Cryptocurrency trading app Taylor has announced that an unidentified hacker has stolen over $1.35 million worth of Ether from the company's wallets in a "highly advanced and sophisticated" attack last week. The company said the hack took place last Tuesday (May 22) after the attacker managed to gain access to one of their devices and take control of one of its 1Password files.
"All of our funds have been stolen," the team said in a Medium post. "Not only the balance in ETH (2,578.98 ETH), but also the TAY tokens from the Team and Bounty pools. The only tokens that were not stolen are the ones from the Founders’ and Advisors' pools, because there’s a vesting contract making them inaccessible for now."
The stolen Ether is worth over $1.35 million, as per current exchange rates. The Taylor team suspects the hacker is likely the same person or group that hacked CyphereiumChain back in March and stole over 17,000 Ether ($9 million). It noted the hacker collected the funds from multiple sources in a single wallet before transferring it to a bigger wallet - the same address in which the stolen CypheriumChain funds ended up.
The stolen Taylor funds came from its recently completed ICO round as well as some of its TAY tokens - over 7% of the total supply. Shortly after the hack, the team said it noticed an attempt to dump some of the stolen TAY tokens on decentralized cryptocurrency exchange IDEX.
"We asked the IDEX team to delist TAY until we have a clear vision on the situation," the company said.
In a follow-up post, the company said it has decided to issue a new token and swap the old TAY token.
"The goal is to make sure the hacker does not receive the new token. We analyzed all transactions made by him, and we know exactly where the stolen tokens are," the team wrote. "The new tokens will be sent to every address that had balance at the block number 5663273, except the hacker’s addresses. This action is necessary to keep a fair environment and distribution for token holders.
"A complete plan is being developed and will be announced soon. Until that, please do not buy, sell or transfer any TAY tokens. Cancel all EtherDelta orders. Otherwise, you may lose your money and will not be able to receive the new token."
The cryptoheist has put a significant dent in the project leaving the company with few options ranging from stopping it altogether, working on it part-time, acquiring funding from an angel investor or venture capital firm or launching a "survival fund token sale."
Taylor co-founder and CEO Fabio Seixas apologized for the incident in an open letter on Saturday and called on the community to "join forces to help us overcome this situation." Besides the Token Swap, the team is also considering a rebrand to "help use leave behind this unfortunate episode".
“It turns out we have been hacked and lost almost all of our funds. We now have only about US$25,000. To be honest, it doesn’t even pay this month’s bills,” Seixas wrote. “This incident forced us to stop, step back and think about the future.
"Each one of the above options has pros and cons. But all of them are legitimate and feasible at this point. As always, we have been open, honest and transparent because to us that’s the only conceivable course of action."
The incident comes as the latest in a string of cryptocurrency heists over the past year targeting exchanges, blockchain networks, mining pools and more. According to Crypto Aware, investors have lost over $670 million worth of cryptocurrencies in hacks and scams over the past three months.
"Cryptocurrency frauds, scams, and hacks tend to rise every time there is considerable upward momentum in pricing for cryptocurrency market," Anna Wu, the founder of Crypto Aware, told Business Insider. "So be extra cautious when the market is bullish,"