Hacker News new | past | comments | ask | show | jobs | submit login
Hackers nab $500k as Enigma is compromised weeks before its ICO (techcrunch.com)
307 points by etherti on Aug 22, 2017 | hide | past | web | favorite | 240 comments

How to make money in ethereum, from high to low risk:

1. Dump the leftovers of your bi-weekly software engineering paycheck into buying ETH, BTC, or whichever altcoin is popular this week. It went up 5000% in the past, it's got to keep growing right?

2. Participate in an ICO and stock up on whatever platform token they're hawking. It's more profitable if you get in early due to some presale mechanism (hopefully here you aren't sending your hard-earned digital currency to a hacker's wallet). Sell these tokens about 4-5 days after the sale closes, before the hype dies down and the bagholders realize they're holding sand.

3. Even more profitable is kicking off your own ICO. Go through the checklist - fancy HTML5 theme that you can buy off of Themeforest and edit the HTML a bit for the landing page, create a Slack channel/Twitter account/subreddit, write a "whitepaper" that is easy enough for the shmucks you're targeting to understand, yet replete with enough pseudo-academic crypto jargon and irrelevant/unnecessary mathematical symbols to get the shmucks nodding their heads and pretending to understand how this particular algorithm/equation based on the "turing-complete ethereum blockchain" will "change the world" or "bank the unbanked" or, more importantly to them, appreciate 500x in value. Don't forget listing the members of your team and advisors, ideally with as much credential signalling as you can - "MIT," "Stanford," "Comp Sci Phd," "McKinsey," all work here, fake it till you make it and make sure you list Vitalik Buterin on your list of advisors just for that extra bit of technical legitimacy. Use centuries-old sales tactics to pitch your ICO - butter up your target audience's sense of superiority by emphasizing exclusivity - they're the only clever ones, they're the genius computer nerds who understand the 1000x potential of your algorithm, they're the ones that are breaking free of the shackles of regulated securities. Create a sense of urgency with a ticking timer on your landing page, a 24-hour window to buy your monopoly money, a subtle/not-so-subtle hint that the earlier you get in, the more you'll make.

4. You could always just put on your black hat and rob these extremely soft targets blind. The simpler the method, it seems, the better. Plus, there's absolutely no risk of ever being held accountable - that's the beauty of anonymous cryptocurrency!

turning your comment into a 10-week pdf course as we speak, just gonna pick a theme over ath theme forest brb

Why do the work _before_ getting paid? Take out an ICO and let them "preorder" your course!

While you say this in jest, it is actually a good idea. The pre-sale part. Get a sense of a market need before you dive in.

Caveat being you've done the work to be able to add authentic value to the people you're selling too. (which is where most ico's break down)

The value is that the course itself is hosted on the blockchain. It's distributed and decentralized. /s

Could I invest in your course academy via some sort of ICO?

Coursecoin is going to change the academic world altogether. The combination of a distributed ledger algorithm with online academia opens up a world of education to people who otherwise could not afford it. Student loans are out of control, but with course coin, the students earn their tuition by mining coins. All the overhead of an academic institution is distributed over a wide array of systems that are responsible for keeping track of enrollment, grades, and personal progress on the blockchain. Teachers get paid better because they get paid in coursecoins as they are mined. They have an actual incentive for their students to remain interested and to succeed.

The ICO will be raising money to bring on new material and for marketing of the courses. We expect 100,000 students in the first quarter, at which point the coin value on the open market is expected to skyrocket beyond all other blockchain coins.

Send your donation or investment money to coursecoin@gmail.com (seriously, please don't.). We will handle the rest.

If you'd like to see our white paper, check it out. https://futureoflife.org/data/documents/research_survey.pdf

Coursecoin regrets to inform its prospective student-investor-miners that there was a compromise to the secure ICO system before launch. There will be no courses or refunds. Thank you for your interest and investment in Coursecoin.

> there was a compromise to the secure ICO system before launch.

I assume that's a typo, and you mean before lunch on the day it was announced. :)

I had to do a double take to make sure this was a joke, because it's pretty much exactly the type of thing I'd expect people to be trampling each other to give their money to on cryptocurrency forums.

> Send your donation or investment money to coursecoin@gmail.com (seriously, please don't.)

On many of those same forums, I expect people would be sending money anyway, and justifying it by saying that "they have to say the seriously please don't part to avoid the SEC, but they don't mean it".

Need an advisor?

Right? I do have a Ph.D. from MIT, even.

I'd advise them to incorporate their PDF, and perhaps lesson taker's info, into a blockchain.

It's the first blockchain based Ph.D. program. Your degree is immutable and distributed.

Well, that's plenty for an ICO. Let's run with it. I know some PHP and can install WordPress!

downloading adobe acrobat as we speak. is there like a blockchain addon that launches my ico? kthxbye

That's great, you'll be running a hedge fund and talking about cryptocurrency in no time

I think it can all be automated:

1) Have the bot build the currency here: http://build-a-co.in

2) Generate HTML5 pages

3) Submit to twitter (focus on new york area) / make tshirts

Now you just need to do an ICO for a "CoinCoin" that automates ICOs.

Recursico. It's ICOs all the way down.

Love it. Somebody please trademark that, and: Metaico, an ICO price pegged to other ICOs. Slogan: "We eliminate volatility while preserving anonymity."

holy cow! that's so out of this world, you can now generate a whole new coin.

Welcome to 2013.

>make tshirts

Oh snap I just had the craziest business idea. Get this. I make tshirts... then I sell them. I'm gonna go tell the folks at /r/entrepreneur!

The best part is you can mix 3 and 4 together! Rob yourself! All the money, no effort and no accountability!

This sounds like The Producers meets Sneakers.

TBH I would watch that movie / tv show.

5. Set up an exchange, wait a few weeks, abscond with bitcoin/ether/whatever you've got.

I wonder if this is what the curmudgeons from the 70's and 80's sounded like during the web 1.0 boom of the mid-to-late 90's

I find the economic promise of the nascent Internet objectively more plausible than the promises of ~1000 altcoins.

And just like I said, I'm sure all the neckbeards from the 70's and 80's felt the same way about the Internet and shit like Geocities and pets.com.

But hey, I'm sure it's "different" this time, right? You're right and everyone in the crypto space is wrong.

> And just like I said, I'm sure all the neckbeards from the 70's and 80's felt the same way about the Internet and shit like Geocities and pets.com.

But they weren't wrong. Geocities and Pets.com died without making very much money.

The giants of the Internet were Search Engines, Online Shopping, Video Sharing, and Social Networks. The giants of "Blockchain" probably either in awful, primodial form (ie: Pets.com was online shopping, but a terrible experience. Geocities was also a social network... albeit a bad one by today's standards).

