Hackers infiltrated Enigma's website and social media accounts, walking off with about $500,000 in ether from supporters of the MIT-founded blockchain project. An attacker gained access to an adminis
Hackers infiltrated Enigma's website and social media accounts, walking off with about $500,000 in ether from supporters of the MIT-founded blockchain project.
An attacker gained access to an administrator account and used it to rewrite the site, send fraudulent messages on Slack, and distribute spoofed emails to the community list. The emails looked official and invited members to join a fake ICO pre-sale, directing them to send cryptocurrency to a wallet the attacker controlled. Supporters sent 1,492 ether to that address—worth $494,000—before catching on. The wallet is now empty.
Reddit users identified CEO and founder Guy Zyskind's account as the breach point. Zyskind's email appeared in an earlier breach that leaked credentials online. He neither changed his password afterward nor enabled two-factor authentication. Zyskind told WIRED that none of the compromised Enigma accounts relied on reused passwords.
Enigma said no one accessed company funds, user passwords, or private keys. The team is investigating alongside law enforcement, community members, other blockchain firms, and cryptocurrency exchanges.
In response, Enigma implemented stricter controls: unique, strong passwords for each account, two-factor authentication enabled across the board, weekly password changes, and stronger barriers between systems.
The attack struck one month before Enigma's planned ICO launch, which aims to fund development of a cryptocurrency investment platform powered by data analysis.
A wave of ICO hacks has swept through the space. A theft cost Veritaseum $8.4 million. CoinDash lost $7 million. Three companies that closed their ICOs in July—Edgeless Casino, Swarm City, and æternity blockchain—suffered combined losses of $31 million.
