Fourth Ethereum Platform Hacked This Month: Hacker Steals $8.4 Million From Veritaseum Platform

An anonymous reader writes: "Veritaseum has confirmed today that a hacker stole $8.4 million from the platform's ICO on Sunday, July 23," reports Bleeping Computer. "This is the second ICO hack in the last week and the fourth hack of an Ethereum platform this month. An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum. Veritaseum was holding its ICO over the weekend, allowing users to buy VERI tokens for a product the company was preparing to launch in the realm of financial services." The hacker breached its systems, stole VERI tokens and immediately dumped them on the market due to the high-demand. The hacker made $8.4 million from the token sale, which he immediately started to launder. In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said "the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material." The CEO also suspects that "at least one corporate partner that may have dropped the ball and [might] be liable." Previous Ethereum services hacks include Parity, CoinDash, and Classic Ether Wallet.

Thing to do?

Business model: 1. Start a coin exchange. 2. "Get hacked" 3. Profit!! 4. Start a coin exchange...

Re:Seems to be not quite ready for prime-time

[spagetti_code]

I don't think Etherium and their Smart Contracts may ever be ready for the prime-time, at least not without a major shift in technology.

The problem is the code that gets written to express a contract. Code *always* has bugs, and it requires a great deal of knowledge and expertise to debug. Often these bugs are just so subtle that they live for years inside code - and often no-one looks.

How is joe-average supposed to invest in and trust a smart contract - there is no way they can verify that the code is correct. I'm a (hopefully better than average) coder and I didn't spot the issue in the Parity wallet that caused a big loss a few days ago (hint - internal methods accidentally made public). I did look. Ditto for the DAO hack.

Bitcoin has a steady code base that is moving forward in increments, being written/managed by a small number of experienced people (theoretically anyone could check it, but realistically only a few do). Its in a much steadier state. Smart contracts are made by anyone. Very few people understand the tech well enough to verify. Probably even fewer actually look. There will be bugs.

Even worse... Etherium devs just keep forking the blockchain each time one of these hacks occurs. I expect they will do the same again. Ick. I suggest avoiding like the plague until they figure out how to remove the chance of bugs in smart contracts.

Re:ICO?

[Kjella]

From what I understand it's essentially like a theme park where you must buy everything with funny money. The investors buy funny money on the theory that if the park is successful lots of people will want funny money and the value will rise. If it flops, tough. First issue is that they can just burn through the money and fold, people have no ownership and unlike Kickstarter they haven't been "promised" any product or service. You're an investor, the investment failed, too bad. The executive strategy session was a blast though. The real problem though is it if you actually struck gold it would be trivial for the owners to turn your funny money into nearly worthless money and pocket pretty much all the profit themselves. It's a heads I win, tails you lose proposition.

This is what you are buying at a ICO

This is what the founder of Veritaseum says:

Another point that I would like to make clear is that Veritaseum tokens are software that represent our knowledge, advisory and consulting skills, products and capabilities. Without the Veritaseum team, the tokens are literally wortheless! ...all we need to do is refuse to stand behind them and recreate the token under a new contract...

You are buying absolutely nothing of value. They can, at any time, for any reason, move on and declare the tokens as worthless. The tokens have no value beyond today's hype. They are not backed by assets or hedging or anything.

Re:Units?

[sheramil]

They "stole" some bits arranged in a fashion that some people assign a value to. Try to convert those bits to USD, and watch the exchange price plummet.

How is that any different than the "money" in your bank account?

I can use the " Money " in "my" bank account to "buy" `food' at the """supermarket""".