Cyber Incident Victim: Etherparty
Date:
Oct 2017
Location:
United States of America
Summary
Hackers compromised the Etherparty ICO by hijacking its website and replacing the legitimate Ethereum contribution address with a fraudulent one, redirecting user funds to attacker-controlled wallets. The breach was detected within 15 minutes, prompting immediate website shutdown to limit further losses; service was restored after 95 minutes following an investigation and server migration. Approximately 59 participants were affected, with the company committing to compensate them with FUEL tokens post-ICO. This incident mirrored prior ICO attacks involving website manipulation to divert funds, highlighting recurring security vulnerabilities in cryptocurrency fundraising platforms despite rapid organizational response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 1, 2017, during the launch of its Initial Coin Offering (ICO), Etherparty.io experienced a security breach when attackers compromised the platform’s official website. The incident began at approximately 9:45 AM Pacific Daylight Time (PDT), when hackers injected a fraudulent Ethereum wallet address into the ICO contribution page, replacing the legitimate address with one under their control. This manipulation misdirected participants attempting to send funds to support Etherparty’s development in exchange for FUEL tokens, the platform’s proprietary cryptocurrency. Etherparty’s security team detected the unauthorized alteration within 15 minutes and initiated an immediate response to mitigate further damage. By 10:00 AM PDT, the company took its website offline to prevent additional users from inadvertently sending Etherium to the attacker’s wallet. The platform remained inaccessible for 95 minutes while engineers rebuilt the site and migrated it to a new web server. Operations resumed at 11:35 AM PDT, allowing the ICO to continue as scheduled. Etherparty publicly acknowledged the incident at 12:51 PM PDT through press releases and social media updates on Twitter and Medium, outlining the breach timeline and containment measures.
The attack impacted 59 users who sent funds to the fraudulent address during the 15-minute window before the website shutdown. Etherparty committed to compensating all affected participants by crediting them with FUEL tokens equivalent to their lost contributions at the conclusion of the ICO sale on October 29. The breach mirrored prior ICO-targeted attacks, including the July 2017 CoinDash incident where hackers stole $7 million by similarly hijacking a website and altering wallet addresses. While the financial scale of the Etherparty theft was not explicitly disclosed, the company’s rapid detection and containment limited its scope compared to other high-profile cryptocurrency breaches like the $8.4 million Veritaseum hack and the $475,000 Enigma Project compromise. The incident occurred amid growing regulatory scrutiny of ICOs, with the U.S. Securities and Exchange Commission (SEC) actively investigating multiple token sales for fraud and China and South Korea implementing outright bans on such offerings due to security and financial risks. Etherparty’s transparent disclosure of the attack timeline and compensation plan reflected efforts to maintain trust despite the vulnerabilities exposed during its fundraising campaign.