So today's coins probably will fail to some new coin made 3 or 4 years from now which really figures out the "killer app" of Blockchain.


I think its fair to say that "Blockchain" as a technology will exist in the future. Back in the 90s, one could reasonably expect that "Jerry and David's Guide to the World Wide Web" was going to be the primary methodology of looking for new websites... before the Search Engine was perfected.

So many people lost their life savings chasing after fad technologies of the 90s, Webvan being one of the most notable. Billions of dollars invested and lost into just... awful ideas that no one understood.

Frankly, the neckbeards of the 80s were right. The vast majority of 90s webpages were utter crap without a business model.

Like so often, technologies are overrated in the short term and underrated in the long term. Blockchain seems like something revolutionary but, like the internet, it feels like it's probably going to take a decade to discover where the real, solid, lasting value will exist.

For example, how many would have predicted the rise of small, fairly low-tech, text search ads as the multi-billion dollar revenue linchpin for all global search.

Similarly, whatever the core long-term value of crypto-currencies will be, it probably hasn't been truly understood yet.

Most of these ICOs are similar to the period before the dotcom crash when simply adding .com to the name of a failing business was enough to lift it's stock value. Anyone else remember that or can give an example?

Whatever rises from the rubble of this cryptocurrency bubble bursting is what will no doubt be most interesting and what will no doubt end up being truly world changing.

Looking forward to the middle/end-game.

Yes but they gave rise to the Internet economy we exist in now. Of course there's going to be chaff that needs to be separated from the wheat. That doesn't mean that it's all going to fail.

It's funny that we can take totally opposite lessons from "I'm sure it's different this time".

Given the fact that we're discussing this in the comments of a popular link aggregator for a VC firm/startup accelerator, I'd wager if Internet 1.0 hadn't happened we wouldn't be here.

Here you go, from 1995: http://www.newsweek.com/clifford-stoll-why-web-wont-be-nirva... Note that most of his predictions did come true for a while and then were later falsified; many dotcoms learned that "being early is the same as wrong" the hard way.

Interesting. I wanna try a 2017 scorecard:

1. Usenet is garbage: CORRECT although it was better in the early days. This seems to be a general trend with all comment/message board systems, they rapidly lose value when they breach a certain size, although some including our dear HN have survived for quite some time.

2. Downloading books won't happen: WRONG. Paper isn't going anywhere but ebooks are an unqualified success at this point, largely because (unlike at the time) we can carry our computers anywhere now.

3. The Internet is a wasteland of unfiltered data: CORRECT for now. Interestingly, there was a golden age of Google and Wikipedia that would have made this statement look false but now we've regressed back to fake news, social feeds, and personalized search results.

4. The internet will not be useful for governing: CORRECT for the most part.

5. Computers won't help schools: CORRECT for the most part.

6. "Cyberbusiness" will fail because the world needs salespeople: LOLZ.

I'm not going to try to break down the final paragraph. I think some of these will still improve in the longer run but 22 years later, I'm still giving him 4 out of 6 here.

While I wouldn't argue that #4 is wrong, I do think that as one gets more into self-driven learning the internet has become a major boon. Recorded lectures on 2.5-3x playback, lectures at my own (accelerated) pace, a wealth of information...

Granted, this doesn't readily translate to the classroom nor does it fit everyone's learning style.

Funny but ironic, b/c your list is actually in reverse order, from low to high risk, not high to low. The lowest risk thing to do is actually just buy BTC & ETH and let the associated frenzy of ICOs and cryptoassets drive them higher while remaining relatively liquid and legal. #2 - #4 are sequentially higher risk from potentially illiquid (tokens) to grey area (ICO) to illegal, and the SEC has shown they have patience, reach, and savvy.

Regarding #3, user uetokenceo did that with uetoken.com and put far less effort into it than what you described, to at least some decent effect.

Don't forget to use a Kickstarter campaign to pay for all the themes, text editing, soda drinking and online browsing costs 10.000x

But this is a good thing.

For who? Is it a good thing for everyone? Why, why not?

This might as well be a scam created by the CEO himself. I mean, who in this 'crypto world' would be stupid enough to use the same, previously compromised, password on all his accounts?

P.S. there was a story on reddit (can't find it now unfortunately) about how the attackers tried to deposit the money to Bittrex but luckily someone alerted them and the exchange froze the account. So there is still some hope that funds will be returned.

> who in this 'crypto world' would be stupid enough

Never attribute to malice what can be explained by stupidity, and never underestimate just how stupid a person can be.

Honestly, I tried really hard to attribute this to stupidity. But this level of stupidity and negligence is really beyond my understanding.

Then you haven't spent nearly enough time reading the posts in cryptocurrency forums.

It wouldn't take more than a couple hours of skimming to completely recalibrate your expectations.

Hanlon's Law

First part is Hanlon's Razor, second part is Einstein:

> "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."

Why would he do that when he'd make more on the actual token sale?

Well he just walked away with $500k and got more press than he could have ever paid for.

I've never heard of Enigma before today, hell I still don't have a clue what they are going to actually do besides an ICO, but I know they have just implemented best practices security and it's a safe bet to make money. I think PG calls this a submarine.

> got more press than he could have ever paid for

This is very clever. When the theft loss is dismal compared to the money raised, it only gets more press and more people buying the coin!

The profit from the token sale goes into a foundation setup to oversee the project, not the founding team's pocket.

> The profit from the token sale goes into a foundation setup to oversee the project ... [truncated]

... that is controlled by the founders and could presumably be used for whatever they'd like. The usual approach is to create two companies. One a shell to own the ICO itself, and the second a tech services company that does development for the shell corp.

So it ends up something like:

"We definitely need the expertise of ICO founder Mr. X. Let's hire his consulting company to update the CSS on our web page at $1,000/hour..."

This is the main reason the traditional VC model works so well. You can't get rich unless the VC's make money.

You're kidding right? Founders/employees take "money off the table", even if the companies haven't generated a cent in profit.

Employees and founders typically can't sell shares (Except to the VCs, at a price the VCs set) until the company goes public, or is wildly successful.

They do get paid salaries, but undergo audits... To make sure that the 10 million dollar round didn't go straight to the CTO's Bahaman yaht fund. These audits are typically not done by the founders.

With an ICO, all bets are off. There's no reporting requirements, the founders hire their own bookkeepers, and the equity holders have no rights with respect to the governance of the firm.

You seem to be positing an absolute: that an ICO can't behave transparently by nature. Which isn't true. ICO and transparency aren't mutually exclusive.

