Experty ICO Phishing Scam
5 min read

Experty ICO is Hacked as Phishing Attack Steals $150,000

By Editorial Team

It seems as if another ICO has fallen victim to a “Pre-ICO sale” phishing attack. In this case, the ICO in question was Experty where the hackers were able to make away with about $150,000 in investor funds.

These type of ICO phishing attacks involve the hacker taking advantage of the FOMO (Fear Of Missing Out) that is inherent with most investors. In this case, the hacker sent pre-ICO sale announcements to those who had signed up to receive them from the company.

These are generally the most rudimentary type of crypto thefts as they mostly rely on an overly keen investor who is too quick to jump on a supposed opportunity. These are generally quite easy to spot and are only marginally effective.

However, in this case, the hacker was able to gain access to the list to many of those who had signed up to the ICO. This is the reason that the hacker was able to make the email scam that much more effective.

So how did this happen exactly? Let’s take a closer look.

What is Experty?

Experty.io Logo
Image via experty.io

Experty aims to develop a blockchain based Voice Over Internet Protocol (VOIP) calling system. They want to take on the likes of the current centralised players in the form of Whatsapp and Skype with a decentralised solution.

The platform wants to give professionals the opportunity to exchange their knowledge for money through the application. It would allow these knowledge providers to set minute rates for the amount they would like to get compensated.

They see the most relevant use cases for the technology as those who are in the legal, consulting or medical fields. These professionals can log on and automatically receive cryptocurrency for their time.

They were going to use the ICO to issue the native ERC223 token for the start-up, the Experty Token (EXY). The main crowd sale of these tokens was planned on the 31st of January.

What is no doubt interesting is that the Experty ICO made use of something called a “Proof of Caring” or PoC. If this is a concept that you initially scratched your head at, don’t worry, so did we.

Proof of Caring is supposed to be a way in which those who promote the ICO and write a number of reviews on them online. Those that were able to promote the ICO effectively during this PoC stage “showed that they cared” and were attributed a higher level.

In these higher levels, they could earn more tokens within the three different tiers. Although PoC seems to be an innovative way to draw attention to an ICO, it looks a great deal like a Multi-Level Marketing scheme.

Irrespective of how the project wanted to promote their ICO, the PoC example left the user data vulnerable to the hacker.

How the Scam Took Place

According to an announcement on Medium, the Experty team was able to establish that one of these PoC reviewers had their account somehow compromised. This PoC user somehow also had information of all of the other PoC users.

This meant that the hacker who was able to get into this individual’s account also had access to the names and contact information of all those others who were registered.

This was no doubt some really important customer information that the hacker was able to leverage. On the 27th of January, these users started getting emails alerting them to a pre-ICO of the tokens.

The emails were spoofed and originated from ico.experty.bitcoinsuisse@tindie.com. This was chosen no doubt to confuse the investor into thinking that it was coming from the ICO itself or from Bitcoin Suisse, the company facilitating the ICO.

They were also told that they had only 12 hours to invest in the pre-sale before it closed for them. The hacker told the participants to send the funds to his address. This created the FOMO affect and provided the impetus to send the funds.

$150,000 and Counting

So far, there have 71 transactions to the hacker’s wallet which was eventually picked up by Bitcoin Suisse. Although it may have staved off the flow for the time being, there is at least $150,000 that is now in the hands of the perpetrator.

There were also reports that the hackers had used more than one Ethereum address for the phishing scam. This means that he may have been able to extract a great deal more than is initially being reported.

The Experty team released an official communication on the hack. They wanted to compensate the community by giving everyone who has their ETH address in the database an additional 100 EXY tokens which is about $150. They went on to say

We are taking precautions and increasing security to ensure that this does not happen again. The Experty community is our number one priority, and always has been. We will continue to work towards a safer and prosperous future, and we hope that you will be there with us

This is of course not much consultation for the 71 or so people who lost their funds to the hacker. Moreover, the PoC reviewers should not have had access to the details of all of their compatriots.

Lessons to be Learned

While it was no doubt reckless for private data to be in the hands of a group of users, the ultimate responsibility for falling for the scam has to lie with the user. Phishing scams rely on victims that don’t think twice before they fund.

In this case, those who had funded should have known that the ICO was only commencing on the 31st of January. They should have also have been suspicious as to the email address that was used to promote the pre-sale.

When it comes to pre-sales, ICO announcements, air-drops etc, if you have the inkling of suspicion, just wait. It is far more costly to fall for a scam than it is to miss out on a “hot” ICO.

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 18, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
Raydium Review: Solana’s DeFi Liquidity Mammoth

Raydium Review: Solana’s DeFi Liquidity Mammoth

June 11, 2022 17 min read
crypto com
Crypto.com Exchange Review 2022: A World-Class Crypto Exchange
crypto com

Crypto.com Exchange Review 2022: A World-Class Crypto Exchange

June 10, 2022 30 min read
OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read
Binance partners with the weekend
Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour
Binance partners with the weekend

Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour

June 3, 2022 2 min read

Related Posts

OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read
21Shares Releases Sixth State of Crypto Report
21Shares Releases Sixth State of Crypto Report: Summary
21Shares Releases Sixth State of Crypto Report

21Shares Releases Sixth State of Crypto Report: Summary

June 2, 2022 3 min read
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

June 2, 2022 2 min read
Regulators are “Not Allowing” Banks to Engage with Crypto
Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto
Regulators are “Not Allowing” Banks to Engage with Crypto

Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto

June 1, 2022 2 min read
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution

US Conference of Mayors Introduces Blockchain Resolution

June 1, 2022 2 min read
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40Increase
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40% Increase
Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40Increase

Tron Passes AVAX and SOL in TVL, Claiming 3rd Spot After 40% Increase

May 31, 2022 3 min read
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours
All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours

All Eyes on Bitcoin as $60 Billion Flows into Crypto in 24 Hours

May 31, 2022 2 min read