ICO attacks are new normal in 2018. On an average 10 ICOs get hacked every month. Successful ICOs are all about correct execution.
Most founders do not factor in the required cyber security practices to launch tokens and end up losing millions to silly hacks. ICO startups are left with very few options after a heist.
ICOs budget an average of $70,000 to raise $1 Million. This does not include product development costs post ICO. More than 50% of the budget goes into PR and marketing. The ICOs we worked with allocated around 15% of their total budget for cyber security. A good cyber security posture helped them raise more money.
We have helped over 10 companies with their ICOs to launch tokens securely and were successful in making sure they raised funds in a safe manner.
Our observations regarding the recent ICO hacks:
- During the token sale:
- Most scams are Phishing scams targeted at investors. Hackers impersonate the website through a Phishing URL and send the URL through communication channels like telegram.
- Getting hold of investor emails and spamming them with wrong wallet addresses.
- Hacking into the token sale website and performing clickjacking/xss based attacks.
- After the token sale:
- Most hacks after token sale are targeted towards admins and founders holding the wallet keys.
- Hackers attack the applications and websites of the token provider and steal tokens.
Sources:https://thenextweb.com/hardfork/2018/02/01/beetoken-ico-hacked-airbnb/
https://steemit.com/ico/@yoledo/seele-ico-hack
https://www.ccn.com/impersonators-scam-seele-ico-investors-out-of-2-million-worth-of-ether/
https://www.bleepingcomputer.com/news/security/hacker-steals-over-150-000-worth-of-ethereum-from-experty-ico-participants/
https://cryptoslate.com/coincheck-suffers-largest-crypto-hack-history-thanks-centralized-exchange/
https://www.bleepingcomputer.com/news/security/hacker-steals-8-4-million-worth-of-ethereum-from-veritaseum-platform/
http://www.ey.com/Publication/vwLUAssets/ey-research-initial-coin-offerings-icos/%24File/ey-research-initial-coin-offerings-icos.pdf
https://www.coindesk.com/hacks-scams-attacks-blockchains-biggest-2017-disasters/https://www.bleepingcomputer.com/news/security/iota-cryptocurrency-users-lose-4-million-in-clever-phishing-attack/https://thenextweb.com/hardfork/2018/02/07/sentinel-chain-ico-leak-passport/https://www.androidheadlines.com/2018/02/hackers-spoofed-googles-search-ads-to-steal-cryptocurrency.htmlhttps://www.theguardian.com/technology/2018/feb/12/cryptojacking-attack-hits-australian-government-websiteshttps://www.zerohedge.com/news/2018-04-24/hackers-steal-150k-after-infiltrating-popular-ethereum-wallethttps://www.financemagnates.com/cryptocurrency/news/indian-bitcoin-exchange-coinsecure-claims-%E2%80%8E3-5-million-%E2%80%8Elost-insider-hack/https://techcrunch.com/2018/06/10/korean-crypto-exchange-coinrail-loses-over-40m-in-tokens-following-a-hack/https://techcrunch.com/2018/06/19/korean-crypto-exchange-bithumb-says-it-lost-over-30m-following-a-hack/?utm_source=inshorts&utm_medium=referral&utm_campaign=fullarticlehttps://www.bleepingcomputer.com/news/security/hacker-steals-135-million-from-bancor-cryptocurrency-exchange/https://cointelegraph.com/news/japanese-cryptocurrency-exchange-hacked-59-million-in-losses-reported