A few prospective investors were still sending ether to an ethereum address compromised in an initial coin offering (ICO) held by a startup called CoinDash yesterday, inadvertently bringing the total lost in the theft up to around $10m.
While CoinDash has yet to disclose how the breach occurred, others are beginning to speculate on what caused the issue.
Wu Guanggeng, the COO of China's mining pool Bixin, for example, posited on Weibo that the breach may have actually been made via the domain name server provider. When reached out to by CoinDesk, Wu indicated his source for the information was a WeChat official account that publishes cryptocurrency news for subscribers.
One post from the social messaging account claimed that CoinDash support staff said the hacker first cloned an almost identical website to CoinDash.io, while using a fake contact address.
The imposter then contacted the CoinDash's DNS provider using the registered email to request a redirection of traffic to the false site. Wu suspected the CoinDash email account was also compromised.
While CoinDash has previously stated that investors who have been affected by the hack will receive ICO tokens as compensation, those who made transactions after the website was shut down will not be compensated.
CoinDash did not confirm the cut-off time for the website closure. However, the company tweeted on 10:39 a.m. EST, July 17, that the token sale was over and asked investors not to send "any ETH to any address."
So far the fake contract address has not made any outgoing transactions.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.