No, but there's a huge difference in the amount of oversight token holders have on an ICO, and the amount of oversight that VCs have on a startup.

It's certainly possible to structure an ICO in such a way that token holders will get board seats, proper auditing, etc, but I've yet to see one that is.

getting 500k from a stupid hack or 30mio without...ur theory doesnt make any sense.

It might be that there's a paralysis amongst many people in choosing a password safe and then starting to use strong, unique passwords with each account. What do you recommend to your parents and family, for example? I use 1Password, but do people with more basic requirements than team/client password storage feel that they can justify a paid service?

Another ICO, another scam. I am not sure I feel bad for people who are gullible enough to send their hard earned money to these "companies". They have one PDF whitepaper and a generic Wordpress template website with some buzzwords, based in Cayman islands or some other tax haven for money laundering. And expecting to get rich from that.

I am unconvinced that hard earned money is 'invested' in those companies. The target demographic is not hard working class.

The target demographic is gullible, greedy software engineers who have a lot of disposable income but lack experience in conducting due diligence on speculative investments. Basically, Hacker News readers. Why do you think there are so many ICO related posts on this site? It's not accidental.

I'm glad to hear skepticism--I always considered these e-coins to be the perfect scam to attract Millenial technocrats and then fleece them.

I don't have any evidence but I suspect it's technical people who got into Bitcoin early. Have a few million but no partner / no kids so maybe think they are "rich" and "set for life" so don't mind a gamble. Maybe the adrenelin of making all that easy cash is what they want to repeat. This would make sense because to hold Bitcoin for that long and not sell is kind of irrational gambling, even though the results have been good.

You would be surprised. People know nothing about Bitcoin but have a friend, uncle or acquaintance who has dropped a few thousands in BTC and raves about the price going from 580 usd to 4000 usd in just a year. People lose their minds and they won't even have shitty tulips to show for it.

See, that's the thing with the old tulip story. At the heart of the bubble there were a number of people who just wanted a damn tulip.

and those people got tulips, at normal low prices.

futures traders didn't want a tulip, nobody accepted delivery of a tulip.

no tulips in the spot market were being traded anywhere near the futures month prices.

with that in mind, doesn't this make it one of the worst poster childs of irrational exuberance to cite?

You're relying on one person's summary of the tulip bubble 'facts'.

Other sources give great detail of the tulip purchasing craze. For example, read the tulip chapter in 'Extraordinary Popular Delusions and The Madness of Crowds', by Charles Mackay. It cites many sources that detail the crazy high prices people did actually pay for tulips.

Thanks, I've looked into it over the years but I'm always interested in different perspectives.

Between the contract categorization changes, actual shortages, and the bubonic plague, I think there are a lot of things that are unclear. Without the plague abruptly killing all the speculators would we have called it a bubble, or just an uptrend?

CNBC has been talking about Bitcoin, Ethereum, Ethereum Lite and a slew of recent ICOs in the last month or so. Whether those viewers count as "hard working class" is up for debate

We're still in the "attract as many rubes as possible phase" which is always followed by the "slam the trap shut phase"

and Fortune is starting a dedicated column to crypto related news called Ledger http://fortune.com/2017/08/22/ledger-blockchain-fintech/

People are afraid of missing the next Bitcoin boom and think throwing money at every ICO will turn them into overnight millionaires.

It's unfortunate that the greed and FOMO are dragging the technology through the dirt. If you plan on investing in any ICO please do your due diligence and avoid the hype trains.

I also know a bunch of guys who sit around, smoke cigars and take side bets on the ICO Gambles they are taking. It's just straight gambling to some people.

As far as gambling goes it's probably one of the more fun ways to spend the money - instead of camping out at a blackjack table some would rather watch the 24 price changes.

Which is fine if you have the money to spend (waste). But people are getting sold on it like a penny-stock scheme straight out of Wolf of Wall Street.

Yeah, that's the sad part. I have friends from my rural home town that are trying to get me to buy with them and then they link me articles by cheerleaders that are heavily invested in some company or another. Guys that tell me they've diverted their 401k to bitcoin because it's the new internet. When I remind them that everyone got smoked in the new internet the remind me that it's not the new internet and link me to another opinion piece from another cheerleader.

I'm almost a FOMO MOFO but keep talking myself out of buying coin because I'd rather learn more classic ways of making a lot of money even if it involves the dirty 4 letter word.

The money might not have been that hard earned in the first place.

Last year, the price of one Ether was ca. $10. Now it's 30x as much. That's quite a multiplier.

If you bought some ETH last year, just by the price increase, you have lots of spare cash to throw at stuff that promises to make you even richer.

People throwing hard-earned money at it in the first place is stupid enough. It's speculation, plain and simple. You need to be prepared to lose your investment completely.

Have any of these not been scams?

This one (supposedly) wasn't a scam. They had a real offering coming, but someone wiped out $500k with some basic phishing after stealing an email account. Enigma (the platform) wasn't compromised; Enigma (the company) was.

And mostly, they indeed get rich.

I know several people from crypto community and people who got rich are in a minority. Most people lost their money and are acting as gamblers now, throwing more money into new tokens to double down (which is one factor feeding the current ICO frenzy).

But I agree that there is a small group of people making big bucks from this (people behind ICOs plus a tight group of early bitcoin adopters).

I meant exactly people behind ICOs. Obviously others are just gamblers and most of them lose.

How can they mostly get rich? For every buyer, there's a seller. A rich cryptocoin speculator gained their wealth from poor cryptocoin speculators. Where else did the money come from?

Exactly. For all the winners there are losers. For every one of these crypto millionaires there are dozens of people who lost a lot of money, some of them substantial amounts of their savings, many several paychecks they decided to gamble with.

I meant only those who launch ICOs.

and just look at the list of ongoing ICOs https://www.coingecko.com/ico Not to mentioned those that have secured investments...

This is so crazy. I am increasingly hearing random non tech people talking about buying bitcoins or other tokens and imagining how they will get rich in a year when price keeps multiplying. I wonder how long can this mass frenzy go on.

How to make quick money in 2017: - Create a startup in the blockchain world - Make an ICO to raise money - Get "hacked" - ... - Profit!

i think with crypto you could even safely drop the "Get hacked" and "..." steps.

In 2020 you'll be able to drop the first part too.

From what I can tell, the ICO wasn't hacked as such. The ICO customers were just scammed.

Edit: title is better now

The attackers gained control of the official website, slack channel, Twitter handle and mailing list. That's even worse than what happened to coindash.

It's just scam if attackers are insiders.

who says they aren't? Seems like a pretty simple trick.

same password and it's such an easy feat for an insider.

Especially when the aim is to get press attention.

