{"id":10705,"date":"2024-02-14T17:00:00","date_gmt":"2024-02-14T15:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/even-vitalik-fell-for-it-how-phishers-targeted-ethereum\/"},"modified":"2024-02-14T17:00:00","modified_gmt":"2024-02-14T15:00:00","slug":"even-vitalik-fell-for-it-how-phishers-targeted-ethereum","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/even-vitalik-fell-for-it-how-phishers-targeted-ethereum\/","title":{"rendered":"‘Even Vitalik fell for it’: how phishers targeted Ethereum"},"content":{"rendered":"

Individuum has published a Russian translation of the book \u201c<\/strong>On the Cipher<\/strong><\/a>\u201d (The Cryptopians), in which Unchained podcast host Laura Shin tells the story of Ethereum\u2019s rise. ForkLog publishes an excerpt from this documentary techno-thriller about how, during the <\/strong>ICO<\/strong> boom, ether drew the attention not just of investors but of a legion of wrongdoers.<\/strong><\/p>\n

\"lorashin\"
Laura Shin\u2019s book \u201cOn the Cipher. An Insider History of the Cryptocurrency Boom\u201d. Source: Individuum<\/a>.<\/figcaption><\/figure>\n

ICOs ignited interest in Ethereum. On 18 June<\/span>, with ether hovering at $391, the flippening<\/span> seemed within reach. Bitcoin\u2019s market share had slid to an extraordinary 37.84%, and Ethereum\u2019s had climbed to 31.17%. Ethereum was now worth $34.4bn, against bitcoin\u2019s $41.8bn.<\/p>\n

Two days later came another large ICO, this time with new ideas to make it more democratic. Jarrad Hope, from Perth, an internet marketer who had made his money on poker bots, and his long-time business partner Carl Bennetts were building Status\u2014a messaging platform and open-source Web 3.0 browser. When venture capital showed little interest, Jarrad and Carl went to the crowd. Their Slack channel had about 3,000 fans at first, but when Status.im announced its ICO that swelled to over 15,000. Mostly, scammers, phishers and \u201cwhen-mooners\u201d\u2014those who cared only about when bitcoin would \u201cgo to the moon\u201d\u2014poured in. Sharks now circled the community, waiting for someone to drop a private key carelessly.<\/p>\n

In the week before the ICO, in Singapore, where the digital nomads Jarrad and Carl were then based, Jarrad was typing a warning not to hand over keys (only phishers ask for those) when a window with the \u00af\\_(\u30c4)_\/\u00af emoji popped up on his screen. His antivirus began choking on notifications of new connections. He snapped his laptop shut, sprinted to Carl\u2019s room, hammered on the door and yelled that he\u2019d been hacked. Carl burst out in his pyjamas, and the two of them spent the entire day saving their Status accounts, their business and their personal lives.<\/p>\n

Hackers besieged them on one side; on the other came queries from regulators such as the SEC<\/span>. (The SEC declined to comment.) Jarrad and Carl studied the Howey test to run the Status Network Token (SNT) sale without violating securities law and blocked U.S. IP addresses.<\/p>\n

Jarrad felt like Indiana Jones sprinting through a cave with a boulder about to seal the exit. To keep up, he lived on Joylent\u2014Europe\u2019s version of Soylent\u2014and worked fourteen hours a day or more.<\/p>\n

One big problem they sought to fix was whales grabbing a disproportionate share of tokens. Jordi, a member of the White Hat Group and a friend of Jarrad\u2019s, proposed a dynamic ceiling\u2014a hidden limit that changed once a certain target was reached. For instance, the first cap, at 12m Swiss francs, would be public; after that, the sale period would end either in 24 hours or earlier if a hidden ceiling was hit. Lower limits would also kick in according to specific block counts. As the white paper put it, the mechanism was \u201can attempt to prevent large investors (whales) from grabbing all SNT tokens\u201d. If someone sent too much money, part would be accepted and the rest returned.<\/p>\n

