Why ICO security is a must

[harlan4096]

A rather naïve belief many blockchain enthusiasts share is that code backed by blockchain fabric is self-sufficient. “Code is Law,” as they say. Unfortunately, reality has already proved this maxim wrong, because, well, code is written by people, and people are prone to making mistakes. Even when machines write code, it’s still likely to contain flaws: For example, the exploitation of the DAO smart contract eventually led to a hard fork of Ethereum Classic from Ethereum. This sort of trouble has happened more than once and with more than one blockchain.

Problems are not limited to code flaws. From an information security perspective, blockchain systems — including nodes and wallets — are just software. And the people who use this software have a tendency to fall for social-engineering tricks. Some problems, such as the use of phishing to steal coins from wallets , can be solved with security software on the consumer side. Others cannot, such as people believing scammers who promise ROIs of hundreds of percent and then disappear.

Initial coin offerings (ICOs) remain popular among startups raising funds; the number of token sales is higher than it was back in 2017. At the same time, fraud did not diminish as crypto prices did. One estimate has losses from last year totaling $1.7 billion, up 400% from 2017 — the record-setting year for amount of single-incident losses. The most notable example, vulnerabilities in the Parity Wallet, resulted first in a loss of $30 million worth of Ethereum and then to the locking out of $154 million worth of Ethereum tokens by the removal of their data from the blockchain.

It got worse. In 2018, about $950 million was lost to theft from crypto exchanges and wallets, and another $750 million was lost as a result of fraudulent ICOs or token sales, exchange hacks, and other schemes. It’s no wonder regulators are catching up. The stance of such financial authorities as the US Securities and Exchange Commission is that tokens, especially those that assume the receipt of profits from the startup that organizes the sales of its tokens, should be treated as financial securities with all that implies, including criminal prosecution if things go south for investors (buyers of tokens). That is true as well for an STO (secondary token offering), so if you consider token sales a means to boost your business, we suggest you start thinking of selling tokens the way you would think about issuing securities. That means, stop a moment and think about security (pun intended).

The four major areas of risk for token sales: smart-contract vulnerabilities, staff wrongdoings, phishing attacks on investors, and operations security.

Continue Reading