It's cleverly machiavellian. It accomplishes so much for the ICO founders with little to no recourse.

They were pretty much hacked in every sense of the word. Lost control of website, twitter, etc.

Enigma is building a decentralized, open, secure data marketplace that will change how data is shared, aggregated and monetized to maximize collaboration. Catalyst is our first product and the first application running on our Enigma protocol. Powered by our financial data marketplace, Catalyst empowers users to share and curate data and build profitable, data-driven investment strategies.

So much said that explains so little.

HackerNews gets an unrepresentative picture of the token market. The only stories that get to the frontpage are the ones concerning hacks. But that's not the whole picture. There are a huge number of token sales happening, and the vast majority are not being hacked. This is certainly newsworthy but it needs to be put into the context of how many token sales occur.

OK, but there are a lot of these. I get that it's not all of them, but the ratio has got to be terrible.

I'm not sure I buy the premise that every service needs its own coin. Surely in most cases it would be better to just use the most widely used, most stable coin?

If the concept of cryptocurrency is going to survive I think there needs to be one or two clear winners to eventually bring some stability to their value.

Of course, not issuing your own coin doesn't leave as much opportunity to get rich quick off a bit of hype.

> I'm not sure I buy the premise that every service needs its own coin. Surely in most cases it would be better to just use the most widely used, most stable coin?

The team cannot finance itself without selling a new token

These projects don't use equity and there is nothing that will make the equity more valuable as there.

There are lots of things that will make their token be more valuable as it is a new commodity.

One thing I don't understand about ICOs is - what do the companies promise their coins to be worth? That is, if I have a Coin from your brand new endeavour - what can I, hypothetically, exchange it for? Do I get a vote in how your company is run? Can I give it back to you in exchange for a product or service later down the line? Or is it just a geegaw for me to put on a shelf, like a printout of a Patreon receipt?

Generally, it'd the second. The coin is supposed to be a preorder, and it's value is thus the value of the service later.

they are for a product or service, the limited issuances of the token gives them a speculative market based on future demand and future supply.

the team and organization gets funded, the buyers are liquid, nobody makes ridiculous decisions counter to their dreams hoping for "an exit", because everyone already has one.

we don't have consumer or investor protections here yet so sure it is ripe for abuse, so far people are content with that, and we also haven't needed it

> the team and organization gets funded, the buyers are liquid, nobody makes ridiculous decisions counter to their dreams hoping for "an exit", because everyone already has one.

Can you expand on this? What do you mean by "everyone already has one" in this scenario?

Okay, in startups, corporations are formed and the equity (shares) in the corporation are doled out as currency. Completely useless currency given to helpers under the idea that they'll get rich one day in very improbable scenarios.

There is no legal way to sell the shares (hyperbole, but very many hurdles). And exchanging additional shares for cash investments only serves to make your non-sellable stake in the company smaller while increasing your tax burdens in many scenarios. These new investors are typically VCs and they push for changes in the company completely unrelated to the founders vision, and good exits never come, because of the many ways VCs can get their much of their money back before founders or even employees get anything.

In token sales, there may be a corporation for liability purposes but the equity in that corporation is not being sold at all. A product from the corporation is sold, a product with the unique characteristics of having easily formable secondary markets.

Tokens are initially created and sold in exchange for US dollars, or Ethereum or another liquid token. This is used to grow the company, just like any presale on kickstarter is used to grow a company. Yet, the equities regulator is sticking their nose in it (for good reason), but a more applicable regulator could be formed to help grow the market and still obtain the consumer/investor protections they desire. I digress:

Everyone that buys can immediately sell to other people, if the demand is there.

Everyone that earned tokens by helping the corporation, including the founders, or large purchasers who also wanted to see the project develop, can also sell to other people. Immediately.

If there is demand, then existing holders that helped fund the company (buy buying early), can sell to other people at a higher price.

This is only "controversial" and "confusing" because it is more advantageous than the promises people sell to 20 year olds spending decades of their life for useless sweat equity, and it undermines the existing VC industry. It is potentially as revolutionary as "the share company" was in the year 1600.

Isn't this a bit of a Chesterton's Fence situation? There must be reasons other than "VCs are greedy!" for employees not being able to sell off their stocks immediately.

The most obvious way to abuse this would be to join or create a startup, go through the ICO process, then sell off your shares, and, well, exit. Leave the company. You're rich, now - why keep working to build the product you (or your boss) promised to deliver?

> There must be reasons other than "VCs are greedy!" for employees not being able to sell off their stocks immediately.

Well thats not what I said, so I don't know where you got that from. Strawman much?

I said there are legal problems for selling stocks... of the privately held company variety if that wasn't clear. Those legal problems aren't stipulated by the VCs, well, at least one of them is, but it applies to them as well. The others are from the federal government. I'm not going to bother writing a dissertation on that.

VCs have many ways of getting their money back, and many of those ways are at the expense of employees even if they bought their options.

> The most obvious way to abuse this would be to join or create a startup, go through the ICO process, then sell off your shares, and, well, exit

What? Just to clarify, are you conflating ICO tokens with equity shares? Or saying something like "your share of the ICO"?

> You're rich, now - why keep working to build the product you (or your boss) promised to deliver?

This is where the consumer and investor protection concerns come from right now from various regulator perspectives. ICOs are much like Kickstarter, the answer is you don't have to deliver. Reality is also much like Kickstarter, people have a dream and want to deliver. People do deliver. People that have never touched millions of dollars in their life, go out and play business person until the money runs out.

Many technical dreams that wouldn't fit into a VCs portfolio are able to get funded now. Thats really all it comes down to.

People put their reputation on the line. That doesn't mean much to all people, and they have bad reputations now.

There are several advantages in the ways to mitigate these risks. First, these communities come with a big open source culture. If the team starts messing up, there are still ways to contribute or even carry on the project, a lot of the times. Most of the projects have a big decentralized component to them, which does enable others to carry the baton.

Secondly, the token obtained in the ICO has an exchange rate. You, the buyer, are able to exit your position while a market still exists. Most coins, even "dead" ones, have a market, or CAN have a market. Even if they have their own blockchain, they can be revived with the participation of just a few computers, and exchanges will list them.

> the buyers are liquid,

Are they? It's hard to imagine there being enough buyers to match sellers if/when a coin hits a high peak, let alone if there is a collapse of confidence in the coin or product or its promoters

There are ways to manage liquidity, even when your position is much greater than the posted or even average liquidity on the market.

I've held positions in tokens upwards of 10% of the entire issuance and have been able to move in and out within a few minutes, I usually aim for ~5% of the last spot price.

