Veritaseum, the peer-to-peer software firm at the center of the hack, confirmed the theft Monday.
The firm’s founder, Reggie Middleton, explained the incident on the Bitcoin Talk forums, saying: “We were hacked, possibly by a group. The hack seemed to be very sophisticated, but there is at least one corporate partner that may have dropped the ball and be liable.”
Middleton said the thieves planted fraudulent Ethereum addresses during the ICO, tricking users into sending money to it rather than the official address. Hackers managed to sell the stolen tokens within a few hours because of the “heavy cacophony of demand,” Middleton said.
“At the end of the day, the amount stolen was minuscule (less than 00.07 percent), although the dollar amount was quite material,” he added. “There are 100 million tokens issued, the hackers stole about 37,000. As I said, it is quite disconcerting, but it is not the end of the world.”
At the time of publishing, Ethereum is trading at $200, having dipped to $193.71 on Tuesday.
An ICO is an unregulated means of crowdfunding in which cryptocoins – or future cryptocurrencies – are issued in exchange for bitcoin or other current cryptocurrencies.
The lack of regulation involved means the offerings are soft targets for hackers.
Last week, $32 million worth of Ether cryptocurrency was stolen when hackers gained access to the Ethereum network and attacked three separate company accounts.
When the hack was stopped, another group, known as the ‘White Hat Group,’ quickly used the same vulnerability as the hackers and drained the accounts of companies that could have been hacked – an amount estimated to be upwards of $75 million.
Later, the group posted a message on the Ethereum Reddit page, saying engineers were made aware of a vulnerability in a commonly-used security feature and would return the money as soon as the vulnerability was fixed.