searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine

Related topics

  • Hacker grabs $30 million in ether through Parity multisig wallet flaw

Featured news

  • Starting your cybersecurity career path: What you need to know to be successful
  • Security awareness programs: The difference between window dressing and behavior change
  • Number of ransomware attacks grew by more than 150%
  • Digital-first lifestyle opens consumers to potential risks during tax season
  • Trends that will influence remote work in 2021 and beyond
Zeljka Zorz
Zeljka Zorz, Managing Editor, Help Net Security
August 22, 2017
Share

Hackers stole over $500,000 from Enigma cryptocurrency investors

Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.

The Enigma cryptocurrency hack

The attack unfolded on Monday (August 21), but the company noticed that something was happening the day before, and posted a warning on Twitter:

WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put.

— Enigma Project (@EnigmaMPC) August 21, 2017

Despite all that, the attackers managed to compromise the company’s Web site, Slack channel, and mailing lists.

They proceeded to set up a fake page announcing a token presale and put their own digital wallet address as the destination for the payments, then sent out (via email) and published (on Slack) an invitation to investors to buy tokens:

Enigma cryptocurrency hack

As noted before, would-be investors who believed the invitations to be legitimate started buying and sending funds to the attackers’ address. Most of the money has already been retrieved.

It didn’t take that long for the Enigma team to retake control of all compromised accounts and the Web site, but the damage was done. They confirmed that no company funds, wallet addresses, user passwords, not private keys were stolen, and that their Twitter, Facebook, Telegram accounts, as well as the Enigma blog, were not hacked.

In an email sent out to the Enigma community, the team said that they “will work hard to make things right for all those hurt in this scam attempt,” and announced new security measures that give an idea of how the hackers managed to pull off the attack (poor/reused passwords, no two-factor authentication):

We've just sent an email to the Enigma community. Check inboxes. More information on our response to the scam attempts. Pieces follow below. pic.twitter.com/mJ1LOdAnIZ

— Enigma Project (@EnigmaMPC) August 22, 2017

In a discussion on Reddit about the incident, one commenter suggested that the attackers used login data compromised in a previous, separate hack to hijack Enigma CEO Guy Zyskind’s account, and used that access to modify the Web site and send out the announcement via email and Slack.

More about
  • account hijacking
  • crypto currency
  • Ethereum
  • hacking
  • theft
  • web hacks
Share this
brain

Starting your cybersecurity career path: What you need to know to be successful

  • Risky business: 3 timeless approaches to reduce security risk in 2021
  • Security starts with architecture
How do I select a SOAR solution for my business?

What's new

SOAR

How do I select a SOAR solution for my business?

brain

Starting your cybersecurity career path: What you need to know to be successful

security awareness

Security awareness programs: The difference between window dressing and behavior change

ransomware

Number of ransomware attacks grew by more than 150%

Don't miss

brain

Starting your cybersecurity career path: What you need to know to be successful

SOAR

How do I select a SOAR solution for my business?

security awareness

Security awareness programs: The difference between window dressing and behavior change

ransomware

Number of ransomware attacks grew by more than 150%

patch

March 2021 Patch Tuesday forecast: Off to an early start

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • Twitter

In case you’ve missed it

  • How do I select a SOAR solution for my business?
  • The economics behind global disinformation engines and strategies for mitigation
  • How do I select a cloud security solution for my business?
  • Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations

(IN)SECURE Magazine ISSUE 67 (November 2020)

  • Hardware security: Emerging attacks and protection mechanisms
  • Justifying your 2021 cybersecurity budget
  • Cooking up secure code: A foolproof recipe for open source
  • Mapping the motives of insider threats
Read online
© Copyright 1998-2021 by Help Net Security
Read our privacy policy | About us | Advertise