This is true of any market, just assume there is at least 1 rational actor in the market, what are they seeing that makes them so excited? Warren Buffet - before pivoting to the conservative investment baby boomer guru - bought illiquid discarded companies usually up to 51% of the equity and sold them on the public stock markets at mass profits. In 2017, the international crypto markets are way more liquid than the US equity markets were in the 1970s.

In the case of ethereum backed coins, every service does not really have its own coin, but rather a derivative of ethereum. As long as the coin is tradeable for general ETH tokens, it must fundamentally be pegged to the price of ethereum, even if it's traded separately on exchanges.

There are obvious downsides to that, but it's a tradeoff for ease of development. You can create your own "coin" -- really just a (set of) smart contract(s) -- with simple tooling provided by the ethereum ecosystem. This is the real genius of ethereum; there is no "one use case" for it, but rather many, limited only by imagination. As more contracts are added to the ethereum ecosystem, ICOs funnel money into ETH, and ETH as a whole benefits from the ever increasing number of derivative services.

The technical details don't matter, all that's important is that coin X can't be spent on product Y without going through an exchange and paying conversion costs. It's plainly inconvenient and dumb. There's a reason why all real-world shops accept the local currency and not their own made up one.

Sorry for the uneducated question here, but I've wondered how those who steal crypto-currency "launder?" their ill-gotten coin. More specifically, how do they not get caught since the blockchain records everything? Take it out really quickly? Move little bits around to obscure ownership in some kind of shell game? Am I just totally off-base with my understanding?

You're not far off, I think it's usually done through a mixer: https://en.wikipedia.org/wiki/Bitcoin_mixer

That works, but you can also just deposit to an exchange/service, withdraw on another chain (i.e. btc -> eth) and repeat this a few times. Unless there's a large target on your back, even doing this once will effectively destroy any paper trail - especially if it's an offshore exchange that uses subpoenas for toilet paper (most of them?).

not necessary to launder if you steal something like zcash or monero.

It's amazing that this has happened multiple times before and yet people have not learned to be more careful. Greed and FOMO.

The attack vectors are getting more sophisticated, but it is also a different standard applied to cryptocurrencies:

Fraud in legacy payment networks is hundreds of millions per year, with an occasional outlier of 80 billion, the only difference is that it isn't international news every single time. $500,000 thefts are happening every single day in fiat currencies, in person, banks, over electronic networks like ACH/checks, Wire, SWIFT, IBAN etc.

Square Inc's annual report cites a couple huge thefts they have had to deal with which have and could materially affect their business of creating merchant tools. They lost like $5 million in one swipe and its just buried in a boring annual report. $500k in one crypto OPSEC issue and you question the entire concept? Cmon thats mentally disingenuous

You'll just have to keep that in mind if you want to have any kind of objective view of this reality containing cryptocurrencies

As a Russian proverb goes, "a thief stolen a thief's hat"

That's an interesting concept but I can't find anything about it.

I found this : http://kv-journal.su/content/vor-u-vora-ukral

"the thief stole from the thief"

I can't find anything hat related, though I wish I could

Te most used variant is : Вор у вора дубинку украл http://slovarick.ru/211/

However later is more popular what the grandparent wrote: Вор у вора шапку украл

The hat version is probably a result of synthesis with another saying: "the thief's hat is burning" (на воре шапка горит).

It just sped up the inevitable losses from another scammy ICO. In this case, the hackers made the process more efficient.

Yes, but its not how much money you lose that matters, it is how much fun you have while losing the money that matters. These hackers robbed the customers of a valuable roller coaster life experience.


Las Vegas Gaming Commission Marketing Manager

Ah, the good old 'the hacker did it' story. Never fails. I suspect a pretty large fraction of the 'hacker did it' cases are inside jobs.

This is getting a lot of traction because anything related to crypto evokes really strong responses here, but this was a phishing attack. The fact it happened in the crypto space is largely secondary.

People get phished and get tricked into handing out bank account and credit card details all the time. It's not even newsworthy unless it happens on a large scale. This is only newsworthy because of the fact that it's crypto so people equate this with some sort of deficiency with the technology and/or ecosystem. That's not the case.

Excuse me, but Bitcoin is ENCRYPTED and SECRET

it was encrypted and it was secret. They tricked people into giving them money. The currency is the only variable here.

I do understand you're being sarcastic, though.

Cryptocurrency is probably doomed because the makers of cryptocurrencies have a fundamental conceptual disconnect with money: what it is, why it works and what it represents. Money only works when you have a powerful state actor enforcing the legality of the transaction. When you try to escape that, you get at best a parallel system that still goes back to the state for help in keeping functioning or a system prone to failure, fraud and speculation. To whit yet another one of these incidents.

Perhaps. Another way of looking at it is that they have an intuitive and successful connection with the mechanics of gambling.

Cryptocurrencies and ICO's as they stand today conceptually have a lot more in common with the old urban numbers rackets[0] than they do with the concept of currency.

[0] https://en.wikipedia.org/wiki/Numbers_game

I had an uncle who used to "carry money" for numbers rackets in NY which I think means he was involved in racketeering. I don't claim to understand how it worked, but I know the winning numbers were related to the winners of certain horse races. The state lottery pretty much put an end to it.

I'm a cryptocurrency skeptic, but money works if people accept it as a medium of exchange. People are willing to trade goods and services for bitcoin, so it's money.

Now, without a nation-state backing it, it's going to potentially have problems with stability, regulation, etc, but that doesn't mean it's not acting as money now.

> Money only works when you have a powerful state actor enforcing the legality of the transaction.

Fiat currencies work this way. Gold and cryptocurrencies do not, but they still work all the same, though gold is not very convenient in the modern world.

> failure, fraud and speculation.

These ICO hacks are separate from the fact that cryptocurrencies do work and are working right now. Preventing fraud is not a feature of any currency. Speculation is something that happens with any investment, I'm not sure why you think that there is or should be efforts to prevent it.

I never said anything should be prevented. But you just illustrated my point exactly. Gold (and cryptocurrencies) cannot support a market economy because of the problem of hoarding a limited resource and the lack of representation of debt. Even the ancients knew this: they would require taxes be paid in the _coin of the realm,_ not just gold. Requiring this made it possible for monarchs to facilitate a market economy. They paid their soldiers in the coin. The peasants traded with the soldiers in order to pay their taxes. Markets emerged from this.

> Gold (and cryptocurrencies) cannot support a market economy because of the problem of hoarding a limited resource and the lack of representation of debt.

That's a bold claim to throw out there with nothing to back it up. Gold has been used as a currency for thousands of years. Crypto-currencies are out there working whether you like it or not. To say that they can't work is pretty silly when they are literally working right now.

