Today at approximately 1300 GMT , coindash's ICO website (coindash.io) became hacked.
The hackers were able to insert an ethereum address which effectively siphoned off $7.5 million in ether from eager ICO investors. Unfortunately, there are claims that Coindash could have coordinated an inside job to appear as if they were hacked by an external source, thus a highly-coordinated scam. Nevertheless, by analyzing the profit from the scam and comparing that to the potential profit from what a flawless, unhacked ICO would have generated, it is surprising to note that the scam could not have been perpetrated by Coindash themselves if they were in pursuit of the most profit possible.
The scam generated less profit than what the would-be ICO would have generated for Coindash.
Coindash capped the ICO at $12 million.
If they were rational, they would not have caused the scam because assuming they were the scammers, they only got $7.5 million while they could have made $12 million from the ICO.
Pre-ICO: $6 million
Scam: $7.5 million
Total Revenue: $13.5
Pre-ICO: $6 million
ICO: $12 million
Total Revenue: $18 million
First mention of "hack" in telegram with ensuing, utter chaos
It is clear that the team could not have faked the hack and have been responsible for the scam because they would have ended up with less than they could have made with a normal ICO. The tokens will still be dispersed to ICO investors who sent Ether to the scam address. Less savvy investors who sent to other addresses such as those on Telegram would have been scammed in either ICO, with or without the hack.
Investors: Please do your due diligence and only trust addresses posted on the website.
ICO organizers: Only release website pages with correct addresses. Use a server kill-switch if hacked. Release address before ICO and activate only at ICO start. Warn investors to not send before ICO start. They will learn not to waste gas doing so. The cost in wasted gas is much lower than the cost in wasted ICO funds. Monitor chats. Ban scammers.