Dealing with hackers and scammers is one of the most frustrating aspects of crypto. But this scammer made the mistake of a lifetime.
When issuing our IGNIS ICO token as a currency on the NXT blockchain we named it JLRDA, choosing this rather complex name, turned out to be a mistake.
In the hectic days of the first ICO rounds, since our tokens were selling in seconds, most of the time there were no legitimate tokens available for sale on the dedicated ICO page we added to the wallet.
Scammers figured this out, and issued their own worthless fake tokens named for example JRLDA or JIRDA, and started to trick users into buying these tokens by generating fake trades. These tokens were not listed in the dedicated page but scattered throughout the wallet. This was the simplest and dumbest social engineering attack but it worked quite well, and before we knew it, the blockchain was flooded with fake tokens in all shapes and sizes that looked somewhat like the real thing.
Over the next several days we watched in dismay while clueless users were happily buying these fake tokens while ignoring an endless stream of warnings issued everywhere about this risk. These scammers were ruthless, they issued fake currencies, assets and goods with names very similar to the real token and sent them to users as a bait to buy more, misusing every feature available in the blockchain against our ICO buyers in creative ways.
And then the poor users who got scammed, after realizing their mistake, naturally came to us to complain, this all situation has heart breaking.
The problem was so severe that at some point we decided to release a special version with scary warning before every currency, asset or goods purchase (including honest ones), urging users to double check the legitimacy of the token. This has pretty much put an end to the issue. However when the dust has settled we found that huge amounts of NXT were stolen this way.
While the situation unfolded, we secretly noted down the scammers accounts and started to track them down. There were quite a few of them but only a handful were really successful. Some withdrew their loot through various exchanges Bittrex, Poloniex and Shapeshift, however in the absence of legal backing from the scammed users to chase the scammers and without close cooperation from exchanges there was little we can do.
However some scammers made a huge mistake, considering us to be total fools, they took the NXT they steal and invested it into our own ICO token.
We identified six scammer accounts in total which invested back in the ICO NXT-TN8U-RBVE-GBJ3–7DEBNNXT-V79Z-RQ5X-XXJR-H8P87NXT-BH28-PKY6-LES8–29DBNNXT-ZKV3-J2WN-T6VM-B28DANXT-ZPRA-ZDUQ-SYEL-7AAJMNXT-UMZH-XLBB-BGSY-7WESP
From these accounts more than a million NXT were used to buy 1350000+ IGNIS tokens during September 2017.
In general we believe that blockchain developers should not exert any governance over their own tokens. However, since IGNIS is not yet issued and since we have 100% clear proof of the thieves activity registered on the blockchain, we decided to take action.
The NXT the scammers used to buy IGNIS already belongs to Jelurida. Now during the IGNIS airdrop, we are also confiscating the IGNIS purchased using the stolen NXT and send it to the JLRDA issuer account which is under our control.
Later, we will distribute the stolen NXT to anyone who can prove he got scammed by these scammers, including the 0.5 IGNIS derived from each NXT token during the airdrop. In any case we have no intention to keep this stolen property.
Unfortunately, not everyone who got scammed can be compensated, some scammers did not buy IGNIS so we’ll need to continue to chase them. However 1M NXT worth well over $1M has been recovered.
In the upcoming weeks and month we will provide more information about the reclaim process for stolen tokens. As always all official information will be published only on the Jelurida web site.