Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fourth Ethereum Platform Hacked This Month: Hacker Steals $8.4 Million From Veritaseum Platform (bleepingcomputer.com)

Posted by BeauHD on from the here-we-go-again dept.

An anonymous reader writes: "Veritaseum has confirmed today that a hacker stole $8.4 million from the platform's ICO on Sunday, July 23," reports Bleeping Computer. "This is the second ICO hack in the last week and the fourth hack of an Ethereum platform this month. An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum. Veritaseum was holding its ICO over the weekend, allowing users to buy VERI tokens for a product the company was preparing to launch in the realm of financial services." The hacker breached its systems, stole VERI tokens and immediately dumped them on the market due to the high-demand. The hacker made $8.4 million from the token sale, which he immediately started to launder. In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said "the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material." The CEO also suspects that "at least one corporate partner that may have dropped the ball and [might] be liable." Previous Ethereum services hacks include Parity, CoinDash, and Classic Ether Wallet.

47 of 99 comments (clear)

  1. Thing to do? by Anonymous Coward · · Score: 5, Funny

    Business model: 1. Start a coin exchange. 2. "Get hacked" 3. Profit!! 4. Start a coin exchange...

    1. Re:Thing to do? by phantomfive · · Score: 1

      Is Ethereum really worth billions?

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Thing to do? by sheramil · · Score: 1

      Is Ethereum really worth billions?

      How much advertising money is there in alarmist headlines?

    3. Re:Thing to do? by parkinglot777 · · Score: 1

      $8.4 millon * ( 100 / 0.07% ) = $12 billions

      Easy money.

      Yes, but what Reggie Middleton said, the $8.4m could become $0 in a blink because what they were trading were VERI tokens...

      Without the Veritaseum team, the tokens are literally wortheless! If someone were to someone confiscate 100% of the available tokens, all we need to do is refuse to stand behind them and recreate the token under a new contract.

    4. Re:Thing to do? by codebonobo · · Score: 1

      No, market cap in general is a worthless number and this is made far worse because most of ethereum was premined unlike bitcoin.

  2. And this is what happens... by Anonymous Coward · · Score: 1

    When you attribute real value to something that really has no right to have any value, something you didn't even work for.

    1. Re:And this is what happens... by Anonymous Coward · · Score: 1

      Yes put your money in stocks listed on the Dow and NASDAQ.
      They work for your money with -
            Bundled loans
            Credit default swaps
            Toxic Securities
            Collateralized debt obligations

      and lots of high frequency trades.

      That's good old American short term value.

  3. Ethereum by turkeydance · · Score: 2, Insightful

    Tralfamadore wins

  4. ICO? by JaredOfEuropa · · Score: 3, Interesting

    I know what ICO stands for and I know roughly how it works, but... what do you actually get when you buy tokens in an ICO? Do you actually get a stake in the company, or do you get coins in a cryptocurrency that may or may not appreciate if the "backing" company does well? If it's the former, how does that sit with the SEC or its equivalents? And if it's the latter, how is this any different from an ITO (Initial Tulip Offering)?

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    1. Re:ICO? by PatientZero · · Score: 1

      TFS makes it sound like you pay cash to buy tokens which you may hold or sell yourself for Ethereum, and at some point in the future, the company that sold them originally may decide to buy them back for Ethereum. Hold them if you think the company will go up in value faster than Ethereum or cash (and that the company won't let them get stolen); otherwise, sell them for Ethereum.

      I agree that the SEC probably should be involved here.

      --
      Freedom to fear. Freedom from thought. Freedom to kill.
      I guess the War on Terror really is about freedom!
    2. Re:ICO? by Anonymous Coward · · Score: 3, Informative

      The latter, that is "coins in a cryptocurrency that may or may not appreciate". I read a nice essay recently discussing this and comparing it to the dot com bubble which points out how ICOs are mostly dumb even if they aren't a complete scam:

    3. Re:ICO? by viperidaenz · · Score: 1

      Except they are a complete scam.
      I doubt they were even hacked.

    4. Re:ICO? by Kjella · · Score: 5, Interesting

      From what I understand it's essentially like a theme park where you must buy everything with funny money. The investors buy funny money on the theory that if the park is successful lots of people will want funny money and the value will rise. If it flops, tough. First issue is that they can just burn through the money and fold, people have no ownership and unlike Kickstarter they haven't been "promised" any product or service. You're an investor, the investment failed, too bad. The executive strategy session was a blast though. The real problem though is it if you actually struck gold it would be trivial for the owners to turn your funny money into nearly worthless money and pocket pretty much all the profit themselves. It's a heads I win, tails you lose proposition.

