Hackers Steal Over $300k From One of Blockchain's Biggest VCs

A notable blockchain industry investor was hacked today.

AccessTimeIconDec 6, 2016 at 9:38 p.m. UTC
Updated Aug 18, 2021 at 5:28 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

screen-shot-2016-12-06-at-12-46-17-pm
screen-shot-2016-12-06-at-12-46-17-pm

A notable blockchain industry investor was hacked today, the latest target in a string of apparent social engineering attacks that have taken aim at cryptocurrency users.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The hackers claim to have stolen and liquidated 110,000 REP (upwards of $300,000) in the digital currency Augur plus an additional unknown sum of ether, the cryptocurrency on the ethereum blockchain, owned by Bo Shen, founder of VC firm Fenbushi Capital.

    Speaking via Shen's Twitter account, the hacker credited his sale with dropping the dollar value of Augur's digital asset Reputation (REP) from 0.0035 BTC (then roughly $2.60) to 0.0026 BTC ($1.96), a decline that began early this morning. At press time, the price of REP has since recovered to just under 0.0040 BTC, according to data from Poloniex.

    Statements from the hacker suggest that there is currently a team of hackers (or at least a "few") now targeting a full list of Augur investors as part of a string of attacks that have taken place in recent weeks.

    When asked why the group was perpetrating the attacks, the hacker responded:

    "For money obviously."

    The hacker validated rumors circulating online that indicated big sell orders placed in ether and Augur were the result of his group.

    Shen confirmed the hack to CoinDesk, though he did not disclose the total lost in the attack. In response to rumors more than $1m in ether was stolen, he responded the total amount was "less than that" but offered no further details.

    Bribery and retribution

    However, the hacker sought to stress that, in his view, that attacks (at least in the case of Augur) were preventable.

    According to the hacker, the group had previously been in touch with Augur's open-source development team. A prediction market project announced in 2014, the REP tokens Augur issued during its crowdsale have been traded publicly since October.

    Augur core developer Joey Krug acknowledged that he has been in contact with the group before and said the hackers had asked for a $60k ransom that was not paid. Krug further noted that, as the tokens function as digital bearer assets, there is not much the technical community around the project "can do" about the threat posed to users.

    "We've been sending emails out with instructions. If you don't sell REP on an exchange, and store in cold storage, it's fine. But if you store on an exchange, they can engineer your phone number, change your password and use that to login," Krug said.

    As such, the attacks highlight the security challenges investors and blockchain businesses continue to face when storing and safeguarding various cryptocurrencies.

    For example, Augur indicated the attacker was able to glean information (including email addresses) from its public Slack chat group.

    String of attacks

    Notably, Krug suggested that he believes the hacker is the same individual that is responsible for attacks on users of the digital currency exchange Kraken.

    He referred users who are concerned about the attacks to a blog post issued by the exchange in which it detailed the extent of what it believes to be a pervasive issue.

    "In the past month, there’ve been at least 10 cases of people publicly involved in the cryptocurrency scene being victimized by mobile phone hijacking. The consequences have been expensive, embarrassing, enduring, and, in at least one case, life-threatening," the exchange wrote.

    The post advises users against popular communication methods such as phone calls and text messages, and advocates that users provide services like Google Voice with fake information that is more difficult for hackers to surface.

    All in all, the post suggests investors follow a complex series of 40 steps to protect their assets from the attacks. Krug, however, suggested that, for now, investors should be more wary about two-factor authentication when using cryptocurrency.

    Car robbery image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.