searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 22, 2017
Share

Hackers stole over $500,000 from Enigma cryptocurrency investors

Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.

The Enigma cryptocurrency hack

The attack unfolded on Monday (August 21), but the company noticed that something was happening the day before, and posted a warning on Twitter:

WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put.

— Enigma Project (@EnigmaMPC) August 21, 2017

Despite all that, the attackers managed to compromise the company’s Web site, Slack channel, and mailing lists.

They proceeded to set up a fake page announcing a token presale and put their own digital wallet address as the destination for the payments, then sent out (via email) and published (on Slack) an invitation to investors to buy tokens:

Enigma cryptocurrency hack

As noted before, would-be investors who believed the invitations to be legitimate started buying and sending funds to the attackers’ address. Most of the money has already been retrieved.

It didn’t take that long for the Enigma team to retake control of all compromised accounts and the Web site, but the damage was done. They confirmed that no company funds, wallet addresses, user passwords, not private keys were stolen, and that their Twitter, Facebook, Telegram accounts, as well as the Enigma blog, were not hacked.

In an email sent out to the Enigma community, the team said that they “will work hard to make things right for all those hurt in this scam attempt,” and announced new security measures that give an idea of how the hackers managed to pull off the attack (poor/reused passwords, no two-factor authentication):

We've just sent an email to the Enigma community. Check inboxes. More information on our response to the scam attempts. Pieces follow below. pic.twitter.com/mJ1LOdAnIZ

— Enigma Project (@EnigmaMPC) August 22, 2017

In a discussion on Reddit about the incident, one commenter suggested that the attackers used login data compromised in a previous, separate hack to hijack Enigma CEO Guy Zyskind’s account, and used that access to modify the Web site and send out the announcement via email and Slack.

More about
  • account hijacking
  • cryptocurrency
  • Ethereum
  • hacking
  • theft
  • web hacks
Share this

Featured news

  • Malicious ads creep into Bing Chat responses
  • How should organizations navigate the risks and opportunities of AI?
  • Why California’s Delete Act matters for the whole country
Guide: SaaS Offboarding Checklist

Sponsored

eBook: 9 Ways to Secure Your Cloud App Dev Pipeline

Free entry-level cybersecurity training and certification exam

Guide: Attack Surface Management (ASM)

Don't miss

Malicious ads creep into Bing Chat responses

How should organizations navigate the risks and opportunities of AI?

Why California’s Delete Act matters for the whole country

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)

How to avoid the 4 main pitfalls of cloud identity management

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us