You don’t need us to tell you that Ethereum has a nagging hacking problem.
People have carried out a lot of transactions using Ethereum.
And consequently, have lost millions of dollars in just over a year.
How did they lose the money?
The lost it via heists.
So what’s the problem then?
Is it Ethereum?
Is it its code?
Well, what researchers have found out that even though people have lost a lot of money while using Ethereum, the problem isn’t really related to its code.
In other words, people haven’t always lost their money because of a particular vulnerability in the Ethereum code.
The problem is the people themselves.
Let’s try and explain that a little bit.
What On Earth Is Ethereum And Why Do People Use It?
Ethereum came onto the online payment scene back in 2013.
It worked both as an app platform and as a cryptocurrency.
As we write this article, Ethereum currently has a ridiculous market cap of about $32 billion US dollars.
That’s a lot of money.
So why aren’t the people behind Ethereum making transactions more safe/
Well, the problem with Ethereum has really sprung up in the last year or so.
Because people have used Ethereum to dump a literal ton of money into the currency’s experimental code.
This Ethereum code did not exist if you just go back five years.
Since this Ethereum code is experimental, people are relying on nothing other than hope that Ethereum and its system’s so called smart contracts would keep all of their Ethereum investments secure and safe.
In the real world, that just doesn’t happen.
And that’s what we have witnessed.
Ethereum hasn’t given these people positive results.
And as a result, things have not turned out the way these investors had hoped.
The media covering the industry has witnessed multiple instances where hackers made off with other people’s investments by taking advantage of these “code contracts” that have poor quality code.
Time For An Example
Last years, we all witnessed the famous DAO hack.
Attackers used the DAO hack to steal an amount that surpassed the $50 million mark.
MOreover, we also saw the much recent cyber hack which affected a lot of multi-signature wallets.
All of these multi signature wallets had one thing in common:
Coders had created all of these multi signature wallets with the cryptocurrency known as Ethereum.
And people used a technology by the name of Parity, which is an Ethereum client that works right from your browser.
In total, people lost close to $32 million by using the Parity Ethereum client.
But Ethereum has a lot of other problems to deal with as well.
One of the biggest problems that Ethereum has to face now is human greed.
Of course, we’re talking about human greed that causes all these hacking events.
And one could just go ahead and call it folly rather than just greed.
Moreover, no one can blame Ethereum and its vulnerable code for these hacking incidents.
Because they are simply not the reason why people have lost so much money.
Buggy code is a problem but not as big as human greed.
Researchers have identified a disturbing pattern.
And this patterns has repeated itself multiple times.
And we’re just talking about the last year alone.
Here is what happens:
A hacker, any hacker, hacks into some website or online accounts that belong to a company that raises funds from the very generous Ethereum community.
The hacker can also pose as an official representative of any the hacked company or online account.
Then the hacker tricks people, or investors with too much eagerness, into wiring him/her/them huge sums of money as investment.
Many media reports have published stories where individual hackers have made as much as $7.4 million from the Ethereum community with simple hacking tricks.
So How Does This Hacking and Money-Stealing Happen?
The fraud usually takes place during, and not after, an ICO.
What’s an ICO?
An ICO is an abbreviation for the term Initial Coin OFferings.
This is where a given Ethereum application can raise some much-needed funds.
And they do so by selling tokens.
Buyers can use these tokens to interact with the seller’s Ethereum app.
And as the process moves along, the value of these tokens increase in their value.
As you can probably imagine, the current Initial Coin Offering market is rather red-hot.
People usually line up to buy tokens.
Of course, there is no physical line up.
But speaking from a digital perspective, they do line up to buy these ICO tokens.
So how do they buy the actual tokens?
That process is simple as well.
They usually send money to the ICO companies.
As soon as a company launches its token sale, people start to invest in their tokens.
How do companies announce their ICO events?
Usually, companies announce their ICOs with nothing more than just a string of text.
Companies use their website to upload this string of text.
This “text” informs the people how to buy their tokens.
The company also informs the investors where they should send their money in order to buy these tokens.
Of course, people or investors have to pay the company in the form of Ethereum, the cryptocurrency.
Using such ICO events, some companies have managed to raise millions, if not tens of millions, of US dollars in a matter of minutes.
Okay. People Want To Buy Tokens Via Ethereum ICOs. Where Is The Part About Human Greed?
Let’s talk about where human greed comes into play.
Fundamentally speaking, these initial coin offerings form the perfect nexus of three things.
These three things are as follows,
- Human greed
- Huge amounts of money changing human hands in a very short amount of time
- A less than “strong” security vector i.e a website.
So after knowing the nexus, can someone really blame a hacker for wanting to exploit such as situation?
Hacker’s aren’t exactly known for their patience.
And if they see an opportunity begging for exploitation, then they will happily oblige.
They can’t resist it because the payoff can reach astronomical levels as we have already mentioned before.
So is there a regulator of something that can sort things out?
There is, but how big of a role can a regular play?
If it is worth anything then the United States Securities and Exchange Commission has actually planned to bring in some more regulations for Ethereum transactions.
But our research tells us that these regulations are likely to manage specific types of Initial Coin Offering tokens.
Just this past Monday we probably saw the latest example of such phenomena taking place.
