CoinDash’s ICO Website Has Been Hacked

Important information related to this incident:<p>1. CoinDash did not publish the address of the contract in advance of the ICO:<p><a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ethereum&#x2F;comments&#x2F;6nsy6x&#x2F;coindash_website_hacked_55_mil_gone&#x2F;dkbx57x&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ethereum&#x2F;comments&#x2F;6nsy6x&#x2F;coindash_w...</a><p>2. Allegedly, CoinDash ignored issues brought up by a software contractor &#x2F; code reviewer:<p><a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ethtrader&#x2F;comments&#x2F;6nrxk5&#x2F;never_miss_an_ico_again_coindash_cdt&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;ethtrader&#x2F;comments&#x2F;6nrxk5&#x2F;never_mis...</a><p>&gt; In reviewing their crowdsale code, I found multiple bugs and many errors. I&#x27;ve been ignored since I brought up the problems with the CoinDash team three days ago.

Where&#x27;s the news?! Why do people continue to bang heads against the wall with this madness? Unless you&#x27;re a thief, how is the craptocurrency thing better than my credit card that&#x27;s insured from unauthorized use and gives me a cash back?! Yeah, you can&#x27;t speculate with credit cards, and get rich quick, because $1 = $1 like forever, but isn&#x27;t that what the real investment tools are for?

That&#x27;s a bummer since Coindash appears to have an MVP and a reasonable funding cap of $12MM. I wouldn&#x27;t wish this on anyone, but it&#x27;s unfortunate it didn&#x27;t happen to one of the scammy ICO&#x27;s instead.<p>On a side note showcasing the ridiculousness of some of these ICOs, [1]&quot;Useless Ether Token&quot; (UET) raised around $45k and literally doesn&#x27;t do anything.<p>[1]: <a href="https:&#x2F;&#x2F;coinmarketcap.com&#x2F;assets&#x2F;useless-ethereum-token&#x2F;" rel="nofollow">https:&#x2F;&#x2F;coinmarketcap.com&#x2F;assets&#x2F;useless-ethereum-token&#x2F;</a><p><a href="https:&#x2F;&#x2F;uetoken.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;uetoken.com&#x2F;</a>

No problem, just hardfork and start again

I tend to believe that it was a scam because they refused to disclose the contract beforehand and there were some people claiming that it&#x27;s a scam few months before [1].<p>[1] <a href="https:&#x2F;&#x2F;bitcointalk.org&#x2F;index.php?topic=1905500.0" rel="nofollow">https:&#x2F;&#x2F;bitcointalk.org&#x2F;index.php?topic=1905500.0</a>

Where does the amount in the title (&quot;45k ether&quot;) come from? I didn&#x27;t see that in the article.<p>EDIT: Apparently from <a href="https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0x6a164122d5cf7c840D26e829b46dCc4ED6C0ae48" rel="nofollow">https:&#x2F;&#x2F;etherscan.io&#x2F;address&#x2F;0x6a164122d5cf7c840D26e829b46dC...</a> , which is something I don&#x27;t have the depth of knowledge to assess for myself.

I don&#x27;t understand how any of these ICO companies are valued so high. If they had to raise this 12mil from VC&#x2F;PE would they still be valued the same ?

Please please PLEASE do not buy into these ICO&#x27;s. Nothing but vapor, I promise you. Crypto is going to crash SO hard if people keep giving these ICO scammers millions of dollars for each slick marketing campaign they can spin up.

For anyone wondering, 45k ETH is about 7.65M USD.

Token sales are risky. What do people expect? <i>Guaranteed</i> thousands-of-percent returns.<p>At this point, it probably takes good judgement to make money in crypto. You can&#x27;t just throw fiat at anything &amp; expect to walk away rich.<p>One of the reasons criminals are all over crypto is because they&#x27;re valuable.<p>When Willie Sutton was asked why he robbed banks he replied: &#x27;Because that&#x27;s where the money is&#x27;.<p>I&#x27;d say <i>caveat emptor</i>.

The full title on the link is: &quot;Breaking: CoinDash’s Token Sale (ICO) Website Has Been Hacked.&quot; This submission is disingenuous at best, as it implies the ICO contract was hacked: someone hacked the webpage and changed the token sending address.<p>Edit: Looks like the title was updated. :)

This seems to be the same problem that many open-source projects have, where the md5 hash to verify your download is at a single, (often the same) location.<p>One possible solution would be to use Twitter pinned tweet to also announce the address, however it&#x27;s questionable how many people would actually cross check.

So it was their website that got hacked, not their cryptocurrency widget (or whatever the appropriate term is)?<p>I mean, not unexpected: hit the softest part of the chain, which in this case seems to be a webserver rather than the crypto&#x2F;contract. Just trying to make sure my understanding is correct.

&#x27;Hacked&#x27; - or just stolen. Who could ever know in crypto-land? I am sure the ICO contract had something about lost coins in it as well.

The freedom of unregulated money!

Either the average blockchain startup is unbelievably amateurish re. security or this was an inside job. I suspect the latter but the former does not surprise me one bit.

Does Ethereum not have an escrow like Bitcoin where a 3rd party can confirm a transaction first?<p>But also, if it&#x27;s really as easy as replacing some arbitrary address with another I&#x27;m surprised Coindash wasn&#x27;t more careful.

I wonder if a block chain could certify websites:<p>1. someone writes a url to the chain<p>2. others post a (url&#x2F;hash&#x2F;date time) of the output of the url<p>3. then people could post an image with their face and a blockchain address. could be a form of ID.

This underscores the need for legitimacy and best practices around ICOs. I think CoinList (angellist company) will end up killing it in this space.

Waiting for their announcement, but this would be a great way to pull a quick scam. Make a decent looking site promising a random piece of software that seems legit, promote an ICO, setup a fake wallet, then when the ICO goes live claim your site was &quot;hacked&quot; and points to a fake wallet you control. Grab a few million and never have to actually write said piece of software.

This was bound to happen at some point... It&#x27;ll be interesting to see how low the dip goes as a result of this ICO failure.

&gt; CoinDash&#x27;s Token Sale page was tempered...<p>Now reads &quot;tampered&quot;, but &quot;tempered [sic]&quot; would seem to have been appropriate if really was the message sent to investors. Funny how the subheadline had the typo before as well.

So you just got robbed. What law enforcement agency will you complain? Gold rush &amp; Wild wild west.

Has anyone here played with &quot;HYIPs&quot; few years ago? Stories with many ICO are so similar.

Could HTTP public key pinning have prevented this at least partially?

I should launch an ICO.

Running a P2P-ICO over a centralised server. Good job coindash. That&#x27;s exactly what you deserved.

&#x27;hacked&#x27;