On August 20th, Enigma, a decentralized marketplace and cryptocurrency investment platform was hacked by an unknown hacker. As a result, $500,000 in Ethereum was stolen. The hack attack occurred when the company was gearing up for crypto token sale.
The attack was quite sophisticated since the hacker took over Enigma’s website, admin passwords, email newsletter and Slack account. The hacker then managed to develop and upload a fake pre-sale page linked with a phony ETH address and tricked users into sending money.
Furthermore, the hacker sent email newsletters to users as well as Slack accounts about pre-sale coins ending up receiving a large sum of money through the fake ETH address.
At the time of publishing this article, the fake ETH address page was displaying a warning message urging users not to send their funds using the address. “Warning! The Enigma.co web page at enigma.co/presale/ (now taken down) was compromised (August 21, 2017) and this address was used in the hack. Do not send your funds here!”
According to the official statement, Enigma has acknowledged the hack. In a message on its website’s header, the site says “Warning: Enigma slack compromised, do not send funds. “Hi, Everyone, Our Slack channel and certain email lists have been compromised. We are working diligently to resolve the issues. Do not send funds to any addresses. We will provide further updates on the situation shortly. Do not send funds.”
In a Reddit post, a user going by the handle of ‘iCantHack” claimed that Enigma’s CEO Guy Zyskind was hacked leading to the hijacking of company’s Slack, website and Google account.
“Wanna know what really happened? Their CEO’s, Guy Zyskind, account got hacked. He had admin access to Slack, the website, and the Google account where they hosted the presale form. They now have deactivated his access.
Do you know the guy he got “hacked”? The idiot was in the another recent hacked database, and he kept using the same password. His GitHub IS STILL USING (AS I WRITE THIS) the same hacked password. No 2FA enabled.
Attackers got access to the website (hosted on Heroku), changed put their own Bitcoin and ETH address, used the email list from the compromised Google account, and blasted the users. Then they went to Slack, kicked all the admins out, disabled the channels, and sent announcements. Attackers have so far made 600 Hindered thousands of dollars in ETH and BTC.”
Another user on Reddit commented that they were able to find Zyskind’s email address on HaveIbeenPwned, a data breach index platform. This means it’s quite possible that hacker used the stolen password from a previous data breach.
Here is the official Tweet from Enigma explaining what happened what’s the company’s plan:
This is the fourth Ethereum related data breach in last one month. Previously, the hackers stole Ethereum from following platforms:
It was just a few days ago when Hackread.com exclusively reported on increasing phishing attacks against digital currency platforms. Currently, hackers are creating fake login pages for Bittrex cryptocurrency exchange site and stealing funds.
If you deal in digital currency; make sure not to fall for such scams and always confirm with others before sending your funds to someone.