Cyber Incident Victim: Experty

On January 26-27, 2018, individuals registered for Experty's upcoming Initial Coin Offering (ICO) received fraudulent emails announcing a premature token sale. The messages, impersonating Experty's official communications, directed recipients to send Ethereum cryptocurrency to a wallet address unaffiliated with the company. This attack occurred despite Experty's scheduled ICO launch date of January 31 and their prior public commitment to process all token sales exclusively through the Bitcoin Suisse platform. The hacker obtained the target email list by compromising the computer of an individual involved in conducting Experty's Proof-of-Care review, gaining unauthorized access to confidential subscriber data. At least 71 transactions were sent to the fraudulent Ethereum address, accumulating over $150,000 worth of cryptocurrency. Evidence suggested additional wallet addresses may have been used in parallel campaigns, indicating potential losses beyond the confirmed amount.

Experty and Bitcoin Suisse issued immediate warnings instructing users not to send funds to the fraudulent address. Security researcher Indrajeet Bhuyan documented the phishing email's contents, while cryptocurrency analyst Chris Koerner publicly disclosed the breach via Twitter, amplifying awareness of the compromise. Experty initially announced compensation of 100 EXY tokens (approximately $120) for all subscribers in their email database as remediation for the data exposure. On January 29, the company expanded its response by pledging additional compensation specifically for users who transferred funds to the attacker's wallet. The incident disrupted Experty's fundraising efforts for its blockchain-based VoIP platform, which had garnered significant attention following its inclusion in Inc.com's list of top 10 anticipated ICOs for 2018.