CoinDash ICO Hacker Nets Additional Ether as Theft Tops $10 Million

Money continues to trickle into an ethereum address compromised during an initial coin offering by a startup called CoinDash.

AccessTimeIconJul 19, 2017 at 9:30 a.m. UTC
Updated Sep 11, 2021 at 1:32 p.m. UTC

A few prospective investors were still sending ether to an ethereum address compromised in an initial coin offering (ICO) held by a startup called CoinDash yesterday, inadvertently bringing the total lost in the theft up to around $10m.

As reported on July 17, $7m was initially stolen by a hacker who altered the contract address of the ICO project. CoinDash said in an updated statement today that 2,000 investors have now sent a total of 37,000 ethers to the fake address after the open sale started.

While only a small number of transactions have been seen since the hack was revealed, one investor sent 50 ethers to the fake address, according to

At publication, around 43,500 ether had been sent to the address in total, bringing the value of the theft to just under $10.3m, amid the cryptocurrency market rebound over the last day.

While CoinDash has yet to disclose how the breach occurred, others are beginning to speculate on what caused the issue.

Wu Guanggeng, the COO of China's mining pool Bixin, for example, posited on Weibo that the breach may have actually been made via the domain name server provider. When reached out to by CoinDesk, Wu indicated his source for the information was a WeChat official account that publishes cryptocurrency news for subscribers.

One post from the social messaging account claimed that CoinDash support staff said the hacker first cloned an almost identical website to, while using a fake contact address.

The imposter then contacted the CoinDash's DNS provider using the registered email to request a redirection of traffic to the false site. Wu suspected the CoinDash email account was also compromised.

While CoinDash has previously stated that investors who have been affected by the hack will receive ICO tokens as compensation, those who made transactions after the website was shut down will not be compensated.

CoinDash did not confirm the cut-off time for the website closure. However, the company tweeted on 10:39 a.m. EST, July 17, that the token sale was over and asked investors not to send "any ETH to any address."

This was followed by another Tweet on 12:47 p.m. that linked to its statement, and another soon after pointing to a form for those who had been affected.

So far the fake contract address has not made any outgoing transactions.

Sink drain image via Shutterstock; fake account details image via


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.