Enigma, the cyrptocurrency investment and trading platform, was hacked on 21 August by unknown hacker(s). Around $500,000 in Ethereum has reportedly been stolen by the hackers. The heist hit Enigma as the firm was preparing for a crypto token sale, during the firm's ICO (Initial Coin Offering) pre-sale.
The hackers reportedly created a fake ETH address and tricked users into sending their money to it, by spamming Engima's slack channel and email newsletter for pre-sale coins. TheHackerNews reported that the hackers sent a fake message to users via Engima's Slack channel and email newsletter to trick users to continue sending to the hackers' fake ETH address.
At the time of writing, both Enigma's site as well as the hackers' fake ETH site displayed a warning to visitors of the sites, urging users to not send any funds. Enigma took to Twitter to confirm the attack, adding that it has taken back control of "all compromised accounts, including the website".
The firm also said that no company funds were stolen. Users' wallet addresses, passwords and private keys were not stolen. The firm also confirmed that its social media accounts, including Twitter, Facebook, Telegram and the firm's blog have not been hacked.
Engima also said that it "deeply regrets" the harm and loss the attack caused for its users, adding that all users who have lost funds should email and notify them, and that it was currently investigating the attack. However, the firm is yet to clarify how it intends to handle the aftermath of the hack.
Hackread reported that a Reddit user claimed that the heist stemmed from Enigma's CEO Guy Zyskind's accounts getting hacked. Yet another Redditor claimed that he was able to find Zyskind's email address on the popular data breach index platform HaveIBeenPwned. However, it is still unclear as to how the attack occurred.
This is the 6<sup>th cryptocurrency-related breach and the 5<sup>th Ethereum heist in the past couple of months. Hackers have previously hit the Classic Ether Wallet, Veritaseum, the Parity wallet, Coindash and also stolen from Bittrex.
The escalating hacks against cryptocurrency platforms, especially heists targeted at ICO's indicate that hackers find such platforms attractive targets.