BeeToken customers were duped out of more than US$1 million (£700,000) worth of Ethereum in a phishing scam targeting BeeToken's initial coin offering (ICO) in a scam similar to the one that targeted Experty earlier this week.
BeeToken confirmed the attacks on its Twitter and Medium accounts warning customers to be wary of emails and Telegram urging users to send funds as they are most likely fraudulent. Affected users said the attackers were targeting individuals who signed up for the BeeToken newsletter and its KYC process for the ICO, according to TNW.
It is unclear how the hackers obtained the information but some users have accused the company of failing to properly store customer data on Reddit forums. BeeToken CEO Jonathan Chou desputed the claims and told the publication that his company does not “store customers' data in a centralised database like Airbnb.”
“We are not at risk of exposing all of our customers' data in one go if there is a security breach,” Chou said. “Things do not seem that way now, at least when it comes to their email system.
In the Experty attack, cyber-criminals also tricked ICO participants into sending funds to the scammer's wallet instead of to the intended company. In this instance, the hacker was able to compromise the computer of an Experty user in order to obtain the victims' email address to send the phishing emails.
Some researchers expect to see many more attacks like this moving forward.
"We will likely see a surge of old attacks reincarnated and leveraged to steal digital coins or tokens," High-Tech Bridge chief executive officer Ilia Kolochenko told SCMedia. "Many blockchain startups and their customers/investors recklessly disregard cyber-risks surrounding them."
Kolochenko went on to say that the matter is made worse when law enforcement agencies lack the human and financial resources to investigate these kind of crimes.