Chinese Investors Victimized by Coindash 8m Hacking
According to official statement from Coindash, the ICO that the team has been promoting in China since this March came to a sudden halt. Around 8 million USD or 40k ETH was grabbed by alleged hacker. Coindash team announced that all investors would be awarded with tokens as long as they fill in a questionnaire. But some questions still remains unresolved.
The incident was first revealed in slack channel then spread to the Chinese wechat group soon after the ICO was kicked off at 9PM Beijing time. The screenshot showed that the admin of wechat group asked investors not to send funds to the “hacker’s” address.
Screenshot of coindash Chinese wechat group source
But the warning was too late, around 40k ETH has been sent to the address. 43,488 ETH (8,231,494 USD at press time) were sent to the following address, which is tagged as “fake-coindash” by etherscan.
A “unverified” COINDASH token contract was revealed:
All contents on coindash.io has been withdrawn and only a statement in English, Chinese and Korean stands:
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack $7 Million were stolen by a currently unknown perpetrator.
CoinDash is responsible to all of its contributors and will send CDTs reflective of each contribution. Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly. Transactions sent to any fraudulent address after our website was shut down will not be compensated.”
The number of Chinese victims is unknown at the moment but there are at least 3 wechat groups with each hosting 500 members max. China seems to be a major target of Coindash. The registered entity for the official Wechat account is based in Shanghai. The Coindash Wechat account released its first article this March and managed to get endorsement from FBG fund and NEO, previously known as Antshares.
“Fintech Blockchain Group (FBG) is an investment fund focusing on digital assets with office in Beijing and Shanghai. The fund believes that blockchain technology and digital assets are the most promising domain in the next 10 years.-FBG”
On the rebranding press release of NEO, Adam Efrima, cofounder and COO of Coindash, was introduced as the leader of NEO’s partnership team.
“Adam Efrima has 8 years of working experience in China. He was in charge of the operation and early founding stage of eToro in China.”
The hacking soon invokes doubts and accusations amid investor uncertainties.
Wu Guanggeng, cofounder of Bixin, told a different story on weibo. He was told by Coindash support staff that the hacker managed to clone the official website of coindash.io with the only difference being the ETH address for ICO deposit. Then the DNS provider was asked to redirect the traffic of coindash.io to the clone site via email. He assumed that the email to register the domain must be compromised too.
“The clone site is so real that even the coindash team takes a while to detect the scam.”
Not all people buy the story. Someone reddit user alerted the potential security breach since Coindash team didn’t release the contract code in advance.
“Is there any proof that this was a hack? What if Coindash put an address in and then cried hacker to get away with free ETH?”
“Any ICO which doesn’t use ENS should be avoided. It’s absolutely unacceptable that companies are not making use of it.”