Startups launching Initial Coin Offerings may have to reconsider how they are using the Slack platform for the purpose of many-to-many communication since they don’t seem to be in total control of the creation and use of member accounts under their platforms.
Despite several warnings made by individuals and some of these start-ups on their announcement and social media pages, the number of phishing attacks keeps increasing with not much being done to stem its spread. As a result, some invested amount have been lost in recent days.
Costly mistakes
While victims have some share of the blame for costly mistakes like not checking the URL are easy to make, Slack has been naturally seen as the main culprit in the whole situation as bots seemingly get developed without absolute control. Its API is reportedly open for its bot to be manipulated.
Others look to the MyEtherWallet platform whose site is cloned by scammers to lure unsuspecting investors to give out their private keys. The link in the scam message usually refers to other domain names such as myetherwallet.su and not .com. Those who have visited any of the cloned sites need to clear their browsing history or link the real site to your desktop and only access it from there.
Cleaned up in minutes
There have been several claims of compromised MEW accounts such as someone who reported on the Status Slack discussion board to have lost over $168,000 worth of tokens to the scammers (including mine too in which all my Status and FunFair tokens were cleared). .
Although suggestions have been made that exchanges like Bittrex, EtherDelta and Poloniex should be brought on board to ensure the menace is countered, most of the stolen funds are allegedly sold on their platforms. It seems unbelievable that one could be helpless in a situation like this.
The point to be made, however, is that: it is real. People’s hard-earned money is being cleaned up - in minutes - and this does not and will not bode well for start-ups conducting ICOs and for the entire crypto industry as a whole. Contributors may be skeptical whilst being more careful with future investments.
Not everyone would believe your story if you tell them the money you helped or advised them to invest in an ICO was not wiped as part of a kind of Ponzi scheme. Another twist to the situation that affects the ecosystem is that there are suspicions of the scammer(s) selling Ether far below the going rate which is another factor that could manipulate its price further down.
Aside from suggestions made online to stem the spread, Nimiq came up with an approach that seems to have worked for some of its investors who have been earlier scammed so as not to lose other tokens in their portfolio. In line with its statement in its smart contract that its token, NET, would be transferred to the same wallet that sent ETH for the ICO, they took advantage of the fact that the tokens of some of their investors who have been hacked (after a careful vetting) were still safe because the hacker(s) couldn’t transfer them to another wallet as the tokens were not tradeable.
Nimiq’s Ricardo Baquero says: “So to further protect our contributors, we verified each and every one of the hacked contributors to make sure they were actually hacked and not the hacker lurking for information. We wanted our users to have the upper hand, so we decided to inform only these verified users and make sure their NET were safe in a new wallet before announcing publicly that the Smart Contract was finalized and NET Tokens became tradable. It took some extra time and delayed the finalization of the token sale but we are happy to know that all the hacked contributors that contacted us were able to keep their NET safe from malicious hands.”
This seems a novel way for start-ups conducting ICOs to consider protecting their contributors while a holistic approach is being decided upon.