Experty ICO Leak and Phishing Attack: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/expertyicoleakandphishingattack.php}} thumb|ExpertyExpert is a knowledge sharing service. Experts can offer their services to others and be paid by the minute. Anyone looking for an expert can sign up and pay by the minute. The email list was compromised, and an attacker emailed potential investors just prior to the launch with a fake launch announcement. Over $150k worth of...") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/expertyicoleakandphishingattack.php}} | {{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/expertyicoleakandphishingattack.php}} | ||
{{Unattributed Citations}} | |||
[[File:Experty.jpg|thumb|Experty]]Expert is a knowledge sharing service. Experts can offer their services to others and be paid by the minute. Anyone looking for an expert can sign up and pay by the minute. | [[File:Experty.jpg|thumb|Experty]]Expert is a knowledge sharing service. Experts can offer their services to others and be paid by the minute. Anyone looking for an expert can sign up and pay by the minute. | ||
| Line 6: | Line 7: | ||
This exchange or platform is based in Poland, or the incident targeted people primarily in Poland. | This exchange or platform is based in Poland, or the incident targeted people primarily in Poland. | ||
<ref name="trendmicro-5747" /><ref name="experty-5882" /><ref name="experty-5883" /><ref name="expertyiomedium-5884" /><ref name="icobench-5885" /><ref name="youtube-5886" /><ref name="zdnet-5887" /><ref name="bleepingcomputer-5888" /><ref name="serialtreptwitter-5889" /><ref name="expertyiomedium-5890" /><ref name="crushcrypto-5891" /><ref name="cryptobriefing-5892" /><ref name="youtube-5893" /><ref name="linkedin-5894" /><ref name="financemagnates-5895" /><ref name="cryptonews-5896" /><ref name="youtube-5897" /> | |||
== About Experty == | == About Experty == | ||
| Line 69: | Line 71: | ||
Don't Include: | Don't Include: | ||
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
| Line 91: | Line 92: | ||
|- | |- | ||
|January 26th, 2018 12:00:00 AM | |January 26th, 2018 12:00:00 AM | ||
| | |Main Event | ||
| | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
|- | |- | ||
| | | | ||
| Line 104: | Line 101: | ||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost | The total amount lost has been estimated at $150,000 USD. | ||
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | ||
| Line 115: | Line 112: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
There do not appear to have been any funds recovered in this case. | |||
What funds were recovered? What funds were reimbursed for those affected users? | What funds were recovered? What funds were reimbursed for those affected users? | ||
| Line 127: | Line 124: | ||
== References == | == References == | ||
[https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/bee-token-stung-with-a-phishing-scam-that-cost-investors-1m-of-ethereum Bee Token Stung with a Phishing Scam that Cost Investors $1M of Ethereum - Security News] (Jan 18) | <references><ref name="trendmicro-5747">[https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/bee-token-stung-with-a-phishing-scam-that-cost-investors-1m-of-ethereum Bee Token Stung with a Phishing Scam that Cost Investors $1M of Ethereum - Security News] (Jan 18, 2022)</ref> | ||
[https://experty.io/ https://experty.io/] (Jan 21) | <ref name="experty-5882">[https://experty.io/ https://experty.io/] (Jan 21, 2022)</ref> | ||
[https://experty.io/about https://experty.io/about] (Jan 21) | <ref name="experty-5883">[https://experty.io/about https://experty.io/about] (Jan 21, 2022)</ref> | ||
[https://experty-io.medium.com/knowledge-without-limits-how-wisdom-pools-are-set-to-shake-up-the-knowledge-sharing-economy-99da31e4508a https://experty-io.medium.com/knowledge-without-limits-how-wisdom-pools-are-set-to-shake-up-the-knowledge-sharing-economy-99da31e4508a] (Jan 21) | <ref name="expertyiomedium-5884">[https://experty-io.medium.com/knowledge-without-limits-how-wisdom-pools-are-set-to-shake-up-the-knowledge-sharing-economy-99da31e4508a https://experty-io.medium.com/knowledge-without-limits-how-wisdom-pools-are-set-to-shake-up-the-knowledge-sharing-economy-99da31e4508a] (Jan 21, 2022)</ref> | ||
