Crowd Machine ($CMCT) flash crashed on Sept. 22nd after a what appears to be a hack of CMCT reserves. This resulted a large amount of CMCT being dumped on the open market. Most exchanges stopped CMCT trading in the subsequent hours, but some have not. Meanwhile, Crowd Machine took their time responding to the issue publicly, but has since put out a public comment (they also offered an important update).
NOTE: On the surface Crowd Machine has been fairly cool and communicative. However, time will be the judge of how they handle this situation, actions speak louder than words as they say.
It is hard for me to say exactly what is going on, but from what I can parse together it seems that a hacker got ahold of a wallet containing 1.1 billion in CMCT reserves and then proceeded to flood the open market with those tokens.
Sadly, this caused a flash crash and resulting in CMCT dropping below $0.001 cents (consider, its ICO price was $0.09 cents).
While, trading was frozen at $0.005 cents on most exchanges (for example on the upstanding exchanges UpBit, Bittrex, and iDEX), a few other exchanges including HitBTC did not pause trading and the price continued to sink to $0.0025 cents as of writing this.
With that covered, although some people got the score of a lifetime by setting limit orders for the very bottom (like the guy who bought 10% of the supply of CMCT for half an Ether), even those who bought CMCT cheap or those who are buying now are potentially taking a risk.
In short, the risk is that for a myriad of reasons CMCT tokens that exist today may not be the CMCT tokens of the future. Crowd Machine may launch an entirely new contract for example (likely honoring existing tokens from before the hack, but not tokens obtained after the hack).
UPDATE: Crowd Machine said it would honor the purchase of stolen tokens, but warned not to continue buying. It could be that only stolen tokens purchased before a given date will be honored. There is no way to know, trade CMCT at your own risk until the official word is out.
This, in short, is a giant cluster.
It is for now unclear how developers and exchanges will handle this issue, but with something like this there is always a chance of exchanges or the developers rolling things back in some way. I don’t want to speculate myself, but this article does a good job of explaining what could happen: CMCT Hack Identified. Here’s what’s in store for CMCT moving forward (check out the excerpt below from that Reddit post).
The link is to Etherscan where you can clearly see movement from the tokens so if nothing else, confirmed from that alone. (https://etherscan.io/address/0x290d615eE921706ec8cCB2593F09B2D2e0F8B67c#tokentxns)
As you can see with a bit of tracking:
80 million CMCT tokens sent to Bittrex
540 million CMCT tokens sent to IDEX
447 mil CMCT in 0x13c730d6d37fcbb49f255867dc862049812a3fbe
Misc change sprinkled throughout
I’ve dealt with this before so speaking from my personal experience with other companies who suffered major hacks, please allow me to first calm you and let you know that everything should be fine, just not tomorrow, or the next day.
This is not (or should not be) the end of Crowd Machine but it is very likely the end of the contract/token CMCT.
The team has very few options available to them at this point and a token swap is a very likely inevitability of this situation.
The past two hacks I’ve suffered through were relatively simple to fix but took 45+ days to resolve overall due to the painful nature of the verification process required for a token swap.
An announcement is likely forthcoming regarding the suspension of trading and a subsequent token swap. Any new tokens purchased between now and that point will likely not be honored so be cautious acquiring new tokens right now, no matter how cheap it may be.
I’ll update this page as I know more.
UPDATE: Crowd Machine responded to the price drop and potential hack after this article was published. According to them they found the hacker’s address and are in the middle of working with authorities. See: Crowd Machine responds to CMCT price drop. Interestingly, you can see by looking at the alleged wallet address of the hacker (0x290d615eE921706ec8cCB2593F09B2D2e0F8B67c; click link to see wallet activity on EtherScan). By looking at the wallet address you can pretty clearly see action that matches up with the story, although there is non way to prove that this was a hack from simply looking at this data.
Here is an excerpt from Crowd Machine’s post cited above:
Because this matter is currently under criminal investigation we unable to make any further comments at this time. We will post further updates as soon as we can.
If you believe that you hold solid information which may assist the investigation — please email us at firstname.lastname@example.org so it can be passed on to the authorities.