Enigma, the investment platform that is preparing for an ICO next month, confirmed today that it will refund members of its community who lost money after a scammer compromised its social accounts.
Around $500,000 in crypto coins were stolen on Monday after a hacker fooled prospective investors in Enigma’s ICO into sending Ethereum to their wallet. The attacker gained access to Enigma’s Slack community, website and some of its mailing lists to posts the messages, apparently because CEO Guy Zyskind had not changed a previously compromised password for his email account.
Social engineering in Slack, Telegram and other communications channels has become normal for ICOs — scammers are drawn to a chance to reach thousands of people who want to make money — and companies are generally wise to this. Enigma had warned would-be investors that they should not send any cash prior to its public ICO on September 11. Still it has said it will help those who were scammed to get their money back, as Zyskind wrote on Medium:
So we are taking responsibility. We are deeply sorry for the pain experienced by those who lost funds to the scam attempt, and we want to make sure that no one in our community that was a victim to this well-coordinated phishing attack is financially hurt. We will restore funds to everyone that lost money in this recent scam attempt after our token sale concludes. We’ve already been in direct contact with some of the affected parties. If you lost funds and have not yet contacted us, please reach out to firstname.lastname@example.org with information about yourself and your transactions. We will work with our community on a case by case basis.
This is a good move from Enigma, particularly since it was its poor security that caused the incident in the first place.
Most importantly, though, it is a gesture that the company — which was created by MIT students — can seemingly afford since it just completed a $20 million pre-sale allotment for its ICO. It plans to add $10 million more via the public part of its ICO next month, so $500,000 is a small portion of that $30 million total.
The ultimate goal of the Enigma ICO is to develop a system that makes it easy to create a hedge fund focused on crypto currencies by providing data and other necessary infrastructure off the bat.
On Monday Enigma said it had introduced new security measures, including strong passwords and two-factor authentication for all employee email accounts, as moves ahead towards that September 11 token sale.
Previous ICOs have been impacted when attackers took control of token sale sites and added third-party wallet addresses to syphon money into their account. That was the case with CoinDash, which lost $7 million in July, and Veritaseum, which had $8.4 million stolen in a ‘victim-less’ hack the same month.