The ICO ecosystem has been rocked by a large scale phishing attack in which investors eager to participate in promising home sharing startup BEE Token’s crowdsale were duped out of hundreds of thousands of dollars worth of Ethereum.
In a major security breach, hackers were able to obtain the personal data and email addresses of Bee Token mailing list participants and sent out a fraudulent email stating that the crowdsale was open to contributions.
Bee has confirmed both the hack and the phishing email via their Twitter and Medium accounts, and has uploaded a video to the Bee token sale website featuring Bee CEO Jonathan Chou holding up the hand-written and typed ETH address for token sale contributions.
This is a fake/scam email. Please disregard it. https://t.co/CzhhGvoFl6
— The Bee Token (@thebeetoken) January 31, 2018
Too Good to Bee True
The Bee Token ICO has attracted a large amount of attention from the crypto community largely due to the potential of the decentralized Bee home-sharing concept and its strong supporting team, which consists of former Facebook, Google, and Uber employees.
As a result, the platform has already been targeted by a number of phishing attacks that have attempted to clone the Bee Token website. While the details of how the Bee Token mailing list was obtained are yet to be divulged, individuals affected by the phishing attack have shared the email that was used to mislead them:
The email was accompanied by an Ethereum address and QR code that can be viewed here. At the time of this report, 334 transactions are associated with the address, which currently contains more than 537.41. At current market rates, this amounts to a little over $566,000 USD.
Another Ethereum address has been identified to be associated with the scam, containing 241 ETH to the value of a little over $253,000.
Wallet address information courtesy of EtherScan.io
In an attempt to capture ETH from hopeful crowdsale participants the phishers announced a nonexistent “surprise partnership” with Microsoft, stating that all contributions within the next six hours of the announcement would receive a 100% bonus.
The email also stated that Bee Token would be backed by a guarantee that it will “double in value over the next two months” or all participants would receive their money back. The team behind the Bee Token ICO send out an email just one hour after the phishing attack, as well as updating the Bee Token website to warn potential investors.
The Future of Bee Token
While the swift response to the phishing attack from the Bee team has helped to assuage some investor fears, the hack does not bode well for the future of the platform. It seems like that either the Bee Token ICO’s security was lacking, or a team member was— unintentionally or otherwise— extremely careless with critical secure information.
Unfortunately, there is no way for investors duped by the scam to claim back their lost ETH. When investing in an ICO, always ensure you’re contributing to the genuine address provided by the platform and never send cryptocurrency to an address you received via email.