In a massive security breach a website that investors were prompted to trust – CoinDash – was actually hacked into and its wallet address changed to a fraudulent one thereby scamming millions of dollars of Ether.
The scam is said to have unfolded at around 12 pm GMT on July 17, when would-be CoinDash investors were getting ready for company’s token offering. At around 14 GMT, “mplus”, the person making official announcements for CoinDash said that the token offering was live.
However, in just three minutes after the token offering was live, “mplus” sent a message to the group indicating the website CoinDash.io had been hacked and was altered to include a fraudulent wallet address that is not associated with the token offering. Investors had in that short period of time sent across approximately 43,438.455 Ether (approximately $7.38 million at the time of press) to the wrong address. CoinDash took action and suspended the token offering while also revealing on Twitter that they had been hacked and urged investors not to send any ETH to any address.
In an email to investors, CoinDash revealed that the attacker made away with approximately $7 million worth of Ether. CoinDash also added that it was responsible to all its contributors and will be sending CDTs reflective of each contribution. The letter however noted that only those investors will be compensated who sent out Ether before the site was closed down and those who sent out the Ether after CoinDash.io was shuttered will not be compensated.
CoinDash asked users to help with the investigation and posted a claim form for them to fill out.