      --
      Live today, because you never know what tomorrow brings
    5. Re:ICO? by DuckDodgers · · Score: 1

      So in theory, Ethereum and a few other cryptocurrencies like Safecoin and Storj.io offer a backing value in computing resources you can buy on the mining network itself. I'm excited by this possibility, and will watch it with interest.

      But today, I'd say the value of any such currency is less than 1% based on those computing resources you can buy and more than 99% another form of gambling (or if you prefer, Ponzi schemes). I haven't see any argument that the current price per computing resource unit is cost-effective vs. renting a box on DigitalOcean or using some PaaS.

      I'm at least five years away from investing in any of this. And that's a best case scenario. The technology may never work the way I hope.

    6. Re:ICO? by Gilgaron · · Score: 1

      Ha, I think I'll start thinking of cryptocurrencies as beanie baby collections.

    7. Re:ICO? by codebonobo · · Score: 1

      ICO = illegal security and are generally scams = https://www.sec.gov/news/press... You get no stake and their is a strong incentive for the company to fail even if it has the best of intentions

  5. Units? by msauve · · Score: 1

    "Veritaseum has confirmed today that a hacker stole $8.4 million"

    Ethereum are not USD. Claiming that someone stole $ is intellectually bankrupt. They "stole" some bits arranged in a fashion that some people assign a value to. Try to convert those bits to USD, and watch the exchange price plummet.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Units? by BradleyUffner · · Score: 2

      They "stole" some bits arranged in a fashion that some people assign a value to. Try to convert those bits to USD, and watch the exchange price plummet.

      How is that any different than the "money" in your bank account? It isn't like that money physically exists anywhere. Iit is also just an arrangement of bits in a bank's computer system.

    2. Re:Units? by brantondaveperson · · Score: 1

      Money doesn't exist at all.

      What exists are people, and places, and resources, and space, and air, and water, and food and time. Money is a mechanism to permit us to exchange these things, and to compare them to each other in a hopefully meaningful way. Without money, you have to spend enormous amounts of time and effort trying to organise all those things. This is what the Soviet Union tried to do with their Five Year Plans.

      That didn't work out so well for them, and millions of people starved. Red Plenty is a very interesting book to read about this period, but you can imagine what trying to organise the movement of people and resources centrally would end up like. It wasn't pretty.

      But money is imaginary. It always has been, even when we thought that gold and money were equivalent things, it was still an invention. It's a bit like the notion of energy in physics, which also doesn't exist except insofar as things like momentum, and charge, and mass, may be represented in terms of it.

      The trouble is that the whole charade doesn't work if you keep inventing different types of money, and start teaching computers to trade in it, to move it around between systems at the speed of light, give or take a clock cycle or two. The stock market is bad enough, chattering and jittering to itself in silent communication, losing and gaining trillions of dollars in ways that mean nothing whatever in the real world. Digital currencies are even worse.

    3. Re:Units? by exomondo · · Score: 3, Insightful

      "Veritaseum has confirmed today that a hacker stole $8.4 million"

      TFA: Hacker Steals $8.4 Million Worth of Ethereum

      Ethereum are not USD.

      No but they have a value in USD.

      They "stole" some bits arranged in a fashion that some people assign a value to.

      And you can "steal" some atoms arranged in a fashion that some people assign a value to.

      Try to convert those bits to USD, and watch the exchange price plummet.

      Even if that were the case, who says you have to do it all in one go?

    4. Re:Units? by msauve · · Score: 1

      "How is that any different than the "money" in your bank account?"

      I'm in the US, so the money in my bank account is directly denominated is USD, not that you show enough knowledge to understand even the distinction between M1 and M2.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    5. Re:Units? by sheramil · · Score: 4, Funny

      They "stole" some bits arranged in a fashion that some people assign a value to. Try to convert those bits to USD, and watch the exchange price plummet.

      How is that any different than the "money" in your bank account?

      I can use the " Money " in "my" bank account to "buy" `food' at the """supermarket""".

    6. Re:Units? by Bongo · · Score: 1

      Yes, it is conceptual/imaginary AND so long as the concept is used with reference to the real stuff, the real value, then it works, helping individuals and groups exchange according to their own brains and circumstances. I.e. Not centrally planned.

      And at some point people can lose track of the real value and you end up with the subprime crisis and all that. And you end up with "banking" that considered itself an industry in its own right generating actual value like a factory making cars, as opposed to the original point of banking which was to support industry (I'm generalising to make the point).

      I don't know how digital currencies fit in with this. If technically they can make possible more flexibility in financing real value generating endeavours, fine. If they are a thing in themselves, "money", then it's just Monopoly money.

    7. Re:Units? by liquid_schwartz · · Score: 1

      Let me guess - you think that 'gold' is real money? Why? It's just an arrangement of atoms with a few limited industrial applications, completely distorted by irrational speculation. But it's shiny, right?

