Enigma, a decentralized investment platform, has become the latest to fall victim to ICO hacking.
In an ironic twist, after the hack of Coindash’s website during an ICO, Can Kigasun, co-founder and Chief Product officer even told Business Insider that Enigma has a simple solution that can prevent similar situations from happening in the future.
Not a hack?
To be exact, the Enigma platform wasn’t hacked, but rather the founder’s email and password were stolen, and then used to take over the company slack, website and the google account that was hosting the pre-sale form.
The access has since been deactivated.
In an even more compelling twist, the founder’s email and password were taken during the Ashley Madison hack, and he never ended up changing passwords.
In fact, the company itself didn’t wind up losing any money in the attack.
Fake emails
Once the attackers had access to the company’s website and slack, they sent out messages to over 9,000 users.
They changed the website with their BTC and ETH wallet address and made fake emails that included a community list, to make it look more official, and urged the users to send money to their personal wallet.
The hackers made off with 1,492 in Ether coins, despite the warning Enigma issued previously to the community that it would not be collecting money in this manner prior to its ICO next month.
What now?
Enigma has since regained control of their Web pages and have said the dedicated token sale site was not affected.
A company spokesperson said, “It resides on a separate, more secure server which was never compromised.”
Additionally, the company stated they have implemented new security measures such as stronger passwords and two-factor authentication (2FA) for all employee email accounts.
Enigma’s response was swift, but too little too late, particularly for a company that prided itself on security and data safety. The irony here can’t be ignored.