Veritaseum has confirmed today that a hacker stole $8.4 million from the platform’s ICO on Sunday, July 23. This is the second ICO hack in the last week and the fourth hack of an Ethereum platform this month.
An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum.
Veritaseum was holding its ICO over the weekend, allowing users to buy VERI tokens for a product the company was preparing to launch in the realm of financial services.
Hacker stole VERI tokens, sold them for Ethereum
Veritaseum’s founder Reggie Middleton noticed the hack and posted details on the platform’s Slack channel, from where news spread to the BitcoinTalk forums.
Middleton said that a hacker had somehow managed to steal VERI tokens during the ICO. Because the ICO was ongoing and the tokens were in demand, the hacker immediately sold them to other buyers.
In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said “the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material.”
Middleton estimates the hacker or hacker(s) made $8.4 million worth of Ethereum after selling the VERI tokens. The funds were initially dumped in two Ethereum wallets [1, 2], but they have now been siphoned away into other accounts as the hacker proceeded to launder his earnings.
“The hack seemed to be very sophisticated, but there is at least one corporate partner that may have dropped the ball and be liable,” Middleton said. “We’ll let the lawyers sort that out, if it goes that far.” Bleeping Computer reached out to the Veritaseum CEO, but Middleton declined to provide additional comment at this time.
Fourth hack this month
Last week, another hacker stole over $7 million in Ethereum funds from the CoinDash ICO after he took over their website and changed the Ethereum address at which users were supposed to send money to buy their CoinDash tokens.
Also last week, another hacker used a vulnerability in the Parity multi-sig Ethereum wallet to steal over $30 million worth of Ethereum from users utilizing multi-sig wallets created with Parity.
At the start of the month, a hacker took control over the web domain of Classic Ether Wallet and collected the login credentials from multiple users, emptying their accounts along the way.