      To be fair gold has other uses than speculation. ~52% is used for jewelry and another ~12% is used annually for industrial uses.

      Citation: http://www.numbersleuth.org/wo...

    8. Re: Units? by KGIII · · Score: 1

      Actually, no. No, they will not accept your physical currency, in many (most?) places. They don't have the expertise to tell if it is legit, they don't know the exchange rate, and they don't know where they can be certain to be able to locally use it.

      Life isn't like the movies.

      --
      "So long and thanks for all the fish."
    9. Re:Units? by BradleyUffner · · Score: 1

      Let me guess - you think that 'gold' is real money? Why? It's just an arrangement of atoms with a few limited industrial applications, completely distorted by irrational speculation. But it's shiny, right?

      No. I think they money in my bank account is real. I'm just saying that it only exists as a pattern of 1s and 0s, in a computer system. I'm saying that isn't fundamentally any different than other digital currency, like BitCoin.

    10. Re: Units? by Gilgaron · · Score: 1

      Has anyone you've bought or sold something with on Craigslist specified Bitcoin over cash?

    11. Re: Units? by codebonobo · · Score: 1

      This happens all the time, and many merchants will offer discounts when you buy goods or services in bitcoin because bitcoin is liquid, eliminated merchant processing fees, eliminates charge back risk.

    12. Re: Units? by Gilgaron · · Score: 1

      I don't see how any of those are relevant to a cash exchange during a Craigslist transaction.

  6. Seems to be not quite ready for prime-time by gweihir · · Score: 2

    Or is it just me and I have overblown expectations?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Seems to be not quite ready for prime-time by Billly+Gates · · Score: 1

      That's the problem. Bitcoin has not been robbed yet through a vulnerability. That is because every user MUST have a local copy of the whole chain for every transaction ever made before he or she can use their wallet. Right now it is over 120 gb.

      Ethereum tries to alleviate this problem but it means without a centralized system it is less secure. Wasn't dodgecoin popular and what about litecoin?

      --
      http://saveie6.com/
    2. Re:Seems to be not quite ready for prime-time by spagetti_code · · Score: 5, Interesting
      I don't think Etherium and their Smart Contracts may ever be ready for the prime-time, at least not without a major shift in technology.

      The problem is the code that gets written to express a contract. Code *always* has bugs, and it requires a great deal of knowledge and expertise to debug. Often these bugs are just so subtle that they live for years inside code - and often no-one looks.

      How is joe-average supposed to invest in and trust a smart contract - there is no way they can verify that the code is correct. I'm a (hopefully better than average) coder and I didn't spot the issue in the Parity wallet that caused a big loss a few days ago (hint - internal methods accidentally made public). I did look. Ditto for the DAO hack.

      Bitcoin has a steady code base that is moving forward in increments, being written/managed by a small number of experienced people (theoretically anyone could check it, but realistically only a few do). Its in a much steadier state. Smart contracts are made by anyone. Very few people understand the tech well enough to verify. Probably even fewer actually look. There will be bugs.

      Even worse... Etherium devs just keep forking the blockchain each time one of these hacks occurs. I expect they will do the same again. Ick. I suggest avoiding like the plague until they figure out how to remove the chance of bugs in smart contracts.

    3. Re:Seems to be not quite ready for prime-time by DontBeAMoran · · Score: 1

      Litecoin is still going strong and Dogecoin is still slowly gaining in value.

      --
      #DeleteFacebook
    4. Re:Seems to be not quite ready for prime-time by Interfacer · · Score: 1

      Even worse... Etherium devs just keep forking the blockchain each time one of these hacks occurs. I expect they will do the same again. Ick.
      I suggest avoiding like the plague until they figure out how to remove the chance of bugs in smart contracts.

      You know that's not true, do you?
      It happened once.

      And that time, it was in a pre alpha project where the amount of stolen money was 14% of the total amount. Forking was fairly easy at that stage of the project, and the stakes were very high.
      These days, forking is not trivial anymore with the project being so big, and the amount of money stolen was a paltry couple of million.

    5. Re:Seems to be not quite ready for prime-time by Pete+(big-pete) · · Score: 3, Informative

      Hmm, I really don't know where to start with the misinformation that you're spreading here...

      The DAO issue was early in the lifetime of Ethereum, and indeed was a "bad contract", ETH was forked due to the scale of the hack and that it was still a new usage of the cryptocurrency. This is the only time that Ethereum forked because of a hack. People are a lot more careful about how contracts are written after this.

      The CoinDash ICO hack was caused by someone hacking the site, and replacing the Ethereum address for the ICO - this is like a hacker hacking into a company site and modifying the bank details for payment - customers paid into the wrong "account". This is not a hack of Ethereum, and nothing to do with the way smart contracts work - it can be done with fiat currency by changing bank details, or any other cryptocurrency (including Bitcoin) by changing the wallet address.

