Aventus Presale phishing attack and update
Aventus, a blockchain-based event ticketing solution is the recent victim of malicious hacking using MailChimp.
According to Aventus blog, one of the employee’s accounts was compromised, which is how the hackers managed to access MailChimp and got community’s email addresses. On. September 2, 2017 at around 22:20 BST a login to Aventus Mailchimp account from IP: 184.108.40.206 in Bucharest, Romania occurred, and a fraudulent email was sent out about an illegitimate Aventus Presale, phishing for contributions to a hacker’s address. Given the strict internal security policy at Aventus, the individual had restricted access to everything, which is why the situation was limited to MailChimp and could be quickly rectified within 20 minutes.
Later, Aventus sent out a follow up email that stated that the previous email was a scam to the entire mailing list warning them not to contribute funds, and we answered every email and Slack question that came in and confirmed that the scam was indeed a scam. They confirmed that all other sensitive information and Aventus accounts remained completely secure and untouched by the hack.
Annika Monari and Alan Vey, the founders and directors of Aventus are taking full responsibility for the Aventus Presale Phishing Attempt which took place yesterday. Aventus published a message to address the incident which ended up obtaining around 39 ETH from innocent community members.
"We are extremely sorry for the pain we have caused some of you. We value our community above everything so to us there is nothing worse than some of our loyal members and newer crypto enthusiasts being taken advantage of by malicious and cowardly actions such as those last night. We will be restoring all stolen funds in this recent scam attempt provided you can prove being in the community for a while and are not part of the hack and the transaction was sent before the release of the second email confirming the SPAM (about a 30 min window); we have already been in direct contact with some of the individuals who lost funds, but if you have not been in touch yet please email us at email@example.com with information about yourself and your transactions so we can refund your loss", reads the message.
Aventus ICO is planned on 06 SEPTEMBER 2017 12:00 UTC. They may have plenty of announcements coming today, tomorrow, and before the token sale.
This is a huge lesson to all startups that not only ICO and pre-ICO requires extremely high standard of security, even security of MailChimp cannot be overlooked.
For more updates, technical blogs and general discussion on Blockchain Technology and Ethereum, please join us at our Website, reddit, Facebook, Medium, steemit and follow us at Twitter. Please feel free to share this post, email us with your suggestions.