According to a new report by research firm Ernst & Young, hackers have stolen over $400 million from various Initial Coin Offerings recently. This is roughly 10 percent of the total amount (roughly $4 billion) that ICOs raised last year.
This is not the first time that an ICO or cryptocurrency exchange has been subject to cyber-attacks. There have been a number of incidents in the past that reported hacking, fraud or theft. However, what really causes ICO runners anxiety is the realization of consistent growth in the number of cyberattacks over the past few years.
Some experts argue that part of the problem is the widespread popularity and growth of the cryptocurrency market as well. It has opened up new avenues for businesses as well as incentivized illegal theft. The rapid growth of this market has exposed certain weaknesses and vulnerabilities that hackers are exploiting every day.
While the decentralized nature of the Blockchain technology is a security measue that makes hacking more difficult, there are certain points of attack that have are out to be exposed.
Here, we’re going to discuss three common examples of how hackers steal from ICOs with real examples. This will you give you an idea of what to do to protect your investments and ICOs.
1st Example – Attacks on ICOs
CoinDash is a startup with focus on portfolio management and providing cryptocurrency for social trading. They had a big cyberattack on their ICO as explained in their own blog post. When their token offer went public with an Ethereum SCC (smart contract contribution) address, one of the attackers switched the primary contribution address to his own anonymous address.
Since there was a high demand for the tokens, 43,000 Ether was redirected to that anonymous address, and before the site was detected and the issue rectified, the hackers had stolen roughly $7 million. Later, the findings highlighted that a simple enterprise security app or firewall could’ve protected the hack. So, the first rule of cybersecurity management is to protect your network and ensure employing basic security features.
2nd Example – Attacks on Currency Launches
Another popular method of hacking is a DDoS or denial-of-service attacks. In this scenario, the hacker seeks to make the service, or machine unavailable to the end-users.
A very relevant example of this is the attack on Bitcoin Gold’s website when the currency was launched. During the launch, the hackers kept the website unavailable for quite some time, which did not have any monetary losses but negatively impacted the investor’s trust in the currency. Attacks like this can be prevented by timely detection and require a monitoring system in place. If monitored on time, you could can block the attack in the matter of minutes.
3rd Example – Attacks on Accounts
There are times when hackers aren’t successful in disturbing the ICO or launch phases; however, they do go after investor accounts once the token-sale is completed. They disturb services’ availability to account holders and hijack it presence via DDoS and similar techniques. Take for example the DDoS attack on Electroneum, which prevented roughly 140,000 investors to access the service. As a result, the company had to delay its mobile app and website launch – which were vital part of its currency mining process.
At InWage, we advise and enable our clients to implement comprehensive security to their ICOs, safeguarding the launch, token sales, and accounts. Get a taste of our approach, in a brief guide that our founder, Jonathan Chester wrote for Forbes: Your Guide to Running an ICO, for Better or Worse.