> they would require taxes be paid in the _coin of the realm

First, you should source this since it sounds like you are talking about a specific country at a specific time in history.

Those were usually made of gold and silver. Why do you think coins have cleated edges? It's so people can shave them off without someone knowing.

Also countries used gold to transact between each other, no matter what they tried to press on their citizens. The longest any fiat currency has lasted is around 300 years, most don't last 50. Our current world wide currency system is only about 40 years old. The transition came after Charles DeGualle started to reclaim France's gold after the Vietnam war because he feared the US didn't have enough gold to redeem their dollars. Nixon was forced to take the US off the gold standard completely and our current system was born.

> Gold has been used as a currency for thousands of years.

But not supporting a robust market economy until it (and other metals) were reduced primarily to accounting units for many transactions, so the real “currency” was, in substantial parts, debt instruments, not actual gold. I mean, this is true even in emergent pre-capitalist market economies, which were fueled by (and fueled, in a positive feedback loop) the development of banking.

There is a huge difference between a commodity currency like gold and a commodity-backed currency like gold-denominated debt instruments.

Cowry[0] is an even better example than gold. It predates gold coinage, and was used between 3000BC[1] all the way to the 19th century[2] as a cross-culture currency throughout the world. Its scientific name is even Monetaria moneta.

[0] http://www.conchsoc.org/interests/shell-money.php

[1] https://en.wikipedia.org/wiki/Money#History

[2] https://en.wikipedia.org/wiki/Monetaria_moneta#As_money

That's one person's opinion and prediction of the future, the same as yours. It is not proof or even evidence of anything. Cryptocurrencies literally work right now.

People that keep saying a currency that doesn't have a central authority leeching off of it by printing more and using it however they want perplex me. If all else was equal, would you choose to put your money in a currency that continues to be worth less and less or a currency where that is designed to not be devalued?

You can say it won't work all you want, but when people have a choice of what currency to use, they aren't going to choose one that is meant to inflate. The only reason people use inflationary currencies is because they don't have a choice.

Oh this is only one citation, my friend. There are many other economists that have studied this phenomenon, even if they haven't applied it to cryptocurrencies.

You can find people who will say anything about the future, it doesn't make them right or their thoughts well reasoned. Paul Krugman said the internet was worthless and more recently that Bitcoin is worthless.

You need to connect the dots and explain yourself, which you don't seem to be doing.

The "Coin of the Realm" source: Page 49 of Debt, The First 5000 Years by David Graeber.


I'm not really in a position to read a 540 page pdf right now, maybe you should pick a line you like.

I did.

I think you are making an assumption that seems common sense but might not actually hold: that cryptocurrency will fail if it is prone to fraud, speculation, theft, etc.

I think it's interesting that cryptocurrency has achieved its current level of success despite those things being widely known and publicized. Users accept the risk to gain the benefits of the platform.

It appears one of the benefits of the platform is the ability to easily commit fraud, speculations, theft, etc.

Yep :P that's definitely a benefit for a class of users, but it's not the benefit that all users are interested in, and all the other benefits are linked to those vulnerabilities. (in the current implementations anyway).

maybe, but this particular incident was more along the lines of phishing and little to do with the cryptocurrency itself

bitcoin is probably doomed in US because it is taxed as asset and isn't considered a "money" by the IRS. Hence to actually legally use it as a money is a huge pain tax-wise (imagine having to calculate holding periods and capital gains each time you buy a coffee) But US isn't entire world.

People keep saying this, but it just isn't true. All you have to do is match transactions with price. It can be done automatically.

A lot of things "can be done". And what is not true? Bitcoin IS considered an asset by the IRS

> Bitcoin IS considered an asset by the IRS

Yes, that is true and nobody was arguing that with you. Thats not controversial or interesting to anybody but you.

It simply makes other considerations necessary to use it practically. And software already exists to alleviate how it is used, when used as payment network rails.

In your attempt to imagine next week's death knell for bitcoin, in the US, you missed all the tax advantages the IRS has created for bitcoin by classifying it as property, such as the ability to like-kind exchange forever and never have a tax event (unless you buy something).

> bitcoin is probably doomed in US because

a bold prediction, not backed up by what you are saying because:

> to actually legally use it as a money is a huge pain tax-wise

Is not true.

I must confirm, this is sarcasm?

Well Bitcoin has been doomed since 2011, so I guess if you just keep saying that, it will eventually be true. Until then, it looks like it'll be around for a while.

User machine, not blockchain, security will continue to be the biggest risk in all these systems.

With gold for example, stealing the physical assets takes effort, resources, time, equipment, etc.

With digital assets, that is not the case... and our current level of system security is not adequate in the slightest. It is a challenge we are still largely ignoring today, but crypto currencies will require it be fixed, or better-risk-managed at any rate.

(not advocating gold over digital, but people continue to hand wave the actual risks)

As with most things security, people tend to be the weakest link in the chain.

This type of issue could be solved in a lot of ways. I think a solution wherein:

1. ICOs use a standard 'escrow' contract wherein ether and coin get held by the contract for 7 days or so before either party can withdraw the opposite pair (where either can back out).

2. Building some standard 'ether address' widget that verifies the type of contract an address is. A user-wallet would usually be a warning sign.

That wouldn't solve this problem. Did you read the article? The ICO investors were tricked.

And how wouldn't it solve the problem? (1) would act as a more safe instrument for sending money to addresses you don't regularly interact with, (2) would attempt to make the address type much more apparent to the user so they don't send to addresses they aren't familiar with.

Just because you invent a special type of escrow contract that makes it harder to steal money doesn't mean an attacker would use it... he would just instruct users to send money to his own contract and bypass all of the protections you've invented.

When did I mention an attacker should use this? How does that argument make sense at all?

Legitimate ICOs should take on use of these widgets and contracts, educating users in the process to only send to particular contracts. This requires a great deal of improved hygiene for ICO providers and education for consumers, but there’s no easy foot forward here.

One problem is that the correct contract to fund an ICO might even change during the ICO (as it has happened with EOS) and the current way these “businesses” are communicating these contract changes is pretty poor.

So yeah, we definitely need improved hygiene that addresses the pain points of trying to do these funding events through a blockchain.

The user wallet vs contract distinction might help, but that means tooling and education.

They were being tricked anyway.

The ICO concept is fundamentally solid and is more efficient then traditional funding sources. What currently lack is the implementation. Both technological and legal frameworks need lots of work, but I bet it'll happen

Really? I hope we will enter a post-ICO era of fundraising. Tokens simply do not make sense in most cases, nor do new chains. In my startup, we're issuing Token-Shares (Blockchain Bearer Shares) that pay dividends[1]. I think something like this will be the future. Let people actually own and share in the profits of the enterprise. The share prices can still 10x or more, so there is still a benefit to early investors. Plus focusing on actual business fundamentals.

