In January of this year, DADI launched an ICO that required investors to undergo KYC (Know Your Customer) verification in order participate in the token sale. Investors were asked to provide personal information (full name, address, DOB, etc…) as well as upload a copy of their photo ID. According to recent reports, nearly all that personal data has been leaked and is now been used by scammers to try and steal people’s coins.
Users Voicing Complaints Censored
Over the past few days, DADI token sale investors have taken to Reddit, Telegram, and Twitter offering up reports of a coordinated phishing attack against those who signed up through DADI’s KYC customer process. The blockchain start-up was the victim of a data leak where user credentials such as names and email addresses were stolen by a team of hackers for use in this attack. In a disturbing turn, the DADI team appears to be silencing any reports of this attack on their social media channels, primarily their subreddit. DADI has publicly denounced the claims, saying any phishing attempt was from a hack on a “third party email marketing vendor” back in January.
Warning: If you have signed up to the DADI ICO, your information has been leaked by the team to hackers and phishers, who are currently exploiting this data for phishing scams. THE DADI team is trying their best to cover up any trace of this happening. pic.twitter.com/QNn4qNnBWf
— KryptoSpoon (@PMContractor6) March 13, 2018
Multiple emails from firstname.lastname@example.org found their way into user’s inboxes, attempting to resemble the official email@example.com email. Fake links to popular cryptocurrency websites were included, trying to get people to give up their private keys or passwords and steal their funds. Like the Binance phishing attack that happened earlier this year, the hackers used “punycode” techniques to create the fake internet addresses. Punycode allows for characters with a small dot underneath, the dot usually hidden by the underline many addresses have by default.
But Wait…There’s More!
This isn’t the first time DADI has been in the news for possible wrongdoing. Also in January of this year, the team was called out for plagiarizing huge portions of their whitepaper from other projects, most notably their competitor SONM. DADI responded to this allegation by stating that it was a mistake, and someone forgot to delete the portions from the whitepaper before it was released.
Another blockchain based project and Airbnb competitor Bee Token was hit with a similar phishing attack last month. As more and more money moves into the crypto-currency space, scammers will continuously ramp up their efforts to defraud people of their hard-earned Bitcoins.
Were you involved with the DADI hack? What do you think about user security among scammy ICOs? Let us know in the comments below!
Images courtesy of Shutterstock, Pexels