CoinDash (ISO), an Israeli cryptocurrency social trading start-up has announced that it has suffered a massive security breach in which the company’s crowdfunding page was hacked during Token Sale event earlier today — As a result, unknown hackers stole Ethereum worth $7 million.
The incident took place when hackers breached the CoinDash’s website and replaced the official Ethereum address to a fraudulent Ethereum address. The users then sent ETH to the fraudulent Ethereum address rather than the CoinDash’s official address.
As of now, CoinDash has shut down their website and is currently investigating the issue. The company has also assured their clients and customers that it will issue certified digital tokens (CDTs) to those who had sent ETH to the fraudulent Ethereum address. However, those who had sent transactions after the CoinDash’s site was shut down will not be compensated.
At the time of publishing this article, CoinDash was displaying a security notice explaining what happened and what the company is doing to avoid further damage. Here’s a full preview of the notice:
Website has been hacked.
— Blox.io (@Blox_Official) July 17, 2017
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack, $7 Million were stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 Million from our early contributors and whitelist participants and we are grateful for your support and contribution.
CoinDash is responsible to all of its contributors and will send CDTs reflective of each contribution. Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly. Transactions sent to any fraudulent address after our website was shut down will not be compensated.
This was a damaging event to both our contributors and our company but it is surely not the end of our project. We are looking into the security breach and will update you all as soon as possible about the findings.
The CoinDash vision, product, and team will continue to live on. We will be fast to recover and we will create the future of trading.
Reminder: We are still under attack. Please do not send any ETH to any address, as the Token Sale has been terminated.”
Also, CoinDash’s official website is coindash.io but HackRead team has identified another website coindash.xyz claiming to be the official CoinDash website. CoinDash customers are advised to be careful and don’t fall for further scams.
This is the second time in the last two weeks that a cryptocracy platform has suffered a large-scale security breach. About 13 days ago, South Korea’s Bithumb, 4th largest Bitcoin exchange was hacked, and billions in S.Korean Won were stolen.
We have contacted CoinDash – Depending on their reply this article will be updated with more info.