Perhaps the thief was hoping CoinDash would drop the investigation?
Last year, CoinDash fell victim to a hack that saw 37,000 ETH of investor’s funds sent to the attacker’s address instead of their company’s Ethereum wallet address within minutes of launching their ICO to the public in July. The attacker (or attackers) replaced the ETH wallet address on CoinDash’s website to mislead investors into sending their payments to the wrong ETH address—now labelled as FAKE_CoinDash, prompting CoinDash to issue urgent messages to stop more investors from falling for the trap. But alas, the damage went up to worth over $7 million (at the time).
Friday last week, CoinDash published an announcement saying the thief returned 20,000 ETH from the FAKE_CoinDash account to one of the real CoinDash’s ETH accounts. It can also be seen that 160 days ago—in September 19, 2017, the same FAKE_CoinDash account sent 10,000 ETH back to the same CoinDash account. That brings the total to 30,000 out of 37,000 ETH returned.
So what happened to the remaining 7,000 dirty ETH?
Based on the FAKE_CoinDash’s transaction history here, the only other outgoing transaction made by this account is to the ETH address 0x2dE74edCCe90220E99E8ceB2DF79BAf9961BF8e2—which has received 488 ETH from the hacker account and has been sending (or withdrawing) funds in smaller portions to different ETH addresses. Several outgoing transactions were made about a week before the first 10,000 ETH were returned to CoinDash. See below.
The mysterious decision has spurred some suspicions, including that of an inside job. Or perhaps, the perpetrator fears the investigation CoinDash said it had launched, and is returning the funds in an attempt to persuade CoinDash to drop the investigation altogether?
We have yet to see what the hacker plans to do with the remaining stolen funds. Currently, Etherscan shows the blacklisted account contains 13,000 ETH, including some other tokens. It’s unclear where the additional 6,000 ETH was from—it could be from more victims.
Despite the rough start, CoinDash CEO Alon Muroch says their scheduled launch is unaffected and will proceed as planned. “Similar to the hack itself, the hacker’s actions will not prevent us from the realizing our vision, CoinDash product launch will take place next week as originally intended,” says Muroch.