Around 12 pm GMT on July 17, 2017, would-be CoinDash investors bustled in CoinDash's official slack chat, eagerly awaiting the company's token offering.
Two hours later, "mplus," the person making official announcements for CoinDash, declared that the token offering was live. Disaster struck. Only three minutes after having declared that Coindash.io was the only trusted source for information, "mplus" sent a message to the group indicating the website had been hacked, altered to include a fraudulent wallet address not associated with the token offering. In total, unaware investors sent approximately 43,438.455 Ether (approximately $7.38 million at the time of press) to the wrong address.
CoinDash slammed on the brakes, halting the token offering and warning users on Twitter.
lsewhere on Twitter, accounts falsely advertising information about the CoinDash token offering cropped up. One Twitter feed @Coindash_ico is still active and advertising a site that investors should be forewarned is not a website associated with CoinDash. Coindash_tech, another account, has been suspended, but not before it tweeted several times directing CoinDash investors to send Ether to an address that, according to Etherscan, contains under 0.3 Ether. To be clear, CoinDash has told all investors not to send Ether to any address as of now.
Questions remain over how CoinDash's site was susceptible to attack given the scope of what was at stake, and what measures, if any, can be taken to identify the perpetrator and recover the Ether that was collected.