The rise of ICOs has been unprecedented, but then, so has their ‘wild west’ nature as many have turned out to be nightmares for investors. ICOs have become a target for cyber criminals and are easy prey due to misunderstood vulnerabilities and logic flaws.
However, if ICOs could offer an inhouse protection service, perhaps they could go a long way in helping legitimize and actualize themselves as a potentially groundbreaking funding method again.
The ICO minefield
ICOs, in their brief history, have already cracked over $150 bln in funds raised, however, there has also been an estimated $150 mln of those funds stolen by cyber criminals.
These criminals are able to attack vulnerable and newly formed companies by siphoning off funds, or holding companies to ransom during a critical period in their growth.
However, there is a developing niche for companies to offer protective services to these new companies and ICOs. Services that can make sure Blockchain smart contracts are free from vulnerabilities and logic flaws, that the code used in web applications, servers, mobile applications is secure in advance, and ensure employees are trained to stop insider threats and threat monitoring is maintained throughout.
History of problems
One of the more notable occurrences of an ICO hack was when in June, DAO was exploited to make the code behave in a way that allowed for a theft of $60 mln.
Of course, with these hacks, or exploits, or attacks from criminals on ICOs, the issue is there is no protection offered to investors, and it takes a brave person to invest fully into them without that guarantee.
Others have included Enigma, who were also compromised when $500,000 worth of Ether was stolen from users’ accounts. But again, it was not so much a hack, rather the founder’s email and password were stolen, and then used to take over the company slack, website and the Google account that was hosting the pre-sale form.
Help is out there
With experts in cybersecurity turning their attention to the cryptocurrency world, there is plenty of scope to assist ICOs.
By helping ICOs prepare in advance by analysing the source code used in the smart contracts issued to investors, ICOs can start their offering to investors on a much more steady footing.
Additionally, a second stage of protection can safeguard the ICO whilst live, ensuring attackers cannot cause reputational issues at a critical time by bringing down connected infrastructure, defacing websites or infiltrating networks.
“Recent events have shown that ICOs are a ripe target for cyber attacks. A highly valuable financial event, which is open to the public and relies utterly on technology from start to finish is like a red rag to a bull for hackers,” said Leigh-Anne Galloway, Cyber Resilience Lead at Positive.com.
“When your code potentially has direct control of millions of dollars of assets, there is no room for error. Any vulnerabilities in the smart contract, applications, or connected infrastructure provide a potential point of weakness which could have extreme consequences. Investors could either lose money or faith in the company trying to raise funds. Either way, something which is supposed to be the engine of growth for young companies, ends up becoming a disaster.”