When the sale opened at 4am Singapore time, Jarrad\u2019s heart sank. No funds were coming in. Then it dawned on him: people were sending sums so large the contract was rejecting transactions. Within minutes nearly 11,000 pending transfers had piled up, totalling 450,481 ETH ($161.7m). The new constraints only jammed the network further: when one transaction failed, people immediately blasted another. Much of Ethereum ground to a halt. The network was so clogged that some Ethereum domain-name auctions were interrupted. The Status ICO ran for 24 hours to give every time zone a chance. In the end they raised over $100m. (One community member remarked: \u201cStatus raised more than it could ever dream of for sticker packs and ads\u201d.) But the contract refunded more than it accepted, and without the hidden ceiling they might have taken in over $200m. Alas, Jarrad says, the plan did not stop whales, who simply bought under each cap\u2014though they later complained they had burned a fortune on fees.<\/p>\n

For Taylor<\/span>, the Status ICO was a tsunami. If 9,000 transactions per hour during the BAT sale, and 30,000 during Bancor\u2019s, had been astonishing, Status drove that figure to 100,000. Nor was it even the only ICO that week\u2014TenX, a decentralised exchange plus a crypto debit card, raised $83m the next day, and identity-verification project Civic took in $33m. A day later, on Friday, OmiseGo\u2014a financial-services platform backed by Thai payments firm Omise\u2014raised $25m in an ICO whose participants had their identities verified at Bitcoin Suisse. On the MEW<\/span> network-traffic chart, that week would look like a sudden spike.<\/p>\n

On Sunday, a post on 4chan\u2014an anonymous, anarchic, dark version of Reddit\u2014declared: \u201cVitalik Buterin\u2019s death confirmed. Insiders dumping ETH.\u201d It added: \u201cA fatal accident. Now it becomes clear. He was the main link.\u201d ETH fell 8.6%, from $315 to $288, wiping about $4bn off Ethereum\u2019s market capitalisation. Vitalik quickly dispelled the rumour, tweeting a photo of himself holding a sheet of paper on which he had written:<\/p>\n

\n

Block 3,930,000 =
0xe2f1fc56da<\/p>\n<\/blockquote>\n

It was a recent Ethereum block and its hash. He captioned the photo: \u201cNew day, new use case for the blockchain.\u201d Even so, Ethereum\u2019s market share shrank to 26.68%, while bitcoin\u2019s rose to 40.34%.<\/p>\n

The next day EOS, pitching itself as a faster (but more centralised) rival to Ethereum, launched an ICO that would run for nearly a year. A month earlier it had advertised the sale on Times Square during the Consensus conference, which drew 2,700 attendees. Ironic, given that EOS blocked American IP addresses. That week ether again traded between $200 and $330.<\/p>\n

Horrified by the frenzy, Taylor tweeted from the MEW account: \u201cOh come ooon \ud83d\ude41 Did last week teach you NOTHING?! Snap out of it (you too, BPI investors!) and look around\u201d (a dig at the EOS ICO) and \u201cSit down\u2014we have news. Great products can exist without tokens or taking all the money\u201d with a gif of the camera pushing in on a half-naked wrestler John Cena, mouth agape in shock.<\/p>\n

In June ICOs raised $472m; on 1 July one of the most high-profile, Tezos, began. Backed by Tim Draper, it was seen as a potential Ethereum rival with two advantages: formal verification\u2014mathematically proving a smart contract would behave as its creator intended, to avoid DAO-like fiascos\u2014and on-chain governance to handle questions such as a post-DAO fork. Tezos would raise a record $232m.<\/p>\n

Taylor, like Jarrad, began to spot a growing security mess. Clones of the Status site (Status.im) appeared with URLs such as statusim.info and statustoken.im that led to a phishing page advertising an airdrop\u2014a free token giveaway. It was not a real airdrop but a phish, and SNT would be \u201cgiven\u201d only after the victim entered a private key. (A private key is needed solely to send funds from an account; sharing it is akin to handing over the code to a bank vault.)<\/p>\n