      The Parity wallet hack was a sloppy 3rd party wallet implementation - again, if you use 3rd party software for any financial transactions you need to be really sure that you trust the software - this is also not a hack of Ethereum, it was a hack of a 3rd party wallet implemntation - again nothing to do with smart contracts and could have happened for another cryptocurrency wallet (such as a Bitcoin 3rd party wallet).

      The Classic Ether Wallet hack was also a hacker taking control of a 3rd party wallet - the same warnings apply as for the Parity wallet hack - again nothing to do with Ethereum smart contracts.

      The hack under discussion in this article was a hack of Veritaseum - their VERI tokens were stolen, and these were sold for Ethereum - again, nothing to do with any hack on Ethereum, it was just the cyrptocurrency that the hackers exchanged for their stolen property. They could have sold VERI for Bitcoin, USD, or cheese and it wouldn't make this a Bitcoin, USD, or cheese issue...just as this is not an Ethereum issue.

      -- Pete.

      --
      Monochrome - Probably the UK's largest internet BBS
    6. Re:Seems to be not quite ready for prime-time by slashways · · Score: 1

      Litecoin and Dogecoin are not premined cryptocurrencies; At least this reduces the risk of pump and dump scheme; This is what we see a lot of the time for the last few years when the 'ICO' concept is involve...

  7. STOP!! My RX 470 is for sale by Billly+Gates · · Score: 1

    Please wait until after I have a purchaser before hacking so I can get my free GTX 1080 please?

    --
    http://saveie6.com/
    1. Re:STOP!! My RX 470 is for sale by sexconker · · Score: 1

      I have two RX 470s. The best ones, actually. The Sapphire RX 470 Nitro+ with 8 GB of (Samsung) memory clocked at 2000 MHz by default.
      If you want to buy from Billy G over here, hit me up first. I'll undercut that bitch.

  8. It's like by fredrated · · Score: 1

    money out of thin air!

  9. Re:Etherium delerium? Tedium! by DontBeAMoran · · Score: 2

    My 100K Dogecoins beg to differ. You may laugh at their combined value now, but in a few years you'll be laughing even more.

    --
    #DeleteFacebook
  10. Lord I hope you two are joking by rsilvergun · · Score: 1

    but right now it does looks like CPUs and graphics cards are being scalped.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  11. This is what you are buying at a ICO by Anonymous Coward · · Score: 5, Informative

    This is what the founder of Veritaseum says:

    Another point that I would like to make clear is that Veritaseum tokens are software that represent our knowledge, advisory and consulting skills, products and capabilities. Without the Veritaseum team, the tokens are literally wortheless! ...all we need to do is refuse to stand behind them and recreate the token under a new contract...

    You are buying absolutely nothing of value. They can, at any time, for any reason, move on and declare the tokens as worthless. The tokens have no value beyond today's hype. They are not backed by assets or hedging or anything.

  12. Re:Etherium delerium? Tedium! by sheramil · · Score: 1

    When will we all admit that this crypto-currency crap is all just a pipe dream for some, and a scam for others? Worthless crap.

    I have to disagree. It's a pipe dream for some, and a scam for everybody.

  13. scam by D,Petkow · · Score: 1

    3 big hacks in a month, seems legit.

  14. ICO Platform Hacked, not Ethereum Platform by EmagGeek · · Score: 1

    Calling this an "ethereum platform hack" is not just an inaccurate statement, it is a bald-faced lie.

    What was hacked was this company's ICO platform, and TOKENS were stolen, NOT ETHER.

    Can we please, please, pretty please with sugar on top, do at least a TINY bit of fact-checking and editorial review here?

    Oh wait, this is slashdot... nevermind.

  15. Micky Mouse Accounting by ITMagic · · Score: 1

    Statement of "0.07% was lost". This netted a value of $8.4m. Is someone honestly trying to suggest that the total offering is worth $12bn ?
    For what???

    I obviously know nothing at all about cryptocurrencies...

  16. Re:Etherium delerium? Tedium! by tomuo · · Score: 1

    If you read "The Madness of Crowds", Tulip mania is even closer to cyrptocurrencies. At the height of the Tulip bubble, people were trading pieces of paper that "promised future delivery of a Tulip". The good tulips themselves were time consuming items to cultivate, so "exchanges" were set up at street corners to trade the paper promising future tulips. No-one verified that any particular piece of paper was tied to a real tulip, so the last person holding it eventually found it worthless. Everyone agreed that having pretty colored tulips in your home would be nice (i.e. ICO promises), but in the meantime just trading the paper gave you a profit. The actual value of the tulips was small.