Entersoft Security Blog

Latest ICO Hacks and Pitfalls

Posted by Angad Gill on Feb 7, 2018 8:11:21 AM

000

ICO attacks are new normal in 2018. On an average 10 ICOs get hacked every month. Successful ICOs are all about correct execution. 

Most founders do not factor in the required cyber security practices to launch tokens and end up losing millions to silly hacks. ICO startups are left with very few options after a heist.

ICOs budget an average of $70,000 to raise $1 Million. This does not include product development costs post ICO. More than 50% of the budget goes into PR and marketing. The ICOs we worked with allocated around 15% of their total budget for cyber security. A good cyber security posture helped them raise more money.

 

001
002.png
 
003.png
 
004.png
 
005.png
 
006.png
 
007.png
 
008.png
 
009.png
 
010.png
011.png
012.png
 
013
 
014
015
016
017 
We have helped over 10 companies with their ICOs to launch tokens securely and were successful in making sure they raised funds in a safe manner. 

Our observations regarding the recent ICO hacks:

  • During the token sale:
    • Most scams are Phishing scams targeted at investors. Hackers impersonate the website through a Phishing URL and send the URL through communication channels like telegram.
    • Getting hold of investor emails and spamming them with wrong wallet addresses. 
    • Hacking into the token sale website and performing clickjacking/xss based attacks
  • After the token sale:
    • Most hacks after token sale are targeted towards admins and founders holding the wallet keys.
    • Hackers attack the applications and websites of the token provider and steal tokens.
Sources:
https://thenextweb.com/hardfork/2018/02/01/beetoken-ico-hacked-airbnb/
https://steemit.com/ico/@yoledo/seele-ico-hack
https://www.ccn.com/impersonators-scam-seele-ico-investors-out-of-2-million-worth-of-ether/
https://www.bleepingcomputer.com/news/security/hacker-steals-over-150-000-worth-of-ethereum-from-experty-ico-participants/
https://cryptoslate.com/coincheck-suffers-largest-crypto-hack-history-thanks-centralized-exchange/
https://www.bleepingcomputer.com/news/security/hacker-steals-8-4-million-worth-of-ethereum-from-veritaseum-platform/
http://www.ey.com/Publication/vwLUAssets/ey-research-initial-coin-offerings-icos/%24File/ey-research-initial-coin-offerings-icos.pdf

Topics: Hacks and news, bitcoin, cryptocurrency, ethereum, blockchain