A hacker has stolen over $7m worth Ethereum in just under five minutes. The heist occurred when CoinDash, a trading platform for ether, launched its Initial Coin Offering (ICO), which is basically a crowdfunding campaign that allows investors to own a stake of the app or service by purchasing digital assets called tokens. Within three minutes of CoinDash launching its ICO, the hacker began raking in the money from CoinDash's investors.
How did the heist happen? The hacker managed to replace the firm's Ethereum wallet's address with a fraudulent one, thereby tricking investors into sending their cryptocurrency to the hacker. Upon discovering the hack, CoinDash shut down its website and took to Twitter to notify users about the theft.
"It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event," CoinDash said in a statement. "During the attack $7 Million were stolen by a currently unknown perpetrator.
CoinDash said that those who unknowingly sent money to the fake Ethereum address "will receive their CDT tokens accordingly". However, investors who made transactions after CoinDash shut down its website "will not be compensated," the firm said.
"All we know now is that an outside attacker changed the address right after the sale started," Ram Avissar, the marketing director of Coindash, told Motherboard. "We have halted the Token Sale contract and trying to understand the best way to compensate those who were affected."
The heist has reportedly led to some users casting doubts on CoinDash's claims of being hacked. Motherboard reported that some users on Reddit have speculated as to whether this was an "inside job." However, there is no evidence to suggest any foul play on the part of CoinDash.
"This was a damaging event to both our contributors and our company but it is surely not the end of our project. We are looking into the security breach and will update you all as soon as possible about the findings" CoinDash said.