Cyber Incident Victim: Enigma

On August 21, 2017, the Enigma blockchain project suffered a security breach resulting in the theft of approximately $500,000 worth of ether. Attackers gained unauthorized control over multiple critical communication channels, including the project’s official website domain, an administrator account on its Slack channel, and its email mailing lists. After establishing control, the perpetrators impersonated Enigma team members to promote a fraudulent initial coin offering (ICO) "presale" through these compromised platforms. Fake solicitations distributed via Slack messages and emails directed recipients to a link on the hijacked Enigma website, which featured a counterfeit deposit address for the presale. The fraudulent email campaign cited "enormous support" for the launch to lend credibility to the scheme. Blockchain network data later confirmed that approximately 1,500 ETH (equivalent to $500,000 at the time) had been sent to the scam address before the team intervened.

The Enigma team regained control of their compromised domain after detecting the breach, though the stolen funds had already been largely drained from the fraudulent address by that time. The incident occurred weeks before Enigma's planned legitimate ICO, raising questions about potential impacts on its official token sale timeline, though no definitive postponement was confirmed in available reports. This breach followed a similar pattern to the July 2017 CoinDash ICO attack, where $7 million was diverted through counterfeit addresses. Enigma's core business objective—creating a decentralized data marketplace for cryptocurrency hedge funds—remained unaffected operationally, but the theft damaged stakeholder trust through the exploitation of official communication channels. No technical details about the initial domain compromise vector or Slack account takeover method were disclosed in the available reporting.