Media reports have published that around 8 AM EST, an Ethereum project by the name of Enigma excitedly announced an interesting message about the company’s ICO.
Most of our readers would know that Enigma, currently, is quite busy and rather engaged in taking care of its Initial Coins Offering pre-sale.
So what was that announcement?
Well, Enigma informed all those concerned that the company’s website had been hacked.
Its mailing lists along with Slack accounts had also been compromised.
OF course, the announcement did little for the investors.
Because the announcement came too late.
The people who showed interest in the company and its message had already moved ahead and had sent around 1000 Ether directly to an account that (as everybody found out later) hackers controlled.
So how much is 1000 ether?
It turns out, 1000 ether is equal to $500,000 US dollars.
That’s almost half a million dollars.
A TechCrunch report also mentioned that the CEO of Enigma, Guy Zyskind, had lost his email account.
In other words, hackers had compromised Guy’s account.
But they had done so in a previous hacking data breach.
The report also mentioned the fact that the account did not have the option of two-factor authentication enabled.
If Hackers Had Taken Over Enigma Accounts, How Did The Company Informed The People About The Hack?
They did so via their official Telegram channel.
The Enigma team wrote in an official announcement that the company had engaged with the problem.
In other words, representatives of Enigma had identified the problem and they had started to work on implementing additional but important security measures for their community.
The company also said that its staff was working very hard at the problem and the company would share more information with its community about further possible steps.
As mentioned before, Enigma didn’t win the prize for being the first company who got its ICO hacked.
The industry experienced a similar event just a month ago as well.
In around mid of July actually.
That time, CoinDash (another company) had begun its preparations for the launch of the company’s official Initial Coin Offering.
But, as fate would have it, right around the time of launch, a cyber hacker managed to compromise CoinDash’s official website.
Then the hacker moved ahead and replaced CoinDash’s contract address.
The hacker changed it to the one that the hacker and his/her team controlled.
After that, it took about five minutes for the hacker to snag around $7 million worth of Ethereum, the cryptocurrency.
As you probably would have guessed, all of this money came from people who had lined up in order to invest in the official CoinDash Initial Coin Offering.
Examples, Examples, Examples
Let’s take another example where we see how human greed combined with lack of necessary caution can lead to a lot of harm.
But just before that, we have to mention that nowhere in these situations can you blame the Ethereum code.
Scammers are clever people.
And they know how to fleece people.
Especially those people who are just overly eager to become Ethereum investors.
In early July we all saw a rash of cyber phishing attacks that resulted in people erroneously sending around $600,000 of their hard earned money away directly to hackers.
Of course, this July case had its own defining characteristics.
In the early July case, reports published in the media said that scammers had made off by spamming people in their Ethereum official Slack channels.
What did they spam them with?
Hackers spammed these “investors” with links that apparently lead these people to websites that allowed them to invest in different but legitimate Initial Coin Offerings.
Of course, all of these links lead people to fake website pages that hackers controlled from behind the curtains.
Perhaps, this is a good time to mention that some people who could have become victims only became potential victims because they managed to see right through the ruse.
Those “investors” who showed too much eagerness and desperately wanted to cash in on one of their Initial Coin Offering craze ended up giving their money away to hackers behind those fake web pages.
This Is Crazy. But That Doesn’t Make This Situation Necessary.
In other words, if common sense had prevailed, all these disaster situations could have been much less destructive.
Moreover, if people and company exercise all the necessary precautions then most of these hacking situations are completely unnecessary.
So what’s the easiest method in order to avoid these type of disastrous situations?
Well, as mentioned before, the best way to avoid such hacks it to exercise that thing called caution.
Caution on whose part?
On the part of investors of course.
But that doesn’t mean that the people who are running these Initial Coin OFferings are off the hook.
They need to make sure that all of their Initial Coins Offering events are secure.
Moreover, they should improve their internet security measures.
In order to do say, they will have to hire better professionals who can lock down their internet security game for good.
Now, coming back to the major problem that is, the investor.
Investors have to calm themselves down.
Of course, the situation is worsened by the fact that Initial Coin markets actually discourage caution.
The answer is simple.
Companies hype up their Initial Coin Offerings for days if not weeks.
Which is of course, too far in advance.
Most of the time, these companies have also set up countdown timers right to the moment where the company reveals its address.
People can then use this address to send their hard-earned money.
Furthermore, companies also try to blow their ICO’s hype out of proportion by offering more products on display.
Although it is another fact that most of these Initial Coin Offerings launch without any sort of a product to move forward with.
Hence, these Initial Coin offerings aren’t really ICOs.
These are basically Kickstarter campaigns augmented with steroids.
Hence people should not consider these as viable investments.
Some even believe that this investing in these tokens is probably as wise as a gambling.
Speculators fill the market and are eager to get on with business right on the ground floor.
Because as the Initial Coin Offering nears its end, the value of the sold tokens can, and usually does, go upwards.
Hackers make use of this model in order to carry out exploit attacks.
And as we have mentioned before, they can make off with thousands of dollars and sometimes even with millions.
Of course, victims can’t get their money back.
Because cryptocurrency transactions, by their nature, are irreversible.
The worst part about the whole situation is that with some caution and preparations, all of those is easily avoidable.