The internal email system of the parent company of EOS ICO, Block.one was compromised by some digital hackers, and as a result, it appears that investors have lost millions of dollars, Fortune reported.
According to Fortune, the hack was straightforward: anonymous online scammers breached the email system of Block.one, and then the scammers sent messages to the investors of EOS. The details of the investors were breached by the hackers and this information was used to steal EOS and Ethereum EOS tokens from investors under a fraudulent giveaway.
This means some of the $4 billion of a year-long ICO by EOS won’t ever reach its destination to fund the development of new blockchain software by a startup called Block.one.
The hackers allegedly made use of the compromised email platform, which was powered by the cloud software provider, Zendesk. After Zendesk was compromised, the hackers sent out spoofed phishing emails to a fraudulent EOS website under the domain name of “https://xn--es-8bb.com” which web browsers would translate to eȯs.com.
Gettin some legit looking scam emails claiming to be giving away the remainder of $EOS distribution tokens. Everyone is thirsty out there stay safe and protect your coin!
Never supply anyone with your private keys! pic.twitter.com/eSZZezkWuB
— Josh Brown (@jbbasics) May 31, 2018
Block.one admitted over the weekend that its email system had been compromised in a blog post statement.
It seems crypto projects are like feeding grounds for fraud, scammers and simple hacks such as this. The details of thousands of investors were extracted by the investors, which helped them steal their EOS and Ethereum (ETH) tokens worth millions.
“The scammers pretended to provide free tokens as part of a giveaway. The investors were looking forward to getting free EOS and ETH tokens, instead, the hackers stole the coins that they had. The investors lost millions of dollars.”
While investors have trusted Block.one. and while Block.one has sold almost all of its one billion EOS coins to investors, a significant portion of them — along with the cryptocurrency Ethereum often used to purchase EOS — are ending up in the hands of the hackers. At the time of this report, it is not yet known how much damage has been done.
Even Fortune itself was a recipient of the scam: a sophisticated professional-looking email, four of which were sent directly to Fortune’s inbox. The emails, two of which came bearing the subject line “The most anticipated event has arrived!” feature EOS’s gem-like chestahedron logo and multiple links to Block.one’s actual website (including an official-seeming copyright line at the bottom).
Here are some key things to know about what the hackers did to prevent this from happening again.
- The phishing emails provide a button for recipients to “claim” EOS’s “unsold tokens” during the last 48 hours of the ICO.
- The button takes you to a website that is exactly identical to the EOS homepage but it’s a spoof.
- The only problem is the scam site’s web address is “eȯs.com,” a nearly obscure dot above the o — a mark only found in the dead language of Livonian, once spoken in parts of Latvia.
- EOS’s actual website is eos.io.
- The underlying URL for the fake site is actually “https://xn--es-8bb.com”—a foreign domain that translates to eȯs.com thanks to web browsers’ so-called punycode.
- The tell-tale sign of the scam is a phishing site prompts visitors to enter their private key to unlock their digital cryptocurrency wallets to receive the EOS airdrop.
This comes after several major security flaws were discovered in the EOS blockchain prior to its mainnet launch, some of which can be exploited by hackers to remotely execute arbitrary code on EOS nodes, SC Magazine UK reported.
The RCE (remote code execution) flaw was discovered by Chinese security researchers at Qihoo 360—Yuki Chen of Vulcan team and Zhiniang Peng of Core security team—the vulnerability is a buffer out-of-bounds write issue which resides in the function used by nodes server to parse contracts.
According to research from six independent snapshots of EOS ownership, it was revealed that only ten addresses hold almost 50% of the total supply. Almost 500 million EOS tokens equating to 49.67% of the total 1 billion supplied are held in 10 addresses. The company behind the EOS ICO, Block.one, holds 100 million tokens, or 10% of the total.
EOS is currently trading at [FIAT: $13.54] Down -10.03% according to Coin Market Cap at the time of this report.