Phishers also went after Taylor and Kosala<\/span>\u2019s creation, spinning up lookalike sites at myethewallet.net, myetherwillet.com, myelherwallet.com, myeltherwallet.com and so on. In the so-called Coinhoarder campaign, phishers bought Google AdWords for myetherwallet.com and typolike domains so their phishing pages ranked at the top of search results. They looked like MEW clones, so users entered passwords and hackers could plunder their wallets.<\/p>\n

Even Vitalik fell for a scam. Someone hacked Jeff<\/span>\u2019s Skype account and messaged Buterin: \u201cHi, V, we\u2019re still waiting for 925 ETH according to our checks,\u201d then sent an address. Vitalik wrote to Jeff that he had sent the money. Jeff replied that it was not his address. Vitalik had sent a quarter of a million dollars into the void.<\/p>\n

If May\u2019s ICOs had ruined Taylor\u2019s routine, scammers finished it off. Waking at 10pm, she would sit at her computer until 5\u20136am, doze until 7\u20138am, ping her support rep and ask them to watch for hacks and other security issues. She\u2019d crash, wake at noon or 1pm and, if nothing had happened yet, cram down some food and wash and dress. But if there had been a hack, she would leap out of bed and work until 6pm, only to realise she had never really started her day.<\/p>\n

On 17 July another ICO, CoinDash, began\u2014but before the sale the site was hacked and the receiving address swapped. The attacker took 43,500 ETH (nearly $8.5m at the day\u2019s high). Although the crypto community tweeted warnings, another $1m flowed to the address within an hour. That pushed Taylor over the edge. She tweeted from the MEW account:<\/p>\n

\n

1\/ Alright, damn token creators, listen up. I\u2019m out of patience. It\u2019s 10am. I haven\u2019t gone to bed yet.
\u2026<\/p>\n

4\/ You chase easy money instead of helping Ethereum become what it should become. You promise a lot and only end up losing money.<\/p>\n

5\/ Fake addresses, scam bots, phishing, exploits, and domain and phone hijacks have been happening since the very beginning, and yet somehow you are still not ready.<\/p>\n

\u2026<\/p>\n

8\/ Don\u2019t think you\u2019re blameless here, investors: you\u2019re at fault too.<\/p>\n

9\/ Throwing money at any address, clicking as if Nigerian emails had never existed, and not demanding more of your investments is part of the problem too.<\/p>\n

10\/ Get smarter already. 2,000 uniques in 2 hours fell for the same scheme that\u2019s worked for years. Time to grow up.<\/p>\n<\/blockquote>\n

When she woke the next morning, she heard the excited voices of Kevin<\/span> and the operations manager. She came downstairs. Kevin said: \u201cThe Foundation\u2019s multisig has been hacked\u201d (meaning the EF). Still groggy, Taylor replied: \u201cNo way,\u201d and headed back to the bedroom. If it had been hacked, her phone would be blowing up. Then she saw her phone was dead.<\/p>\n

Published from the edition: Laura Shin. <\/em>On the Cipher. An Insider History of the Cryptocurrency Boom<\/em><\/a>. Moscow: Individuum, 2024. Translated from English by Sergey Karpov.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Individuum has published a Russian translation of the book \u201cOn the Cipher\u201d (The Cryptopians), in which Unchained podcast host Laura Shin tells the story of Ethereum\u2019s rise. ForkLog publishes an excerpt from this documentary techno-thriller about how, during the ICO boom, ether drew the attention not just of investors but of a legion of wrongdoers. […]<\/p>\n","protected":false},"author":1,"featured_media":10704,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[1144],"tags":[44,46,319],"class_list":["post-10705","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-longreads","tag-cybercrime","tag-ethereum","tag-ico"],"aioseo_notices":[],"amp_enabled":true,"views":"46","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/10705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=10705"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/10705\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/10704"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=10705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=10705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=10705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}