The Enigma team just got hacked. Community members / investors lost $500k. At the time of writing this post, the Enigma ICO website is offline. And their Slack is closed. All of their broadcasts are restricted to their Twitter and Telegram accounts.
The team had their email and some of their social media accounts compromised, including their Slack account. You can read the Enigma official statement on TechCrunch to learn more. Each compromise was pretty straightforward.
Whoever orchestrated it grabbed money from the Enigma community, people who joined the company’s mailing list or Slack group of over 9,000 users to learn more about its ICO in September.
The hacker posted Slack messages, altered the website and spoofed emails to a community list which were made to look official and urged money to be sent to their crypto wallet.
During my podcast interview with ICOAlerts on Friday, I asserted that attacks on crypto communities would get more sophisticated over time. I didn’t realize how soon it would happen though.
How the overall attack was sophisticated
Each piece of the puzzle in confinement wasn’t sophisticated. For example, compromising a website, email account or a social media account isn’t sophisticated when each is looked at separately. But, when you combine them all together as one coordinated attack on a specific company and its community, it can be considered as a very well coordinated and sophisticated attack. This is especially true when you consider how new crypto communities are.
We will see a lot more of this. In fact, it’s going to get worse. Much worse.
Why attacks on crypto communities are going to get worse
In a recent podcast interview (published last Sunday) I predicted that these attacks would soon become more sophisticated. I didn’t realize how soon those words would ring true. They are more sophisticated.
The number of ICOs and Token launches is increasing. Some say they’re going through the roof. The SEC has made a ruling which now legitimizes cryptocurrencies such as Bitcoin and Ethereum in the eyes of financial institutions. The media is covering Token launches and ICOs more and more. Phishing attacks are taking place every hour of every day inside almost every community.
All of this combined will only encourage more cyber attackers to spend time and energy on message services as a new attack vector. Attacks won’t just increase at the same ratio as the number of Token launches and ICOs — it will be far greater. And the level of sophistication will increase too.
What crypto stakeholders should do right now
Every stake holder within the crypto community should change their passwords for all employee and admin email accounts — and setup 2FA. Also, change your passwords for any other account that could have been compromised.
You can listen to my podcast interview here — lots of insight to phishing attacks and how to prevent them.
If you enjoyed this post you might also like the following:
- MetaCert’s promise to the crypto world
- How Token and ICO Community Managers can increase investor trust to stimulate more investment in the ecosystem
- Free security chatbots for cryptocurrency investors — that prevent phishing scams on Slack
- Great stats on phishing inside Token and ICO communities.
More about the author
I am the Founder & CEO of MetaCert. MetaCert has a security app for Slack which helps to protect Crypto communities from phishing attacks. I am one of the two people who co-instigated the creation of the W3C Standard for URL Classification and I hold a full patent for phishing protection inside mobile apps. I was a member of the team that launched AIM in 1997. I give keynote talks around the world on topics such as AI, Chatbots, Future of Messaging etc. My next talk is in Helsinki. You can install MetaCert here.
☞ As always, please tap or click “👏” to help to let Paul and others know that you appreciated this post.