The Etherparty ICO briefly fell prey a cyber attack, causing some contributors to misdirect their funds to the attacker’s address.
Blockchain startup Etherparty launched the initial coin offering (ICO) for its smart contracts creation platform on October 1. According to a blog post published later that day, an attacker successfully injected a fraudulent wallet address into the Etherparty ICO website approximately 45 minutes after the ICO went live. The team spotted the breach almost immediately, and within 15 minutes the website had been taken offline. The website remained down for about 90 minutes while the team rebuilt it and moved it to a new server.
Etherparty did not reveal how much the attackers netted from the exploit, but the startup did say it would distribute tokens to any contributors who sent funds to the fraudulent wallet address prior to the website takedown.
“Our team has been consistently and successfully thwarting potential security issues to avoid further escalation,” commented Lisa Cheng, Founder of Etherparty. “However, we do acknowledge and apologize for the temporary disruption to our otherwise successful launch day. Etherparty is eager and committed to compensating all affected contributors for the inconvenience.”
Despite the incident, the Etherparty ICO appears to be proceeding quite successfully. Including funds raised during a presale, the startup has raised more than $28 million worth of ether, bitcoin, and USD.
The Etherparty ICO is not the first token sale to be exploited by a cyber attack. In fact, 10% of all ICO-marked funds eventually end up in the hands of hackers, according to a recent estimate from Chainalysis. The majority of funds are stolen through phishing scams -- many of which are carried out on Slack channels -- but there have been several notable hacks and exploits.
Earlier this year, the CoinDash ICO was infiltrated -- much like this week’s Etherparty exploit -- and the attackers managed to garner $9 million from the incident. Similarly, would-be Enigma contributors lost a combined $500,000 after an attacker gained access to official team member accounts and sent emails telling people that the token sale had started and investors needed to send their funds to his or her address.
Featured image from Shutterstock.