Hackers disrupted the Etherparty ICO (Initial Coin Offering) after they hijacked the platform’s website on Sunday and displayed their own Ethereum address, tricking some ICO participants into sending funds to the wrong wallets.
To its credit, Etherparty detected the attack in 15 minutes and shut down its website to prevent users from sending funds to the hackers.
Etherparty investigated the incident and restored its website after 95 minutes, allowing the ICO to continue as scheduled.
The company did not respond to a request for comment from Bleeping Computer regarding the number of affected users and the estimated funds the hackers might have earned.
Etherparty says it will compensate affected users
In a statement released yesterday afternoon, Etherparty said it was “eager and committed to compensating all affected contributors for the inconvenience.”
The company later published the following timeline of events surrounding the hack:
9:00 A.M. PDT: FUEL token ICO is live. [link added by Bleeping Computer]
9:45 A.M. PDT: Security breach: fraudulent contribution address is injected into the ICO Page, and in response we began the process to shut down the official Etherparty site to protect people.
10:00 A.M. PDT: Website taken offline
11:35 A.M. PDT: Website rebuilt and moved to a new web server.
12:51 P.M. PDT: Press release distributed, official statements posted to Twitter and Medium.
Etherparty is a user-friendly platform that allows users to create cryptocurrency smart contracts via an automated tool. The service is still in development, and the company was using the ICO to raise Etherium to fund its own development.
Users who participated in the Etherparty ICO would have received FUEL tokens, similar to how users receive shares after participating in a company’s real-world IPO on the stock market. Users could then sell or buy these tokens until the company was up and running and ready to re-buy the tokens.
Authorities cracking down on ICOs worldwide
If the entire ICO concept sounds shady, you’re right to think so. Back in July, the US Securities and Exchange Commission (SEC) indicated that it might intervene and regulate ICOs, fearing they were abused to scam users.
In mid-September, the SEC took its first action when it shut down Protostarr post-ICO, forcing the company to refund users. Last week, on Friday, the SEC officially charged a businessman and two companies with defrauding investors in two ICOs purportedly backed by investments in real estate and diamonds.
China and South Korea — two of the countries where cryptocurrencies are extremely popular — have moved to ban ICOs altogether, while Canada is working on laws to regulate ICOs instead of prohibiting them.
It’s because of this lack of regulation that many scams and hacks have happened during ICOs. For example, hackers stole over $7 million worth of Ethereum during the CoinDash ICO after hijacking the platform’s website and replacing the ICO wallet, similar to yesterday’s Etherparty attack.
Two other hacks were also reported by the Veritaseum platform ($8.4 million) and by the Enigma Project platform ($475,000).
Despite all this, ICOs are insanely popular, allowing companies to raise large sums of money, sometimes for poorly documented or untested products. Some ICOs are also great for investors as well as they can get early access to something that may skyrocket in price like Ethereum has.