Beetoken ICO: What happened and how 1 million USD was stolen.
What is Beetoken ICO?
To those who are not familiar with Beetoken ICO, Beetoken plans to create Beenest. Beenest is a home sharing platform for hosts to list their homes and for guests to find accommodations. Beenest rewards users with network incentives, commission-free transactions, and security unrivaled in the home sharing industry. The Bee Token is the cryptocurrency that fuels the Beenest platform. ICO had a low hard cap of $5M divide in three equal parts. For private and public presale investors the cap was 30 ETH, for all other participants the things went not that brilliant.
Unexpected decision of the team.
To get a chance to buy BEE tokens on January, 31st all investors went through white list and KYC registration first. Announced limits were not as high as people expected, but ICO seemed pretty normal. A lot of people joined Bee token official telegram group. Currently the group has more than 50k members. Then the team announced that everyone who did KYC successfully will receive individual contribution limit. AirBnB users were supposed to get x2 for the limit. A strange decision to cancel gas wars. According to Beetoken team this was done to make ICO available to more people and give the chance for those who have less funds. They haven’t explained why 2/3 of tokens were sold with limit 30 ETH on presale though. Emails with limits came on January, 28 and this is when the fun began. Telegram group exploded with negative comments and frustration. Contribution limit was set in the following way:
- Average user: Min: 0.1 ETH Max; 0.1 ETH on January, 31 and 0.2 0n February, 2.
- AirBnB user: Min 0.1 ETH Max; 0.2 ETH on January, 31 and 0.4 0n February, 2.
No need to tell that people were frustrated. I personally don’t understand why. Public sale hard cap was $5M. More than 25k were approved to participate. By doing simple math we get that less than 200$ limit for user. So what else to expect? A lot of people decided not to participate after that.
Tragic events of January, 31st.
Things went horribly wrong since the beginning. At the start of the sale investors got emails from fake account with an ETH address to send money. Emails were received from different mailboxes and had different text. In general investors were informed that sale is now open, personal limit increased several times (my went from 0.1 ETH to 29.43 ETH) and that we have only few hours left until limit is no longer guaranteed. An obvious scam, but as usual a lot of people believed in that (People are always easy to believe in things they like). According to some Reddit users they even had their names in scam mail.
For today I’ve found 3 ETH address that were used:
The total amount of ETH stolen is 910 ETH. And I see that people are still sending money there to this moment! The most important question is: How scammers got email list and what else did they got? I see two possible causes: Beetoken team failed to secure the storage and it was hacked or it is an inside job. In any case the team is responsible for this and it will sure have consequences for them. According to some Reddit users scammers have KYC info too, but so far I haven’t found any evidence for this. Moreover telegram chat was unavailable and still remains in that state. Admins removed all user messages and investors were not able to get any help.
What the team did to save the day?
Before the sale the team did pretty well. Emails with individual limits had enough information to avoid scammers:
- Contribution limits
- Timeline
- Link to the page, where correct ETH address will be shown (was unavailable before the sale start)
- Way to verify address:
The funding address will not be communicated via any other means. Any other address should be considered fraudulent. The address will be accompanied by a video of our CEO confirming the address.
All the above was fulfilled by the team. They also made several twitter posts to warn people about scammers. So there was enough information to avoid any scammers, but apparently people are eager to invest without checking anything or at least reading emails sent by the team. Still, Beetoken team holds responsibility for this situation as our personal information was stolen from them (or exposed by them).