A group of scammers have profited more than $600,000 by launching spambots into Slack channels of public Ethereum communities.
According to a public address shown on Ethereum block explorers including Etherscan, funds stolen by the automated spambot have already been cashed out. Only $600 is remaining in the Ethereum wallet address shown below:
Almost immediately after receiving reports from victims that have lost thousands of Ethers (Ethereum’s native token) within a span of three days, the Etherscan development team marked the address shown above as a suspicious account, stating “There are reports that this address was used in a Phishing scam. Do not send your funds here.”
Victims who have lost both Ethereum and ICO tokens such as Bancor from the Slack scambot phishing scam are planning to file reports to the Interpol and other cyber law enforcement agencies with the hope of recovering their funds.
How Were Funds Stolen?
According to the victims, scam links were inserted into both private and public slack channels. Links redirected users to websites designed identically to existing initial coin offerings (ICOs). Using replicas of successful and popular ICO websites, hackers were able to use Slack spambots and divert ICO funds elsewhere.
A victim wrote in the Etherscan online forum:
“Please send back my 4.5 ETH and 1000 BANCOR. I’m a student and really in serious trouble right now.”
Some victims of the phishing attack placed the blame on Slack, which evidently is not responsible for the losses of the victims, for allowing spambots and phishing links to go through. However, it is the responsibility of Slack channel owners to invite or approve verified accounts.
Importance of Due Diligence
The ICO market itself has transformed into a bubble-like industry, with investors rushing into the market to purchase tokens of blockchain projects and networks that have no uses and purposes. More importantly, the vast majority of ICO projects that have raised millions of dollars in funding haven’t even presented alpha-tested software, with most projects being pre-alpha software without active user bases and viable projects.
Because of the bubble-like trend of the ICO market, an increasing number of blockchain companies have begun to take advantage over cryptocurrency investors, traders and enthusiasts. Blockchain projects that do not require ICOs have started to conduct ICO campaigns and developers have started to excessively overvalue their projects and raise more investment than they actually need.
It is absolutely necessary and important to conduct proper research, evaluation, analysis and due diligence before investing in ICOs. Investigating into the long-term development roadmap, the purpose of tokens and the estimated delivery date of software are important factors to consider.
More importantly, basic descriptions and details such as accurate bitcoin and Ethereum addresses and website links should be verified again before sending funds to avoid phishing scams.
Image Credit: Creative Commons; No Attribution Needed