In the latest example of security risks attendant to initial coin offerings (ICOs), on August 21^st the blockchain startup Enigma reported that online scammers used fake solicitations for an ICO presale to steal approximately $500,000 in ether (a virtual currency) from investors.

Enigma is a blockchain startup incubated at MIT Media Lab that is in the process of rolling out its first product, known as Catalyst. Catalyst is described as a platform providing data sets and developmental tools specifically geared for hedge funds focused on cryptocurrency markets. Enigma’s funding was to be derived, in part, from a planned a token sale on September 11, 2017, with a goal of raising $20 million worth of ether.  

The scammers gained control of Enigma’s website domain and mailing lists, which they used to send solicitations for a token “presale” with a link to the compromised website. Just days prior, Guy Zyskind, founder and CEO of Enigma, published a blog post (since deleted) focused on protecting investors during a token sale from phishers, scammers and spammers. Enigma confirmed that it has retaken control of all compromised accounts and asked individuals to be vigilant and not to send money or personal information to anyone.

The attack bears similarities to the hacking of the ICO for the startup CoinDash in July. In that attack, a hacker redirected over $7 million worth of contributions to the ICO to a fraudulent Ethereum address before the ICO was halted.