Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.
The Enigma cryptocurrency hack
The attack unfolded on Monday (August 21), but the company noticed that something was happening the day before, and posted a warning on Twitter:
WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put.
— Enigma Project (@EnigmaMPC) August 21, 2017
Despite all that, the attackers managed to compromise the company’s Web site, Slack channel, and mailing lists.
They proceeded to set up a fake page announcing a token presale and put their own digital wallet address as the destination for the payments, then sent out (via email) and published (on Slack) an invitation to investors to buy tokens:
As noted before, would-be investors who believed the invitations to be legitimate started buying and sending funds to the attackers’ address. Most of the money has already been retrieved.
It didn’t take that long for the Enigma team to retake control of all compromised accounts and the Web site, but the damage was done. They confirmed that no company funds, wallet addresses, user passwords, not private keys were stolen, and that their Twitter, Facebook, Telegram accounts, as well as the Enigma blog, were not hacked.
In an email sent out to the Enigma community, the team said that they “will work hard to make things right for all those hurt in this scam attempt,” and announced new security measures that give an idea of how the hackers managed to pull off the attack (poor/reused passwords, no two-factor authentication):
We've just sent an email to the Enigma community. Check inboxes. More information on our response to the scam attempts. Pieces follow below. pic.twitter.com/mJ1LOdAnIZ
— Enigma Project (@EnigmaMPC) August 22, 2017
In a discussion on Reddit about the incident, one commenter suggested that the attackers used login data compromised in a previous, separate hack to hijack Enigma CEO Guy Zyskind’s account, and used that access to modify the Web site and send out the announcement via email and Slack.