[https://icobench.com/ico/experty https://icobench.com/ico/experty] (Jan 21) | <ref name="icobench-5885">[https://icobench.com/ico/experty https://icobench.com/ico/experty] (Jan 21, 2022)</ref> | ||
[https://www.youtube.com/watch?v=aJoDr6ax5gI Experty IO Explainer: Top Token to Watch in 2018 & 2019 / Crypto Blockchain - YouTube] (Jan 21) | <ref name="youtube-5886">[https://www.youtube.com/watch?v=aJoDr6ax5gI Experty IO Explainer: Top Token to Watch in 2018 & 2019 / Crypto Blockchain - YouTube] (Jan 21, 2022)</ref> | ||
[https://www.zdnet.com/article/hacker-phishes-experty-ico-steals-150000-in-ethereum/ Hacker phishes Experty ICO, steals $150,000 in Ethereum | ZDNet] (Jan 21) | <ref name="zdnet-5887">[https://www.zdnet.com/article/hacker-phishes-experty-ico-steals-150000-in-ethereum/ Hacker phishes Experty ICO, steals $150,000 in Ethereum | ZDNet] (Jan 21, 2022)</ref> | ||
[https://www.bleepingcomputer.com/news/security/hacker-steals-over-150-000-worth-of-ethereum-from-experty-ico-participants/ Hacker Steals Over $150,000 Worth of Ethereum From Experty ICO Participants] (Jan 21) | <ref name="bleepingcomputer-5888">[https://www.bleepingcomputer.com/news/security/hacker-steals-over-150-000-worth-of-ethereum-from-experty-ico-participants/ Hacker Steals Over $150,000 Worth of Ethereum From Experty ICO Participants] (Jan 21, 2022)</ref> | ||
[https://twitter.com/serialtrep/status/957075323329409027 @serialtrep Twitter] (Jan 21) | <ref name="serialtreptwitter-5889">[https://twitter.com/serialtrep/status/957075323329409027 @serialtrep Twitter] (Jan 21, 2022)</ref> | ||
[https://experty-io.medium.com/refunds-due-to-the-data-breach-6d8cc0da7584 https://experty-io.medium.com/refunds-due-to-the-data-breach-6d8cc0da7584] (Jan 21) | <ref name="expertyiomedium-5890">[https://experty-io.medium.com/refunds-due-to-the-data-breach-6d8cc0da7584 https://experty-io.medium.com/refunds-due-to-the-data-breach-6d8cc0da7584] (Jan 21, 2022)</ref> | ||
[https://crushcrypto.com/analysis-of-experty/ Experty ICO Review – Decentralized Knowledge Exchange - Crush Crypto] (Jan 21) | <ref name="crushcrypto-5891">[https://crushcrypto.com/analysis-of-experty/ Experty ICO Review – Decentralized Knowledge Exchange - Crush Crypto] (Jan 21, 2022)</ref> | ||
[https://cryptobriefing.com/experty-ico-review-exy-token-analysis/ Experty ICO Review and EXY Token Analysis - Crypto Briefing] (Jan 21) | <ref name="cryptobriefing-5892">[https://cryptobriefing.com/experty-ico-review-exy-token-analysis/ Experty ICO Review and EXY Token Analysis - Crypto Briefing] (Jan 21, 2022)</ref> | ||
[https://www.youtube.com/watch?v=bYK32UWfZ00 Experty ICO Review - Knowledge Sharing on the Blockchain - YouTube] (Jan 21) | <ref name="youtube-5893">[https://www.youtube.com/watch?v=bYK32UWfZ00 Experty ICO Review - Knowledge Sharing on the Blockchain - YouTube] (Jan 21, 2022)</ref> | ||
[https://www.linkedin.com/pulse/experty-ico-maxie-a-soetandi/ EXPERTY ICO] (Jan 21) | <ref name="linkedin-5894">[https://www.linkedin.com/pulse/experty-ico-maxie-a-soetandi/ EXPERTY ICO] (Jan 21, 2022)</ref> | ||
[https://www.financemagnates.com/cryptocurrency/news/hacker-steals-150000-worth-ethereum-experty-ico/ Hacker Steals $150,000 Worth of Ethereum from Experty ICO | Finance Magnates] (Jan 21) | <ref name="financemagnates-5895">[https://www.financemagnates.com/cryptocurrency/news/hacker-steals-150000-worth-ethereum-experty-ico/ Hacker Steals $150,000 Worth of Ethereum from Experty ICO | Finance Magnates] (Jan 21, 2022)</ref> | ||
[https://cryptonews.com/news/experty-ico-hacked-data-leaked-usd-150k-stolen-1109.htm Experty ICO Hacked, Data Leaked, USD 150,000 Stolen] (Jan 21) | <ref name="cryptonews-5896">[https://cryptonews.com/news/experty-ico-hacked-data-leaked-usd-150k-stolen-1109.htm Experty ICO Hacked, Data Leaked, USD 150,000 Stolen] (Jan 21, 2022)</ref> | ||
[https://www.youtube.com/watch?v=2HsloXwauuY Experty - Calls powered by Cryptocurrencies - ICO review - YouTube] (Jan 21) | <ref name="youtube-5897">[https://www.youtube.com/watch?v=2HsloXwauuY Experty - Calls powered by Cryptocurrencies - ICO review - YouTube] (Jan 21, 2022)</ref></references> | ||
Revision as of 23:32, 16 February 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Expert is a knowledge sharing service. Experts can offer their services to others and be paid by the minute. Anyone looking for an expert can sign up and pay by the minute.
