The cyberattacker targeted ICO participants through a fraudulent “pre-ICO sale” scheme.
Experty’s keenly-awaited ICO has dissolved into disarray after a hacker targeted investors and stole roughly $150,000 in Ethereum (ETH) ahead of the event.
Experty‘s Initial Coin Offering (ICO), also known as a token sale, is designed to raise funds for a “Skype-like voice and video application” which could also take secure payments through the Blockchain.
ICOs are similar to IPOs — but may not be regulated in the same way — and offer investors tokens in a project, rather than shares in a company.
Token sales can be a lucrative endeavor, not only for companies looking to raise funds outside of traditional banking methods but also for traders who invest in the early stages of projects which end up as a success.
However, these time-sensitive events and coin trades have also become a lucrative attempt for attackers seeking to fraudulently cash in.
Experty’s ICO is expected to launch at the end of this month. As first reported by Bleeping Computer, an unknown threat actor sent fraudulent pre-ICO messages to Experty users which had signed up for announcements.
These phishing messages, while littered with poor spelling, urged users to invest within 12 hours to receive bonus Experty tokens (EXY) in exchange for their Ethereum.
The phishing email also contained a wallet address which is not associated with the company.
It appears that many fell for the scam, and while the wallet is now empty, a total of 74 transactions have been made in the last few days in ETH worth roughly $150,000.
Experty uses the Bitcoin Suisse service for handling token sales and so any transfers to this wallet are outside of the firm’s control. In addition, it is possible that more than one wallet was used during the phishing scheme.
However, this does not mean the company is without fault. According to a statement posted on Medium, the hacker was able to find out the email addresses of Experty users as “one of [the company’s] reviewers was compromised and hackers gained access to some information about users.”