Hackers scam half a million from Enigma digital currency investors

Sucky security leaves MIT cryptoboffins red-faced


Cunning hackers have successfully duped investors out of almost $500,000 after compromising the servers of the online currency platform Enigma.

The organization, set up by MIT whiz kids and due to launch its new cryptocurrency on September 11, had its website, email servers and Slack channel hacked. The attackers then used these channels to spam out a message to those interested in the group, asking for money.

"We are pleased with the enormous support we have gotten in the last few weeks," the bogus message reads. "The Enigma team has decided to open the Pre-Sale to the public. The hard cap for this presale will be 20 million. Please note that tokens will be calculated and distributed based on how much the pre sale raises."

Meanwhile, the hackers had put their own digital wallet address on Enigma's website and directed would-be investors to it. At time of going to press they've reaped nearly $500,000, but the word is out. Enigma has shut down the offending Slack channel and is warning investors about the scam.

In a statement, Enigma said that the group had not lost any funds itself and was still planning to make its initial coin offering (think IPO but for digital currency) on September 11 as planned.

"We're changing all passwords, engaging 2FA, and taking other security precautions," Enigma said on its Telegram group. "It is a very very hectic time for all of us. I realize some of you lost money and are very very upset. We hear you. Give us some time and we will soon announce the next steps that concern the victims of this attack."

The fact that the organization didn't have two-factor authentication turned on in the first place is a red flag, and they indicated that this scam was made possible by sloppy password use or reuse. Some on social media suggest that the CEO had his password pwned on another site and was reusing it for Enigma's servers, but that hasn't been confirmed.

Enigma said that it was working with the bitcoin exchange Bitfinex about freezing accounts to stop the purloined e-currencies from being moved, however it hasn't said if this has been successful. It's also going to be of limited use in the US after Bitfinex pulled out of the American market earlier this month. ®

Similar topics


Other stories you might like

  • Bill Gates says NFTs '100% based on greater fool theory' amid crypto cataclysm
    Plus: Non-fungible tokens for dummies

    Comment Microsoft co-founder Bill Gates has declared that "expensive digital images of monkeys are going to improve the world immensely."

    He was joking, obviously, though considering Gates's supposed connection to microchips in vaccines, one can never be too careful. What he's talking about are non-fungible tokens (NFTs), which came up at a TechCrunch event in Berkeley, California, on Tuesday. Specifically the Bored Ape Yacht Club variety.

    You know those kids' books where the picture is divided into three (head, body, legs) so you can turn different sets of pages to get a different image? That's what the Bored Ape Yacht Club is for those willingly parted from large amounts of money for the right to stand next to a picture of a cartoon chimp.

    Continue reading
  • Japan lets its banks and other entities issue stablecoins
    Wants private coins to have face value in Yen by 2023

    Japan's parliament has passed legislation allowing Yen-linked stablecoin cryptocurrencies, thus becoming one of the first countries – and by far the largest economy – to regulate a form of non-fiat digital money.

    The regulations stipulate that only banks and other registered financial institutions – like money transfer agents and trust companies – can issue the alterna-cash. Intermediaries, or those who are responsible for the circulation of the currencies, will be required to adopt stricter anti-money-laundering measures. The rules also define stablecoins as digital money and guarantee face value redemption.

    Japan's Financial Services Agency (FSA) floated this regime in a March 2021 proposal. Parliamentary assent for the proposal means it will come into effect in 2023. The regulations will apply to domestic financial institutions as well as foreign operations that target Japanese users. The research material supporting the decision relied heavily on trends in the US and Europe.

    Continue reading
  • Clipminer rakes in $1.7m in crypto hijacking scam
    Crooks divert transactions to own wallets while running mining on the side

    A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

    The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team.

    The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

    Continue reading
  • Even Russia's Evil Corp now favors software-as-a-service
    Albeit to avoid US sanctions hitting it in the wallet

    The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019.

    You might be wondering why cyberextortionists in the Land of Putin give a bit flip about US sanctions: as we understand it, the sanctions mean anyone doing business with or handling transactions for gang will face the wrath of Uncle Sam. Evil Corp is therefore radioactive, few will want to interact with it, and the group has to shift its appearance and operations to keep its income flowing.

    As such, Evil Corp – which made its bones targeting the financial sector with the Dridex malware it developed – is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.

    Continue reading

Biting the hand that feeds IT © 1998–2022