Ironically named after the seemingly unbreakable German cryptomachine used in WWII, the Enigma was compromised before the launch of its ICO. The reasons behind the hack are extremely inexcusable and something that you just cannot expect from experienced programmers working on a project this big and centered on security of things.
Enigma was a new cryptocurrency that was set to launch its ICO in September this year. Hardly two weeks before the launch a few days ago, an account of the CEO Guy Zyskind was hacked and the hackers used his email to compromise the slack account and send spam to 9,000+ users associated with the account, directing them to deposit Ether in their account at short notice. More than 1492 ETH was given to the hacker by unsuspecting users which is currently worth around $497,000. When the team got wind of it, the slack group and the websites were taken down and resumed its development via Twitter and Telegram group. But the damage had been done and the currency’s image was shaken badly. While there have been worse attacks like the ones suffered by Veritaserum and CoinDash, who both lost $8 million and $7 million in total,
The nature of the hack was most inexcusable since it was found later by Reddit users that personal account of CEO Guy Zyskind didn’t even have two factor authentication as he didn’t take the time to implement it. The account was compromised and his password was changed. The email account was used to access the slack group and from there, the unusual spam requests were made. Even though Enigma team had categorically stated that the company won’t be needing any money for investment till the ICO, the users forgot that and still sent the money anyway. That was an error on their part but who wants to lose the opportunity to get coins for real cheap these days when the announcement is coming from a reputed firm’s official accounts?
So the official Engima website wasn’t even hacked, its system wasn’t even hacked and it is really sad that such a small mistake cost the company so much. I don’t know how the cryptocurrency will fare in the incoming ICO but it won’t be as good as they were hoping certainly.
What we can learn from this failure is that the sanctity of your personal account matters and you should take time and invest in its security especially a 2-step authorization usually involving your phone. There have been countless instances of people having lax security on their accounts and paying for it. Remember that cyber security is not a joke.