A criminal has apparently successfully stolen about $150,000 by tricking people participating in the cryptocurrency, Experty, ICO pre-sale into sending their payments to a fraudulent cryptocurrency wallet addresses. While the phishing messages contained spelling and grammatical errors - suggesting that the author was not based in an English-speaking country - they did contain an offer of extra Experty tokens if buyers made their purchase within 12 hours, and were sent to people who had requested information on the ICO and who were, therefore, likely expecting to receive ICO pre-sale offers via email. Apparently, the targeting and sense of urgency worked, as 74 Ethereum transfers (presently valued at over $150,000 in total) took place to at least one the fraudulent addresses provided by the criminal before the account was the scam discovered, and instances of the phishing email have been seen containing other addresses, so, perhaps even more was stolen.
Experty is an upcoming blockchain based application that allows experts to monetize their skills through a Skype-like voice and video communications application. It utilizes smart contracts denominated in Experty's native token, EXY, to allow companies obtain the talent that they need, while guaranteeing payment to those who provide it.
Social engineering - often blended with a breach - remains, by far, the number one way of attacking ICO participants and early-stage blockchain companies.
In this case, targeting likely dramatically upped the criminals' rate of success; for obvious reasons, the list of people who have signed up to be notified as to how to participate in a particular ICO should be protected and remain confidential on a need-to-know basis to only the relevant people at the company running the ICO and their agents. In this case, however, a criminal was apparently was able to obtain a list of participants and their email addresses; it is believed that he/she accomplished this by compromising a computer used by someone involved in the review of Experty's Proof-of-Caring.
Experty said today that it will provide compensation for users who sent money to the scammer's wallet.