Phishing Scam: Hackers Steal $150,000 in Ethereum from Experty ICO

Just a week after the biggest hack in the history of cryptocurrency business in which Japan-based Coincheck exchange was hacked to steal $534 million the much-awaited token sale called Initial Coin Offering or ICO by Experty has landed in no man’s land after a hacker tricked the ICO participants with a fake pre-ICO sale announcement and luring those who signed up for the notifications into sending Ethereum funds to wrong wallet address. Through this targeted attack, the hacker(s) manages to steal around $150,000 in Ethereum before ICO event was held.

ICO is quite similar to a conventional Initial Public Offering or IPO but what makes it different is that buyers receive a token from an online platform instead of getting stocks in a firm. Users are allowed to keep the token until the company that issues them is ready to repurchase them. They may even sell the tokens to others who us Ethereum.

Through ICO, Experty was looking to raise funds for a VoIP calling system that could facilitate voice and video conversations like Skype as well as allow secure cryptocurrency based payments via Blockchain. Experty had high hopes in this sale since Inc.com ranked this ICO as one of the top ten ICOs due to be held this year.

Phishing Scam

What actually happened was that between January 26 and 27, Experty users who receive the announcement and signed up for notifications were asked through email to send funds to an Ethereum wallet in order to buy EXY tokens and participate in the ICO. This was a fake email because the real ICO by Experty was to be held on January 31st; hence the email was sent by a hacker and the wallet address was also not owned by the Expert team.

Phishing Scam: Hackers Steal $150,000 in Ethereum in Experty ICO Hack
Fake email address sent to Experty users

The fake Ethereum wallet address has at least $150,000 worth of funds that got collected through 71 transactions. It is worth noting that Experty has tied up with Bitcoin Suisse to initiate transactions. Now, both the firms are requesting users to not send money to the fake wallet.

According to the official statement, Experty and Bitcoin Suisse state that the hacker compromised the computer of one of the people who conducted the Proof-of-Care review for Experty. Initially, Experty stated that it will be giving 100 EXY tokens to every individual in its email database, which is equivalent to $120. However, now the company has announced additional compensation for users who managed to send the funds into the fake wallet.

Bitcoin Suisse also issued a statement claiming that the data that was submitted to Experty’s website has been hacked and compromised but nothing from Bitcoin Suisse has been exposed. Investors in ICO are recommended to double-check the wallet addresses sent by any project team before making transactions. They can use services like Clearify.io platform to verify the new address.

Refunds Due to the Data Breach

In a statement issued on January 28th, the company will be refunding its customers. 

“We will be contacting the victims that are in our database in order to distribute the proportional amount of EXY tokens to them, including the bonuses for their tier. If someone wishes to receive ETH instead, we ask them to please contact us privately about this.”

Any ETH sent to the scammer after this announcement [January 28, 2018, at 21:30 UTC] will not be refunded in order to prevent people purposely sending money to the scam address to receive EXY tokens.”

10th Breach Against A Cryptocurrency Platform In Last 6 Months

1: July 4th, 2017: Bithumb hacked and 1.2 billion South Korean Won stolen.
2: July 17th, 2017: CoinDash hacked and $7 million in Ethereum stolen.
3: July 24th, 2017: Veritaseum hacked and $8.4 million in Ethereum stolen.
4: July 20, 2017: Parity Technologies hacked and $32 Million in Ethereum stolen.
5: August 22nd, 2017, Enigma marketplace hacked and $500,000 in Ethereum stolen.
6: November 19th, Tether hacked and $30 million worth of tokens stolen.
7: December 7, 2017: NiceHash hacked and $70 million stolen.
9: December 21, 2017: EtherDelta hacked and $266,789 in Ethereum stolen.
10: January 26th, 2017: Coincheck hacked and $534 Million stolen

Image credit: DepositPhotos/Marisha

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.