On February 23, 2018, blockchain startup CoinDash announced that millions of dollars in Ether that were stolen from the platform last year, presumably by a hacker, had been returned.
Almost a year ago, moments into its July 2017 ICO, CoinDash's website was hacked. Crowdfunding participants were given the hacker's address to contribute toward, rather than the official CoinDash address. In all, around 43,438.455 Ether was sent to the hacker.
The perpetrator behind the hack remains wholly unknown; however, in a strange twist, the wallet to which the stolen funds had been spirited in July of 2017 has now apparently returned 20,000 of the purloined Ether to a CoinDash wallet address.
It's not the first time that Ether has been restored to CoinDash from the hacker's address. Around 5:00 p.m. PT on September 18, 2017, the hacker sent 10,000 Ether to CoinDash.
It remains unclear as to what the motivation has been behind returning what now comes to a sum of 30,000 Ether.
Before sending funds back to CoinDash, on September 12, 2017, 488 Ether were filtered through ShapeShift from the hacker's address to several other addresses.
An outstanding amount of roughly 13,000.454 remains in the hacker's wallet address.
With a product launch scheduled for February 26, CoinDash's CEO, Alon Muroch, maintained in a company announcement that "similar to the hack itself, the hacker's actions will not prevent us from the [sic] realizing our vision, CoinDash product launch will take place next week as originally intended."
Since the original attack, the CoinDash hack was investigated by Israel's Counter Cyber Crimes. CoinDash published some of the findings of this forensic investigation, indicating that the attack was likely perpetrated by an organized group of sophisticated individuals, as opposed to a single actor. Malicious alterations to the CoinDash web portal's 404.php code ultimately allowed the site to be altered.
Understanding why the hacker would decide to return millions of dollars to the platform days before CoinDash's product launch is a subject up for debate. One reason the hacker may have chosen to return the funds revolves around an inability to liquidate them; most exchanges aware of the nefarious manner in which the Ether was acquired would likely wish to avoid scrutiny by being involved in what could essentially amount to money laundering.
Following the hack, CoinDash admitted the security issue was due to its own error, and it decided to award investors who sent Ether to the wrong address with its own tokens, backed with additional collateral the company had secured.
For the time being, CoinDash said it will continue to monitor the hacker's Ethereum wallet address, and that the Counter Cyber Terrorist Unit in Israel has been notified.