Hackers have managed to trick Experty ICO participants into sending tens of thousands of dollars' worth of Ethereum to the wrong wallet address in a recent phishing scam. Experty has been developing a blockchain-based consulting platform and VoIP calling system that lets consultants monetize their knowledge, time and expertise.
The firm was looking to raise funds for the project in an upcoming ICO with sales handled by Bitcoin Suisse that Inc.com ranked as one of the top ICOs of 2018.
However, hackers managed to exploit interest in the ICO scheduled for 31 January by sending phishing emails over the weekend that announced a phony pre-ICO sale to Experty users who signed up for notifications.
Scammers pretending to be from Experty sent out a fake pre-ICO announcement email that encouraged users to send money to an Ethereum wallet to buy Experty (EXY) tokens and participate early in the ICO. At least 71 people seem to have fallen for the phishing scam, losing over $150,000 worth of Ethereum to the hackers.
Experty said in a statement that the hackers gained illegal access to user information by targeting one of the people who carried out Experty's Proof-of-Care review. The compromised data included users' full names, email addresses and ETH-addresses.
"We have eliminated the source of the hack. Funds sent to Bitcoin Suisse are safe and KYC information was not compromised," Experty said in a Medium post. The firm did not specify when the attack took place or how many users were compromised in the breach.
Bitcoin Suisse, which is handling all sales of EXY tokens in the actual ICO, was not compromised in the security breach, the companies said.
"We emphasise, that it is only data, which was submitted to Experty's own site, that has been compromised and leaked. No data from Bitcoin Suisse has been leaked," Bitcoin Suisse said in a separate statement. "The leak of data, from Experty's website, has resulted in a lot of people receiving phishing emails – especially from firstname.lastname@example.org. These mails are not from Bitcoin Suisse even if they might appear or pretend to be so.
"Bitcoin Suisse only gives unique individual deposit addresses, and you can always verify it on our ICO platform. . As a regulated financial intermediary in Switzerland, we are subject to very high standards of data protection – especially about personal information. We put a great effort and honor in protecting out clients data and sensitive information, keeping it as safe as possible."
Experty has offered to give 100 EXY tokens to everyone who had their ETH address in their database "as a gesture of good will". It is currently reaching out to victims who fell for the scam before 28 January as well to "distribute the proportional amount of EXY tokens to them, including the bonuses for their tier, from our company allocation."
"We are deeply apologetic for the inconvenience this may have caused you," the company said. "We are taking precautions and increasing security to ensure that this does not happen again. The Experty community is our number one priority, and always has been. We will continue to work towards a safer and prosperous future, and we hope that you will be there with us."
IBTimes UK has reached out to Experty for further comment.