Fourth Ethereum Platform Hacked This Month: Hacker Steals $8.4 Million From Veritaseum Platform

An anonymous reader writes: "Veritaseum has confirmed today that a hacker stole $8.4 million from the platform's ICO on Sunday, July 23," reports Bleeping Computer. "This is the second ICO hack in the last week and the fourth hack of an Ethereum platform this month. An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum. Veritaseum was holding its ICO over the weekend, allowing users to buy VERI tokens for a product the company was preparing to launch in the realm of financial services." The hacker breached its systems, stole VERI tokens and immediately dumped them on the market due to the high-demand. The hacker made $8.4 million from the token sale, which he immediately started to launder. In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said "the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material." The CEO also suspects that "at least one corporate partner that may have dropped the ball and [might] be liable." Previous Ethereum services hacks include Parity, CoinDash, and Classic Ether Wallet.

Re:ICO?

The latter, that is "coins in a cryptocurrency that may or may not appreciate". I read a nice essay recently discussing this and comparing it to the dot com bubble which points out how ICOs are mostly dumb even if they aren't a complete scam:

This is what you are buying at a ICO

This is what the founder of Veritaseum says:

Another point that I would like to make clear is that Veritaseum tokens are software that represent our knowledge, advisory and consulting skills, products and capabilities. Without the Veritaseum team, the tokens are literally wortheless! ...all we need to do is refuse to stand behind them and recreate the token under a new contract...

You are buying absolutely nothing of value. They can, at any time, for any reason, move on and declare the tokens as worthless. The tokens have no value beyond today's hype. They are not backed by assets or hedging or anything.

Re:Seems to be not quite ready for prime-time

[Pete+(big-pete)]

Hmm, I really don't know where to start with the misinformation that you're spreading here...

The DAO issue was early in the lifetime of Ethereum, and indeed was a "bad contract", ETH was forked due to the scale of the hack and that it was still a new usage of the cryptocurrency. This is the only time that Ethereum forked because of a hack. People are a lot more careful about how contracts are written after this.

The CoinDash ICO hack was caused by someone hacking the site, and replacing the Ethereum address for the ICO - this is like a hacker hacking into a company site and modifying the bank details for payment - customers paid into the wrong "account". This is not a hack of Ethereum, and nothing to do with the way smart contracts work - it can be done with fiat currency by changing bank details, or any other cryptocurrency (including Bitcoin) by changing the wallet address.

The Parity wallet hack was a sloppy 3rd party wallet implementation - again, if you use 3rd party software for any financial transactions you need to be really sure that you trust the software - this is also not a hack of Ethereum, it was a hack of a 3rd party wallet implemntation - again nothing to do with smart contracts and could have happened for another cryptocurrency wallet (such as a Bitcoin 3rd party wallet).

The Classic Ether Wallet hack was also a hacker taking control of a 3rd party wallet - the same warnings apply as for the Parity wallet hack - again nothing to do with Ethereum smart contracts.

The hack under discussion in this article was a hack of Veritaseum - their VERI tokens were stolen, and these were sold for Ethereum - again, nothing to do with any hack on Ethereum, it was just the cyrptocurrency that the hackers exchanged for their stolen property. They could have sold VERI for Bitcoin, USD, or cheese and it wouldn't make this a Bitcoin, USD, or cheese issue...just as this is not an Ethereum issue.

-- Pete.