Hackers breached BeeToken’s email list and stole $1M worth of Ethereum

beetoken, ico, hack, airbnb, email, phishing

It appears cryptocurrency startup BeeToken, which promised to disrupt the home sharing industry by putting its service on the blockchain, has been hacked. The attackers are actively targeting its initial coin offering (ICO) with phishing attacks and have already duped gullible investors for over $1 million worth of Ethereum.

The company has confirmed the phishing attacks on its official Twitter and Medium accounts, warning that users should treat emails and Telegram messages directly encouraging users to send funds are likely fraudulent.

Please note that we will NEVER EVER communicate an Ethereum address through an email or Direct Message to you via Telegram,” the company noted.

There appear to be several different versions of the deceptive emails circulating the web. Some emails are also promoting a non-existent partnership with Microsoft.

Users have since shared screenshots of the phishing messages:

While it has been cut from the screenshot above, the email further included a fraudulent Ethereum address and a dedicated QR code leading to the same address.

What makes things especially confusing for rookie investors is that the attackers coordinated their phishing emails along with the official launch of the BeeToken ICO.

In fact, it appears the attackers have been able to raise almost half as much funds as the real thing. A counter on the BeeToken site shows that the website has so far raised more than $2.3 million. By comparison, three of the numerous fraudulent addresses associated with the phishing attack have collectively attracted nearly $1 million.

It remains unclear what the precise source of the breach is, but users have taken to Reddit suggesting that BeeToken failed to properly protect its customers data. According to affected users, the hackers were targeting individuals who signed up for the BeeToken newsletter and its KYC process for the ICO.

We have reached out to the company for a clarification and will update this post accordingly should we hear back.

In an email conversation with TNW last week, BeeToken CEO Jonathan Chou told us that the company does not “store customers’ data in a centralized database like Airbnb.”

“We are not at risk of exposing all of our customers’ data in one go if there is a security breach,” he added. Things do not seem that way now, at least when it comes to their email system.

The breach is pretty unfortunate – especially for the numerous duped investors who were promised a safer service on the blockchain. Since BeeToken exists on the Ethereum blockchain, users have no recourse to claim their Ether back. This conundrum is something decentralized systems will be facing even more in the near future, especially now that the technology is finally taking off in the mainstream.

But given the massive hype around cryptocurrency and blockchain, the worst part is that we are likely to see this scenario unfold again… sooner or later.

One thing must be said though: BeeToken and its aspirations to disrupt the home sharing industry are a cautionary tale that blockchain is hardly a magical fix for everything.

Read next: Facebook banned cryptocurrency ads but it still shows them anyhow