The email list was compromised, and an attacker emailed potential investors just prior to the launch with a fake launch announcement. Over $150k worth of Ethereum were sent to the attacker.
This exchange or platform is based in Poland, or the incident targeted people primarily in Poland. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]
About Experty
"DeFi Wisdom Pool that provides knowledge liquidity. Get many replies within 24 hours." "Join a community of passionate Experts and thought-leaders."
"Behind every great decision, there are wise people. Experty’s wisdom pools remove the barriers to wisdom, giving you quick and easy access. And it all happens in one place, so that you can make the best possible decision, no matter what you’re searching for."
"The blockchain industry isn’t full of people with degrees and certifications, but that doesn’t mean that those involved aren’t experts. Surely, what makes someone an expert has little to do with where they went to school and much more to do with the skills they can contribute."
"In order to take full advantage of the skilled people available, we can’t pigeonhole experts based on degrees, recognizing that the current socially accepted standards for experts are quickly evolving and moving away from this, especially in the crypto space."
"Experty created DeFi Wisdom Pools to provide a place for crypto experts and wisdom seekers to unite and work together. Whether it’s for business ventures, blockchain learning, or DeFi crypto advice, Wisdom Pools gather hundreds of years of combined business and blockchain knowledge to serve up the maximum impact for everyone involved."
"Experty.io is the first Ethereum powered voice and video application which allows users to monetize their time, knowledge, and expertise on a global scale. The Ethereum blockchain allows for automatic payments from client to contractor based on the predetermined rate and the length of the conversation. Experts on any subject can share a link to their Experty profile on any platform they see fit, including but not limited to, social media, websites, and emails. There is no central marketplace."
"Add Contacts, compose a message and send to all with a single click." "Pay for the first answer. After receiving a response, you'll get access to the chat." "You will get a refund for contacts who haven't responded within 24h."
"Experty's Initial Coin Offering (ICO), also known as a token sale, is designed to raise funds for a "Skype-like voice and video application" which could also take secure payments through the Blockchain."
"Token sales can be a lucrative endeavor, not only for companies looking to raise funds outside of traditional banking methods but also for traders who invest in the early stages of projects which end up as a success."
"Experty's ICO is expected to launch at the end of this month. As first reported by Bleeping Computer, an unknown threat actor sent fraudulent pre-ICO messages to Experty users which had signed up for announcements." "Interest was high as Inc.com ranked the Experty ICO as one of the top 10 ICOs to watch in 2018."
"In late January, hackers phished participants of the Experty ICO (meant for setting up a Skype-like application) and got away with etherium worth $150,000."
"A hacker has tricked Experty ICO participants into sending Ethereum funds to the wrong wallet address. He was able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications."
"On January 26 and January 27, Experty users who signed up for notifications for the Experty ICO started receiving emails with a pre-ICO sale announcement of Experty (EXY) tokens. Users were asked to send money to a Ethereum wallet if they wanted to buy EXY tokens and be part of the ICO." "The email was a fake because the actual Experty ICO was scheduled for January 31, and not this week."
