Security in the digital environment and the Internet in general, will always be an issue of prime importance, and even more in the context of cryptocurrencies and Blockchain technology. The nefarious theme of hacking is an ubiquitous problem in this. With financial freedom comes the weight of responsibility, and despite their merits, the cryptocurrencies are not exempt from situations of scams and hacks.
One company that was recently the target of this hacking scourge was Catalyst. This company is an investment platform based on machines for cryptoassets. The long-term goal of Catalyst is to create a market for trading strategies, where investors can buy strategies that match their investment goal. In short, Catalyst aims to offer a market where developers can create and sell commercial algorithms. Investors can buy these robots through Catalyst in hopes of emulating their financial success.
In addition to facilitating an open market for trading algorithms, Catalyst also significantly reduces entry barriers for those who want to experiment with the trading of cryptocurrencies using algorithms.
Catalyst owners plan to acquire funds for the platform using an ICO. A distinguished white list of investors could buy chips in mid-August 2017, but for regular investors, the symbolic sale should begin on September 11, 2017.
Unfortunately many investors who had an interest in Catalyst fell victim to scam as a result of an attack directed against the CEO of Enigma – company owner of Catalyst – Guy Zyskind. Zyskind accounts were compromised, allowing attackers to conduct a highly effective phishing attack.
The attackers used Zyskind’s credentials to change the Ethereum address on the Catalyst website and used the “notification email” sent to all users in the Google account’s pre-sale list.
In addition to this, the attackers quickly kicked all the administrators of the Zyskind Slack chat and posted an announcement that the pre-sale of the Catalyst tokens was now open to the public
Naturally, investors jumped at the first opportunity to participate in the public pre-sale. Investors were advised that they could obtain ENG, the enigma token, by sending ETH to this address. The address in question is now widely recognized as a phishing address, and those who attempted to participate in the pre-sale were vilely scammed.
In terms of numbers, the phishing scam would have amassed around 1500 ETH, which is equivalent to approximately $ 500,000.
There are some important lessons to learn from this incident. To avoid being hacked in a similar way to Zyskind, it is recommended, among other things, the following things:
- Use a different password for each of your accounts. If you use the same password on all services, a single loss of data can put your entire digital identity at risk. Since remembering a set of unique passwords is not feasible, it is recommended that you use a password manager.
- Use two-factor authentication whenever possible. 2FA requires that you enter a special code from your mobile phone before you can log in. Thus, with 2FA enabled, an attacker would need his password and his phone to hack his accounts.
- Check the Have I Been Pwned? service regularly In order to verify if your credentials were found in any data leak, and be mindful regarding the amount of information you give online.
Check all data when sending funds. Never send more money than you can afford to lose. And remember: the foresight and prevention will never leave you bad.
We invite you to follow the day by day about the cryptocurrencies, blockchain and bitcoin world at Crypto-economy.