1: If you want more blockchainy tech, the dividends get paid into the smart contract owning the shares, automatically.

first time i can't get whether it is sarcasm or not.

Absolutely not sarcasm. Why would ICOs giving out tokens with no equity be superior to a tokens that have equity and receive dividends?

If you sell equity, and will pay dividends, why not just do an IPO? The SEC will treat you as a security anyways.

We're doing a blockchain IPO because the subject we deal with has significant legal issues in most countries (details in profile). We're operating as an extrajurisdictional company to get around these issues, with an anonymous founding and executive team.

Oh, right, I recall your earlier posts on this subject. That's a fair use case, although it is also fraught with legal perils.

without any intention of going into discussion of other aspects (personally i'm for legalization of drugs, sex, etc.), isn't investing and receiving dividends here would make one a kind of pimp?

Legally speaking, what is proposed for the app directly would probably fall afoul of pimping/solicitation laws in most jurisdiction which have such laws. Whether it's the moral equivalent of what people think of as pimping or pimping as most commonly practiced is, well, ultimately subjective.

For an investor, it's probably detached enough that general conspiracy/organized crime laws are more applicable than pimping/solicitation.

IANAL, this isn't legal advice, and even if I was and it was, you probably shouldn't take legal advice from pseudonymous accounts on internet discussion forums.

A pimp takes a 100% cut and has an ownership-like relationship. We're going to take a reasonable service fee. We're against sexual trafficking and coercion of any kind. So no, I don't think reasonable people would consider our investors to be pimps.

But you're right that such law would be used to go after us. That's why we're encouraging people to use Monero to invest and receive dividends and are open to other ideas as well.

ICO is the new ponzi scheme

Only if you use ponzi scheme (incorrectly) interchangeably with "scam."

Or correctly, in the sense of "a system that requires constant new investment to achieve payouts"

If you think that's all it takes to satisfy the definition of a Ponzi scheme, you're incorrect. That would even be an oversimplification for a Pyramid scheme.

I'm not sure why this has to be corrected for every crypto thread on HN. We get it, someone has to comment on every crypto post "Ponzi scheme," "tulips," or the like (regardless on whether or not such a generic comment is especially relevant to the thread) but simply calling it a "scam" gets the unoriginal point across without making you seem so misinformed.

Equally, "your side" could save a lot of time by saying "This asset bubble is different" and leaving it at that.

Kind of like pension systems in most countries?

Largely, which is why we keep reminding people they are social insurance programs, not investments. The state has guns, and can mandate the continued investment

This looks like another in a series of ICOs which are not being handled with appropriate security controls.

When people are planning on taking in millions of dollars of investment in an easily traded, easily stolen, digital currency, they've got to expect attention from relatively well funded/motivated attackers.

Unfortunately many of the founders of these ICOs don't seem to be that well setup in this regard as some of the disclosed hacks, including this one, aren't exactly advanced.

Initial Clown Outwitting

That's a bit unfair to clowns.

The term "investor" in relation to ICOs could be replaced with the term "mark", and the whole thing would be a lot more accurate.


...OMG actually dipped and is a good buy right now...

Yes, this is actually a thing: https://coinmarketcap.com/assets/omisego/

I hear that MattDamonCoin is huge in China. Buckle up, Paul.

There's a boom and a bust cycle when it comes to new technologies -- doubtless blockchain will have to go through the buzzsaw just like the early commercial Internet did in the early 2000s.

The commercial internet brought an unprecedented increase in the speed of communication.

Blockchains... Bring a secure, distributed ledger. That's nice, but this isn't Amazon replacing the Sears catalog.

Question: in light of the SEC decision regarding the DAO, is there any way to do an ICO that doesn't run the risk of later the whole company being shut down for not registering securities? Like maybe opening the company in Crypto Valley, Zug?

Is there a way to do a public offering of tokens? Or does it necessitate all the same reporting that a publicly listed company has?

Could still be worth it! Because the investors control even less of your board than in Snapchat IPO.

Answer (if you want USA investors): https://coinlist.co/

Answer (if you don't need USA investors): http://cryptovalley.swiss/

Yes: Do an ICO like a kickstarter. It's not illegal. The tokens just need to not be financial instruments. You can say "Buy my tokens to fund my project."

Wait, what? Can lawyers please weigh in on this?

There are the Howey test on the Federal level, and then there is also the Risk Capital Test in several states.

Precedent can very easily go towards the direction that people have a reasonable expectation of the tokens going up in value, making them securities in the eyes of at least the Risk Capital Test. In fact club memberships became securities under this test!


Many people buy Nike shoes to go up in value. Nike Inc. purposefully limits the quantity.

Are Nike shoes therefore securities? It is an open ended question and yes where we are in this country a future court could rope something like that in too before Congress gets around to forcing regulatory clarity.

Tokens can be products. It is what you sell them for and how you sell them and how you interact with that market, and how others interact with that market, that determines if something is a security. But is isn't a single one of those factors in isolation that makes it a security.

I wish that passwords like this stopped being the main form of authentication. I guess I'm not sure what's a better way (I like the physical object + pin of my credit card but that's probably not practical for all Web authentication) but it seems pretty obvious that passwords are broken in their current form unless you use a password manager, which can be a hassle

There is no security mechanism that is safe against gross negligence.

This is where two factor authentication comes into play. Then you can have something you know (eg password) and something you own (eg phone).

I quite like using Google Authenticator for my 2FA.

There are also problems with that: https://news.ycombinator.com/item?id=15068567

There are problems with any method of authentication when being targeted by a determined enough theoretical attack. The key is to find a process that balances risk against inconvenience. Google Authenticator (which, by the way, isn't what your link refers to. That only covers SMS) is a great middle ground for most reasonable security requirements. If you feel the need for something stronger then go for 3 factors, alerting systems, disable remote logins entirely or whatever extra steps is recommended by your pen testers.

I should also add that to just highlight problems with one specific method of 2FA without establishing that it is still more secure than a single factor password, let alone acknowledging that other methods of identification are available, somewhat misses the point of 2FA.

That's not Authy/Google Authenticator. That's social engineering their way into getting a persons text messages for SMS 2FA.

If you can compromise the iCloud account of an iOS user (pretty sure iOS 2fa is only SMS based), then you can install google authenticator on your own device.

I'm sure it's more complicated than that in reality, but if you have SMS access, you only need to find one weak link in the chain including iCloud/google, email provider, app provider, etc.

> install google authenticator on your own device.