"According to a statement posted on Medium, the hacker was able to find out the email addresses of Experty users as "one of [the company's] reviewers was compromised and hackers gained access to some information about users."
"The information was stolen by compromising a PC belonging to a team member that was involved in conducting an Experty PoC (Proof-of-Care) review." "Hackers targeted one of the people who carried out Experty's proof-of-care review to get user information, which included the registered potential investors’ full names, email addresses, and ETH-addresses."
"Experty's keenly-awaited ICO has dissolved into disarray after a hacker targeted investors and stole roughly $150,000 in Ethereum (ETH) ahead of the event."
"These emails probably did not look too suspicious because they contained a lot of private user information, such as their ETH address and the correct amount of ETH the recipient pledged to contribute to the ICO."
"It appears that many fell for the scam, and while the wallet is now empty, a total of 74 transactions have been made in the last few days in ETH worth roughly $150,000."
"Experty uses the Bitcoin Suisse service for handling token sales and so any transfers to this wallet are outside of the firm's control. In addition, it is possible that more than one wallet was used during the phishing scheme."
"The community is outraged, with some going as far as to imply an inside job: “Yeah this is such an inside job. So horrible. And they took half a day to warn the community !?” argues Reddit user u/kamo287."
"Experty has acknowledged this and as a goodwill gesture will give 100 EXY tokens to everyone whose ETH address was in the firm's database."
"We are greatly saddened by the recent email scam that has targeted our community due to recent data breach. We will be contacting the victims that are in our database in order to distribute the proportional amount of EXY tokens to them, including the bonuses for their tier, from our company allocation. If someone wishes to receive ETH instead, we ask them to please contact us privately about this."
"Any ETH sent to the scammer after this announcement [January 28, 2018 at 21:30 UTC] will not be refunded in order to prevent people purposely sending money to the scam address to receive EXY tokens."
This exchange or platform is based in Poland, or the incident targeted people primarily in Poland.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| January 26th, 2018 12:00:00 AM | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Total Amount Lost
The total amount lost has been estimated at $150,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Prevention Policies
Running ICOs through an organized exchange service can reduce the likelihood of such incidents. Under our framework, platforms would need to have 2 separate expert security reviews. For those looking to participate, it's best to only sign up through the official website, and to limit the amount of initial investment to reduce the potential for risk.
References
- ↑ Bee Token Stung with a Phishing Scam that Cost Investors $1M of Ethereum - Security News (Jan 18, 2022)
- ↑ https://experty.io/ (Jan 21, 2022)
- ↑ https://experty.io/about (Jan 21, 2022)
- ↑ https://experty-io.medium.com/knowledge-without-limits-how-wisdom-pools-are-set-to-shake-up-the-knowledge-sharing-economy-99da31e4508a (Jan 21, 2022)
- ↑ https://icobench.com/ico/experty (Jan 21, 2022)
- ↑ Experty IO Explainer: Top Token to Watch in 2018 & 2019 / Crypto Blockchain - YouTube (Jan 21, 2022)
- ↑ Hacker phishes Experty ICO, steals $150,000 in Ethereum | ZDNet (Jan 21, 2022)
- ↑ Hacker Steals Over $150,000 Worth of Ethereum From Experty ICO Participants (Jan 21, 2022)
- ↑ @serialtrep Twitter (Jan 21, 2022)
- ↑ https://experty-io.medium.com/refunds-due-to-the-data-breach-6d8cc0da7584 (Jan 21, 2022)
- ↑ Experty ICO Review – Decentralized Knowledge Exchange - Crush Crypto (Jan 21, 2022)
- ↑ Experty ICO Review and EXY Token Analysis - Crypto Briefing (Jan 21, 2022)
- ↑ Experty ICO Review - Knowledge Sharing on the Blockchain - YouTube (Jan 21, 2022)
- ↑ EXPERTY ICO (Jan 21, 2022)
- ↑ Hacker Steals $150,000 Worth of Ethereum from Experty ICO | Finance Magnates (Jan 21, 2022)
- ↑ Experty ICO Hacked, Data Leaked, USD 150,000 Stolen (Jan 21, 2022)
- ↑ Experty - Calls powered by Cryptocurrencies - ICO review - YouTube (Jan 21, 2022)