heard it here first: The @experty_io #ICO just now got HACKED. It was one of the more legitimate and hyped ICOs, and they even used @BitcoinSuisseAG (same as $OMG) for all KYC. All customer data was leaked. Just got an email. Stay safe, and avoid @experty_io ICO. pic.twitter.com/pVM4l8gzWX
— Chris Koerner | No BS Crypto | Altcoin Expert (@noBScrypto) January 27, 2018
The company in an official statement on its website has warned users that:
“We are aware of ongoing scams, such as offering extra tokens for ‘open crowdsale’ and impersonating members of the team. These are not true and are scams. Contributions will only be accepted through Bitcoin Suisse. All community contribution will go through Bitcoin Suisse platform only.”
The details of the subscribers to the ICO notifications is said to have also been compromised. The hacker may have procured users’ information by hacking into a computer belonging to Experty’s Proof of Care review division. It was initially promised that Experty would give EXY tokens worth $120 to everyone in the subscriber database. In a statement dated January 29, 2018, though, the company announced extra compensation for users who got scammed.