The digital financial services developer Enigma prides itself on ultra-secure products. The company’s Catalyst platform protects financial info with a cutting-edge combination of blockchain-inspired privacy technology and cryptography. So it comes as no small surprise that on Monday, scammers took over the company’s website, mailing lists, and Slack accounts by exploiting some extremely basic security mistakes Enigma had made. The blunders also facilitated a scam that ultimately cost Enigma supporters almost $500,000.
Enigma has planned an Initial Coin Offering for September 11an unregulated cryptocurrency fund-raising campaign that startups use when they want to raise capital for their company without going through the process of working with an established financial institution or venture capital fund. (The SEC has promised to clamp down on these ICOs, but so far is in the exploratory phase.)
With the ICO in mind, scammers compromised official Enigma channels to create a sense of legitimacy and urgency. The plot proved easy to pull off. At least one of the passwords protecting the Enigma accounts, which included a Slack account with administrative privileges, had previously leaked, and reports indicate that the accounts weren’t protected by two-factor authentication.
The hackers began defacing the company’s main site and Slack accounts, and pushed a special “pre-sale” ahead of the ICO, directing money toward their own cryptocurrency wallet. They also went rogue on the company’s mailing lists. Many users realized that the push was a scam, but the hustle did tempt some interested backers into sending 1,492 coins in the cryptocurrency Ethereum, which converts to almost $495,000.
Enigma said in a statement on Monday that its community fund-raiser, also called a crowd sale, was always set definitively for September 11, and emphasized that its secure servers had not been hacked. But a spokesperson confirmed that the scammers compromised account passwords using various methods. And in response to the incident, the company says it is adding strong, random passwords and two-factor authentication for each account, plus implementing robust password changing and better system compartmentalization. “Weve moved up a number of critical security steps and taken additional measures to protect the community going forward,” says Tor Bair, Enigma’s head of marketing and growth. “Were now very well aware of the potential threats and are taking no chances.”
Though honest mistakes can happen at any growing organization, the Enigma community grappled with the implications of the incident on Monday, wondering how a specialized cryptography company could only now be realizing the need for stringent account hygiene. “This will go down in crypto history as one of the stupidest moments ever. We need a meme,” one Reddit user wrote. Some Redditors even claimed that they used the breached credential repository Have I Been Pwned to determine that the Enigma accounts scammers accessed reused a previously exposed account password from CEO Guy Zyskind. But Zyskind told WIRED that none of the breached Enigma accounts relied on reused passwords.
While the Enigma team worked to restore secure Slack service, the community’s discussion moved to secure messaging app Telegram. “No word on honoring those who were scammed b/c of y’all negligence and poor security? Speaks volumes,” a user called Jay wrote in the open chatroom. Many users indicated support for Enigma, though, and seemed satisfied with the company’s remediation efforts.
“Hacking accounts that do not have dual-factor authentication enabled and other best in class security measures is a trivial hack for most dedicated attackers,” says Chris Pierson, the general counsel and chief security officer of the payment platform Viewpost. “To the public it looks as if the company has been hacked, and provides a significant amount of negative press about the companys security and privacy responsibilities.”
Enigma said on Monday evening that it is working to mitigate the damage. We’re actively investigating the scam attempt and the parties involved with multiple partners, including vigilant members of our community, other companies in our space, and exchanges, Bair says.
Since they are unregulated by the governmentfor now, anywayICOs have perks that make them appealing to cryptocurrency companies, but by their nature they are also less predictable than standard fund-raising avenues. In mid July, scammers stole roughly $7 million from supporters during the ICO of the cryptocurrency management platform CoinDash. A few days later, hackers stole $32 million in Ethereum (though much of it was later recovered) by exploiting a vulnerability in a crypto product called Parity Wallet.
“The news of the attack is certainly not surprising,” says Eric Klonowski, a senior advanced threat research analyst at the internet security firm Webroot. “Investors were ready to part with their money at a moments notice, and the attacker was prepared to capitalize…. That said, recent core cryptocurrency heists are all a result of third-party vulnerabilities and their handling of investments, and not in the cryptography or implementation itself.”
With the September 11 ICO still rapidly approaching, at least Enigma has some time to get its first-line security right.
