Member preview

Block.one was Hacked EOS tokens worth Millions Scammed from Investors

Coin Crunch India

All is not well in the EOS MainNet launch. An elaborate scam has taken place with the victim being Block.one. The internal system of the parent company of EOS ICO was compromised by some digital hackers, and it apperas Investors have lost millions of dollars.

Investors Lose Millions in EOS and ETH Tokens

According to Fortune, the hack plot was pretty straight forward: some anonymous online scammers had hacked into the system of Block.one, and scammers sent messages to the investors of EOS. The details of the investors were breached by the hackers and this information was used to steal EOS [EOS] and Ethereum [ETH] tokens from the investors.

This means some of the $4 Billion of a year long ICO by EOS won’t ever reach their destination, that is, to fund the development of new blockchain software by a startup called Block.one, co-founded by former actor Brock Pierce.

They allegedly made use of the compromised email platform, which was powered by the cloud software provider, Zendesk. It seems crypto projects are like feeding grounds for fraud, scammers and simple hacks such as this. The details of thousands of investors were extracted by the investors, which helped them steal their EOS and Ethereum (ETH) tokens worth millions.

The scammers pretended to provide free tokens as part of a giveaway. The investors were looking forward to getting free EOS and ETH tokens, instead, the hackers stole the coins that they had. The investors lost millions of dollars.

While Investors have trusted Block.one. and while Block.one has sold almost all of its one billion EOS coins to investors, a significant portion of them — along with the cryptocurrency Ethereum often used to purchase EOS — are ending up in the hands of hackers. It’s not known yet how much, according to the sources I could find covering this early story.

Even Fortune was the recipient of the scam: this often takes the form of a sophisticated-looking email, four of which were sent directly to my Fortune inbox. The emails, two of which came bearing the subject line “The most anticipated event has arrived!,” feature EOS’s gem-like chestahedron logo and multiple links to Block.one’s actual website (including in an official-seeming copyright line at the bottom).

Screenshot from Fortune
  • The Hacks provide a button recipients to “claim” EOS’s “unsold tokens” during the last 48 hours of the ICO.
  • The button takes you to a website that is identical in color, background, font and other design elements to the EOS homepage.
  • The only problem is the scam site’s web address is “eȯs.com,” a nearly imperceptible dot above the o — a diacritic mark only found in the dead language of Livonian, once spoken in parts of Latvia.
  • EOS’s actual website is eos.io.
  • The underlying URL for the fake site is actually “https://xn--es-8bb.com”—a foreign domain that translates to eȯs.com thanks to web browsers’ so-called punycode.
  • Eventually, the phishing site prompts visitors to enter their private key (a cryptographic password of sorts used in blockchain technology) to unlock their digital cryptocurrency wallets to receive the EOS airdrop — a request that is virtually always a telltale sign of a scam, allowing a thief to clean out the contents of the victim’s account.

Is Block.one Secure?

Block.one has admitted over the weekend that an intruder had managed to breach its email support system, operated by cloud software provider Zendesk. Therefore it would seem they are at least somewhat responsible and potentially legally liable.

Users on Reddit of been lamenting that they fell for the scam and lost typically tens of thousands of dollars. Although Block.one temporarily shut down its Zendesk system and urged its supporters to be on “high alert for scams” in a statement published on its website Sunday, the phishing attacks have continued on other fronts.

Crypto Phishing Scams

While phishing scams typically target the elderly and vulnerable. MainNet launches and ICOs where transference of funds take place are prone to these sorts of scams too.

The EOS attacks are cunningly designed to make victims let their guard down. It’s very hard to tell that they have been led down a dummy fake micro-site. Ironically, the same web page that steals private keys is plastered with phishing warnings and security reminders that make visitors feel safe. Above all, token giveaways (at the end of an ICO) should be considered suspicious and warrant extra vigilance.