The Bee Token Crowdsale Stung by $400k Phishing Scam
The Bee Token, 2018’s most eagerly anticipated and oversubscribed ICO, has had a disastrous start to its crowdsale. Over 100,000 people had applied to be whitelisted, and the anticipation in the group’s Telegram channel was palpable. The moment the public sale launched on Monday, everything fell to pieces as phishing emails successfully stole over $400,000 in ether and counting. To compound matters, The Bee Token team went into denial about the extent of the problem, exacerbating the community’s losses and causing widespread anger.
Also read: Neo ICOs Make a Shaky Start
The Bee Token Loses Its Buzz
Up until yesterday, decentralized Airbnb platform The Bee Token was a textbook case in how to run a crowdsale. It had developed an engaged and passionate community, had performed meticulous KYC and whitelist verification, and had fairly set a low cap and low contribution limits of 0.1 to 0.2 ETH to allow as many people as possible to take part. Even so, the team had to turn a vast number of people away. The 100,000+ who applied for the crowdsale is believed to be a record and The Bee Token’s Telegram channel has well over 50,000 followers.
As soon as the public sale started, all that hard work was undone in minutes. At some stage in the past month, hackers managed to get hold of The Bee Token’s vast email list including names and contribution addresses. Phishing emails were sent out, purporting to be from The Bee Token, convincing hundreds of people to contribute to the wrong address. The damage could have been limited had The Bee Token been frank with their community. Instead they dispatched the meekest of emails, noting “The Bee Token has received reports of fake emails, Telegram accounts, etc. claiming to represent the Bee Token ICO Crowdsale”. It’s a sentence which will go down as an understatement of the century.
Hackers Help Themselves to the Honeypot
Around the same time as The Bee Token’s mildly worded cautionary email was dropping, their mailing list was receiving the following phishing email:
The scam had been well orchestrated, with recipients even addressed by their first name. Experienced heads had no trouble in seeing through the fraud in an instant, with its glaring typo, talk of a Microsoft partnership, promise of the token doubling in price, and sudden increase in the contribution limit. Crypto in 2018 has more newbs than veterans though, and investors fell for the scam in their droves. The original phishing address plus a second one that was used have amassed over $400,000 in ETH and counting. Some people sent as much as 30 ETH.
Rather than warn users in its Telegram channel about the phishing scam being perpetuated, The Bee Token had the audacity to play it down and to accuse channel members of spreading FUD. On its Twitter, there was also precious little to indicate that there was a huge scam underway and that hundreds of people had already been duped. In a bid to quell any negative PR, The Bee Token took a bad situation and made it significantly worse. In addition to the email scam, it’s been claimed that The Bee Token website was hacked at some stage, with users being redirected from the .com to a .org, though with The Bee Token denying everything, this is hard to verify.
To Bee or Not to Bee?
It had been expected that The Bee Token’s crowdsale would sell out rapidly, but uptake today has been sluggish, either due to investors being wary or simply due to having no ETH to spare after sending it to the wrong address on Monday. The team’s failure to secure hundreds of thousands of customer records and to then deflect and deny doesn’t bode well for the project’s future. By the time the Telegram channel had been overrun with spam bots, late on Monday night, admins were reduced to blanket deleting all replies, a provision which remains in place today.
The Bee Token’s sorry crowdsale takes the total ETH stolen this week from ICO phishing scams to well over half a million dollars, as Experty also succumbed to the same fate. There was also the case of the vegetables on the blockchain ICO which exit scammed recently. The wild west days of cryptocurrency haven’t ended: they’ve simply switched from bitcoin to ethereum where the newbs and the profits lie.
What do you think can be done to prevent crowdsale phishing attacks? Let us know in the comments section below.
Images courtesy of Pixabay and The Bee Token.
Tired of those other forums on the subject of Bitcoin? Check forum.Bitcoin.com.