In the past year, token sales have time and again proven their merit as an effective method to secure funding and bootstrap a community surrounding an open source project. But like anything new and exciting (that involves large sums of money), token sales suffer from severe growing pains. Earlier today, the anticipated CoinDash token sale suffered an unfortunate hack that led to the theft of $7m (about half of the proceedings raised).
While token sales are an amazing new tool to democratize funding, they also put a tremendous amount of pressure on the organizations initiating them to properly manage the process. After all, raising tens of millions of dollars publicly paints a fairly big ‘bullseye’ on your back.How did the hack happen?
Following The DAO Hack and the ensuing hard fork, resulting from a bug in The DAO’s smart contract, smart contract security and auditing began attracting lots of (well-deserved) attention. As a result, token sale related smart contracts became somewhat standardized and harder to attack.
In security, it is often the weakest link in the process that is attacked, and with the maturation of token sale contracts, attackers turn to disrupting other parts of the sale process. With CoinDash, the hack was quite simple — the attacker was able to gain control of the the company’s website and replace the official sale address with his (or her) own. By the time CoinDash reacted, the damage was done; $7m worth of Ether were sent to the fraudulent address.
At this point we want to emphasize that we have nothing but respect to the CoinDash team. The way they promptly handled the hack, offering to provide tokens to all those affected is truly commendable. Further, the CoinDash team is a strong, reputable team that will surely bounce back from this unfortunate incident.Best practices on securing your token sale
With the upcoming Enigma Token Sal...