Visit link:
A Very Dumb Mistake Costs Cryptocurrency Investors Big Time – WIRED
- Download COMODO Internet Security 11.0.0.6744 - softpedia.com - January 31st, 2019
- Avast Internet Security Review 2018 - We Hate Malware - November 8th, 2018
- Security Packages | High-Speed Internet | Windstream - November 8th, 2018
- Antivirus vs Internet Security [Security Software Comparison] - November 8th, 2018
- Internet Security Lectures by Prabhaker Mateti - November 8th, 2018
- Vipre Internet Security 2016 Free Download - Softlay - November 8th, 2018
- Internet security software Reviews 2018 - Compared & Reviewed - November 2nd, 2018
- Exhibit A - Internet Security Requirements - November 2nd, 2018
- CIS Benchmarks - Center for Internet Security - November 2nd, 2018
- Kaspersky Internet Security 2018 Crack + License Key [Latest] - October 12th, 2018
- Zillya! Internet Security | Best Security Solution for Active ... - October 12th, 2018
- Download Norton Internet Security 22.15.0.88 - softpedia.com - October 9th, 2018
- Avast Internet Security 2018 Activation Code, Serial Key Till ... - October 9th, 2018
- Download Avast Internet Security 18.6.2349 Build 18.6.3983 ... - October 9th, 2018
- Download McAfee Internet Security 19.0 Build 19.0.4016 - October 3rd, 2018
- AVG Internet Security 2018 Free Download - FileHippo - October 3rd, 2018
- Internet Security - Quick Heal - October 3rd, 2018
- Kaspersky Internet Security 2019 v19.0.0.1088 | Software ... - October 3rd, 2018
- VIPRE Internet Security Review & Comparison - September 22nd, 2018
- Internet Security Suite | Verizon Internet - September 20th, 2018
- Antivirus Security Software & Internet Security - Newegg.com - September 19th, 2018
- Amazon Best Sellers: Best Internet Security Suites - September 7th, 2018
- Download Bitdefender Internet Security 2019 23.0.8.17 - August 24th, 2018
- Best (and Worst) Internet Security Software of 2018 for Windows - August 18th, 2018
- Amazon.com: Kaspersky Internet Security 2018 | 3 Device | 1 ... - August 8th, 2018
- AVG Internet Security - Free download and software reviews ... - August 3rd, 2018
- Top 3 Internet Security Software Suites Reviews ... - July 26th, 2018
- GRC | LeakTest -- Firewall Leakage Tester - July 26th, 2018
- Internet Security is an important part of Identity Theft ... - June 22nd, 2018
- V3 Internet Security | AhnLab - June 22nd, 2018
- Internet Security with Xfinity - Norton Security Online - June 17th, 2018
- Best Internet Security Software Compared - May 25th, 2018
- Computer and internet security software Chili Security - May 21st, 2018
- Internet Security Market Size, Share and Technology, 2021 - May 21st, 2018
- Center for Internet Security - Wikipedia - May 10th, 2018
- Download Webroot SecureAnywhere Antivirus & Internet ... - May 1st, 2018
- AVG Internet Security 2018 review | Ultimate antivirus ... - April 29th, 2018
- The Internet Security Academy - SAHCOM Technologies LLP - April 27th, 2018
- These files can't be opened. Your Internet security ... - April 20th, 2018
- How to Uninstall Norton Internet Security: 12 Steps - April 20th, 2018
- Internet Security Software at Office Depot OfficeMax - April 19th, 2018
- Why is Internet security important? | Reference.com - March 26th, 2018
- AVG Internet Security Unlimited 2018 18.2.3827 20% OFF ... - March 25th, 2018
- Trend Micro Titanium Internet Security - Download - March 21st, 2018
- Kaspersky Mobile Antivirus: AppLock & Web Security ... - March 21st, 2018
- Why do I Need Internet Security - The High Tech Society - March 21st, 2018
- Cincinnati Bell - Other Services Support - March 21st, 2018
- Internet Security Essentials for Business 2.0 | U.S ... - March 21st, 2018
- ESET Internet Security 10.0.386.0 Crack + License Keys ... - March 21st, 2018
- Privacy and Security in the Internet Age | WIRED - March 19th, 2018
- News & Events | K9 Web Protection - Free Internet Filter ... - March 19th, 2018
- 10 Internet Security Programs (for Windows), Ranked Best ... - March 7th, 2018
- AVG Internet Security 2015 Free Download - getintopc.com - March 3rd, 2018
- McAfee Internet Security Download - softpedia.com - February 28th, 2018
- COMODO Internet Security Download - softpedia.com - January 30th, 2018
- Best Internet Security Software 2018 - The best rated ... - January 28th, 2018
- Comodo Antivirus - Best Virus Removal Software 2018 - January 13th, 2018
- ZoneAlarm Antivirus Software | Virus Protection & Firewall - January 13th, 2018
- What Is the Meaning of Internet Security? | Techwalla.com - January 12th, 2018
- Download Avast Internet Security 17.7.2314 - FileHippo.com - January 12th, 2018
- Vipre Antivirus VIPRE Internet Security - January 12th, 2018
- AVG Internet Security 2018 License Key With Crack Full Version - January 8th, 2018
- CA Internet Security Suite Plus - Download - December 27th, 2017
- Collaborative Security: An approach to tackling Internet ... - December 27th, 2017
- Norton Internet Security - Download - December 20th, 2017
- Best Internet Security 2017 - Total Security Software for ... - December 20th, 2017
- Get the Best Internet Security Software of 2016! - December 20th, 2017
- Internet Security Administrator: Job Description and Requirements - December 19th, 2017
- Top 10 Cheap Antivirus and Internet Security Protection for ... - December 19th, 2017
- Download AVG Internet Security Unlimited - FileHippo.com - December 19th, 2017
- Norton Internet Security - softpedia.com - December 19th, 2017
- Internet Security - Cisco - December 19th, 2017
- Best Antivirus Software, Internet Security & Malware Removal - December 19th, 2017
- internet security | eBay - October 26th, 2017
- Avast Internet Security Download - softpedia.com - October 20th, 2017
- Internet Security Software | Trend Micro - October 3rd, 2017
- Lenovo Faces No Significant Penalty for Security-Destroying Superfish Debacle - ExtremeTech - September 7th, 2017
- 25% Upside Seen In Palo Alto, Argus Research Upgrades To Buy - Benzinga - September 5th, 2017
- How to: Your essential guide to internet security - PC Authority - September 5th, 2017
- Internet security startup founded by former CIA analyst raises $40 million - San Francisco Business Times - September 2nd, 2017
Recent Comments