At least $370 million of ICO funds been stolen by hackers in 2017: report

Earlier last year, initial coin offerings (ICOs) were hailed as the IPO of the future for cash-strapped startups by allowing them to create cryptocurrencies and sell them to interested buyers around the world to crowdsource funds.

But a new report suggests not all funds that go in the crypto-coffer go straight to the startups themselves. Of the $3.7 billion raised in total through ICOs, more than 10 percent was stolen by hackers, according to accounting firm Ernst & Young (EY).

The report, which analyzed 372 ICOs, found most of the ICOs came from the United States, China and Russia. EY also found that the ICO craze — which drew celebrities such as DJ Khaled and Paris Hilton last summer to launch their own — has been dwindling in the past few months.

Get tech news in your inbox weekday mornings. Sign up for the free Good Morning Silicon Valley newsletter.

ICOs work by selling custom-made cryptocurrency — or “tokens” — at a discount to prospectors, who are betting that the tokens’ value will appreciate and make them a profit. But unlike an initial public offering in the stock market, the buyers are not getting a share of the company when buying the tokens.

Whereas 93 percent of ICOs in June 2017 met their fundraising goals, only 23 percent met theirs in November.

Paul Brody, EY’s global innovation leader for blockchain technology, told Reuters that a major reason ICOs have dropped in scale is because the quality of many ICOs have considerably dipped. Nearly all companies starting an ICO publish a “white paper” detailing their business plan, but Brody noted that many contained basic technical errors and contradictions.

“We were shocked by the quality of some of the white papers,” said Brody. “We see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”

The EY report noted one factor in why investors bought so much cryptocurrency during ICOs were driven by the “fear of missing out,” or FOMO.

“Current token valuation is more like a gold valuation or a fashion item in high season when a limited supply cannot meet high demand,” says the report.

Due to the speed and size of ICOs, which sometimes can raise millions of dollars in a matter of seconds, hackers are attracted to poaching from ICOs, says Ernst & Young. Hackers use a variety of methods to get the ICO-raised money, which includes targeting private virtual wallets or exchanges, or a DDoS attack that overwhelms the ICO’s servers.

But the most popular method has been an email phishing attack because of its simplicity and efficiency, according to Ernst & Young. At least $1.5 million of ICO funds per month are stolen through phishing attacks.

Due to the anonymous nature of ICOs and the irreversibility of cryptocurrency transactions, hackers are emboldened to target cryptocurrency exchanges where ICOs take place. The frequency of the attacks are increasing on the exchanges, and cryptocurrency exchanges average $2 billion in hacking losses, according to a separate Ernst & Young report from November.

Governments around the world are beginning to crack down on ICOs. China and South Korea outright banned ICOs last September. In the United States, the Securities and Exchanges Commission has remained wary of ICOs — but has not banned or added regulations.

In November, the SEC warned publicly about celebrity-backed ICOs, saying the celebrities need to disclose their compensation for advertising their ICO on social media.

“These endorsements may be unlawful if they do not disclose the nature, source, and amount of any compensation paid, directly or indirectly, by the company in exchange for the endorsement,” said the SEC.

Photo: A pile of bitcoin slugs sit in a box. (George Frey/Getty Images)


Tags: , , ,


Share this Post