Skip to main content

Hacker steals more than $7 million in digital currency by switching a mere link

A render of virtual currency.
Image used with permission by copyright holder
Security firm Tripwire reports that a hacker managed to steal more than $7 million in digital currency by simply replacing a single link. The hack took place on Monday during an event called an Initial Coin Offering (ICO) to reel in investors of a cryptocurrency app called CoinDash. However, early investors quickly discovered that a link for depositing digital currency on the CoinDash website was not legitimate.

According to Tripwire, trading platform CoinDash began its ICO at 1 p.m. (GMT). Three minutes later, investors figured out that the link for sending Ether, a type of digital currency, was taking them to the wrong deposit location. Within those three minutes, the hacker managed to accumulate more than $7 million before CoinDash terminated the ICO and removed the page.

“The moment the token sale went public, the CoinDash website was hacked and a malicious address replaced the CoinDash Token Sale address,” CoinDash said. “As a result, more than 2,000 investors sent ETH to the malicious address. The stolen ETH amounted to a total of 37,000 ETH.”

Ether is the digital currency of the world’s second most popular cryptocurrency network, Ethereum. This platform consists of smart contracts, which are essentially bits of code that will execute when certain requirements are fulfilled. These “apps” are listed on the Ethereum network using what is called a blockchain, which serves as a registry that records all transactions. Ether, abbreviated as ETH, is what’s used to pay for things and services listed on the Ethereum network.

So why not just use real world cash? Because digital currency is decentralized. It’s not managed by banks or the government. Plus, both the merchant and buyer can remain completely anonymous, with a transaction digitally signed and verified by an unknown miner on the associated network. Ether is similar to Bitcoin in purpose although technically they are completely different digital currencies.

Individuals who successfully participated in a private “heads up” for whitelist contributors 15 minutes prior to the public ICO received “tokens” as proof of their CoinDash app investment. However, those who invested Ether using the hacked address are reportedly now demanding a refund. After all, the CoinDash website was not locked down tight, enabling a hacker to insert a simple link that collected millions in stolen digital currency.

However, many Ether users reportedly flocked to social networks and questioned the theft. Was this a genuine hack, or a simple scam using a hack as a cover story? As Tripwire states, there is no evidence to suggest foul play.

CoinDash is currently providing an online form for victims to complete as part of the company’s forensic investigation into the hack. Victims are asked to provide their email address, wallet address, a proven transaction number, and the amount of Ether sent.

“This was a damaging event to both our contributors and our company but it is surely not the end of our project,” CoinDash added. “We are looking into the security breach and will update you all as soon as possible about the findings. We are still under attack. Please do not send any ETH to any address, as the Token Sale has been terminated.”

Despite the hack, CoinDash said that it managed to secure $6.4 million from early contributors and whitelist participants in the 15-minute “heads up” prior to the ICO. Those who sent digital currency to the wrong Ether address during the hack will still receive tokens. Otherwise, investors who sent Ether to the wrong address after CoinDash removed the ICO page will not receive investment tokens.

Update: Added new information provided by CoinDash.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Sony is convinced the PS4 somehow made PC gaming better
A mini PC sitting in front of the PS5.

It's hard to dispute that PC gaming leads gaming as a whole from a technology standpoint, but Sony disagrees. Mark Cerny, lead architect for the PlayStation 4, PlayStation Vita, and PS5, says that Sony's consoles occasionally show "the way for the larger industry" in a recent interview with Gamesindustry.biz.

"I like to think that occasionally we’re even showing the way for the larger industry, and that our efforts end up benefiting those gaming on PC as well," Cerny said. "It’s a tech-heavy example, but on PS4, we had very efficient GPU interfaces, and that may well have spurred DirectX to become more efficient in response."

Read more
This new gaming handheld has a chance of dethroning the Steam Deck OLED
The Zotac Zone handheld gaming console running Steam.

Computex 2024 was a gateway for new handheld gaming consoles, but there was one in particular that truly stood out. The new Zotac Zone is the company’s first attempt at making a handheld console, and early impressions are quite positive. Not only does it come with some unique features but it is also one of the only handhelds on the market that features an AMOLED panel.

The only other device that comes close to offering such a display is the Steam Deck OLED. But how do these two handheld consoles fair when compared to each other? Let’s have a look.
Price and availability
The Steam Deck OLED was launched in November last year, and unlike its LCD version, it is available in only two configurations: a 512GB model for $550 and a 1TB model for $650. Notably, the higher-storage model features an etched glass display that is said to be more resistant to glare.

Read more
Hurry! This ASUS Chromebook is down to $149 at Best Buy
The ASUS Chromebook CM1402.

While Windows PCs and Macs are the traditional choices for computing, Chromebooks are a unique alternative for those of us needing less horsepower. Ideal for students, various workplace applications, and users that just need a computer that can browse the web, Chromebooks are typically more affordable than Windows and Mac setups too.

In fact, right now, Best Buy is offering an exceptional deal on the ASUS Chromebook CM1402. Normally sold for $300, you can grab this budget-friendly laptop for only $150. Timing is of the essence though, as these types of sales don’t last forever.

Read more