searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 22, 2017
Share

Hackers stole over $500,000 from Enigma cryptocurrency investors

Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.

The Enigma cryptocurrency hack

The attack unfolded on Monday (August 21), but the company noticed that something was happening the day before, and posted a warning on Twitter:

WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put.

— Enigma Project (@EnigmaMPC) August 21, 2017

Despite all that, the attackers managed to compromise the company’s Web site, Slack channel, and mailing lists.

They proceeded to set up a fake page announcing a token presale and put their own digital wallet address as the destination for the payments, then sent out (via email) and published (on Slack) an invitation to investors to buy tokens:

Enigma cryptocurrency hack

As noted before, would-be investors who believed the invitations to be legitimate started buying and sending funds to the attackers’ address. Most of the money has already been retrieved.

It didn’t take that long for the Enigma team to retake control of all compromised accounts and the Web site, but the damage was done. They confirmed that no company funds, wallet addresses, user passwords, not private keys were stolen, and that their Twitter, Facebook, Telegram accounts, as well as the Enigma blog, were not hacked.

In an email sent out to the Enigma community, the team said that they “will work hard to make things right for all those hurt in this scam attempt,” and announced new security measures that give an idea of how the hackers managed to pull off the attack (poor/reused passwords, no two-factor authentication):

We've just sent an email to the Enigma community. Check inboxes. More information on our response to the scam attempts. Pieces follow below. pic.twitter.com/mJ1LOdAnIZ

— Enigma Project (@EnigmaMPC) August 22, 2017

In a discussion on Reddit about the incident, one commenter suggested that the attackers used login data compromised in a previous, separate hack to hijack Enigma CEO Guy Zyskind’s account, and used that access to modify the Web site and send out the announcement via email and Slack.

More about
  • account hijacking
  • cryptocurrency
  • Ethereum
  • hacking
  • theft
  • web hacks
Share this

Featured news

  • A bug revealed ChatGPT users’ chat history, personal and billing data
  • Known unknowns: Refining your approach to uncategorized web traffic
  • Prioritizing data security amid workforce disruptions
How to protect online privacy in the age of pixel trackers

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

BEC scammers are after physical goods, the FBI warns

A bug revealed ChatGPT users’ chat history, personal and billing data

Known unknowns: Refining your approach to uncategorized web traffic

Prioritizing data security amid workforce disruptions

CISA releases free tool for detecting malicious activity in Microsoft cloud environments

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us