You sure can, but will you then have the requisite TOTP secrets?

No. iCloud backups don't contain keychains, where the Google authenticator stores its seeds.

Doesn't iOS keep keychain synced with iCloud keychain? Or at least, it's user configurable. I'm pretty sure I opted out of it.

Good news is according to apple [0], you can protect your icloud keychain with a six digit code required to move the keychain to a new device.

[0] https://support.apple.com/en-us/HT204085

That's a cellphone network security issue.

If instead of SMS the 2FA use only a software token generator, then highjacking the cell network would not be a successful attack vector.

How about authentication with public keys? You can store them encrypted in a smartcard, on your computer, on your phone, or even write them down.

I'd just like ssh or client side certificates.

People have to deal with PKI all the time, why not just make it expected basic knowledge?

Already solved. Securelogin.pw

Do the victims ever get their money back after these cryptocurrency hacks/scams? I know crypto transactions are irreversible by nature, but do the coins ever get seized by law enforcement and returned to their owner? If not, that seems like a major problem. (I know they got around the DAO hack, but that's a unique case.)

No, one thing that has been a partial remedy is that the token sale creators give the new token to the people that sent money to the wrong address anyway. It isn't really dilution to the founders so its easy to remedy.

Case in point, Enigma was trying to raise $50,000,000 which they haven't even initiated yet. This was only going to result in 50% of the tokens in the hands of the public. So buyers would have new tokens and trade that amongst themselves and other people, Enigma would have $50m a lot of that for the founders, and Enigma would also have the other Enigma tokens which would also be valued at $50m which they could use for rewards or selling into the market in the future, all depends on how the market grows.

The hackers get their $500k bug bounty and would have to have equally as bad OPSEC to get caught.

The deterrents aren't really there right now, it isn't necessarily a problem, I don't really think the state is necessary here and I wouldn't want them to use my pooled resources on this given the cost of their investigations.

Can we get the title fixed? The editorialized title is misleading/inaccurate. (edit: Thanks, it's fixed now.)

In what way? The company's website, email lists and other property was compromised and investors lost 500k, seems pretty clear to me.

Original title was something like "Enigma's ICO hacked, $500,000 stolen. CEO reused password. No 2FA."

For one, my understanding is that the Enigma's "website, email lists and other property" was compromised, not it's "ICO". Second, the $500,000 was scammed out of users/investors rather than directly stolen in the "hack". I think for crypto-coins this is an important distinction.

Well, it seems unfair to say "investors lost 500k" if they weren't really investing in the ICO so much as taking the bait on a phishing email, which is what it sounds like happened. If a hacker took control of their domain and Slack, and socially engineered people into sending funds into the hackers' personal accounts (which is what it sounds like has happened), Enigma never really had the funds to lose in the first place themselves.

The title merely states that hackers stole $500,000. It does not say they stole it from Enigma. They stole it from people trying to invest in it - hence "investors lost 500k" seems perfectly apt.

There are a lot of scams on the web, but you don't blame the HTTP protocol. There are a lot of email scams, but you don't blame SMTP. Sad to see the dominant view of this community is against any type of cryptocurrency.

If you're an NBA player, you spread the word about gold digger scams. If you're midlevel management you spread the word about timeshare scams. If you're a retiree, you spread the word about tech support scams. If you are a techie, you spread the word about blockchain investment scams because we're the target market for those scams.

Scammers do their best to associate themselves with our communities because positive discussion at a place like hackernews is seen as "well, all those smart techies trust it..."

I don't think HN is remotely opposed to "cryptocurrency", but at the same time it's abundantly clear IMO that what's happening at this moment is a full-bore speculative mania.

> 3. Weekly password rotation, and daily rotation in the week leading to the token sale

this seems useless

what does nab mean?

Just in general? It means to "grab" or "take" (or in this case, "steal") something.

thank you.

we need to put a hold on all cryptocurrency startups until we figure out what the hell is going on

Just like immigration?


that was the joke.

So what, just a couple of years worth of work at Google as a SWE.

The problem is that most people tricked into "investing" in such platforms probably don't make anything like a software engineer at Google. This loss hurts them a lot.

My feeling is that most people are investing profits from another virtual currency. So it's not "real money" (in the sense of doing a deposit of USD and sending that to the ICO), but an existing paper profit that they want to try multiply further by putting it into another speculative asset.

Even knowledgeable people can fall victim to attacks like this.

You make it sound like I claimed that people not working at google are less intelligent. My point was that if you are already making good money you are not looking for lottery tickets to buy.

But still there are seemingly a few people that threat dollars as peanuts.

The data on the page on Etherscan:


does provide some insight at a quick analysis.

The total sent is (at the 494,170.68/1492=331.214 rate) almost exactly 500,000 US$ (499,821.59) of which, in four operation of 373 Eth each 1492 Eth were withdrawn 494,170.68.

Of the 212 total operation 4 are withdrawals, 3 are 0, that makes 205 "IN" operations.

The distribution of the amounts of the single operations/deposits is interesting, I quickly put together a few "classes":

a. >30,000 2 Total 66,243 US$

b. 20-30,000 3 Total 70,840 US$

c. 10-20,000 6 Total 82,803 US$

d. 5-10,000 14 Total 102,576 US$

e. 2.5-5,000 23 Total 80,125 US$

f. 1-2,500 33 Total 54,225 US$

g. 0-1,000 124 Total 43,010 US$

If the "targeted audience" was around 9,000, roughly 200 or 2.2% fell for the phishing.

A handful of people (classes a., b., c., 11 in total, i.e. coincidentally roughly the 0.1%) contributed for almost half the amount 66,243+70,840+82,803=219,886 219,886/500,000=43,98%.

Smart people are often the easiest to scam because they believe they can't be scammed.

I am not sure they are.

If we look at the Nigerian '419' scam, apparently the emails are written in bad English to filter out the smarter people that are unlikely to fall for the scam anyway. The reason is that handling the response on such an email is labor intensive and the people behind those scams prefer to only use labor when chance of success is high.

See: https://www.microsoft.com/en-us/research/publication/why-do-...


Its appears crypto currencies have escaped the technical domain and have landed plum into nigerian scam territory.

The crypto currency ecosystem has become toxic and irrational propped up by ignorance, desperation and blind greed

I wonder what arguments will be made to third world countries at the next climate change summit when a large number of our population seem to be squandering electricity without pause in the hope of riches.

The only way any crypto takes off in the world we live in is if some powerful vested interest sees some use for it, at which point all the speculators having spent the better part of the past decade pushing fantasy narratives about freedom etc will sell out every single tall claim made for a dime. Those who do not understand history and in this case economies are condemned to repeat it, and badly.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact