Average initial coin offering has at least five vulnerabilities
Every month there are fresh cryptocurrencies springing up, but new research by Positive.com has discovered an average of five separate vulnerabilities in each initial coin offering (ICO) project examined in 2017.
What's more, 47 percent of the ICO vulnerabilities uncovered were medium to high severity. Just one vulnerability is enough for attackers to steal investors' money and do irreparable damage to corporate reputation.
Total investment in ICOs exceeded $5 billion in 2017, with the first quarter of 2018 showing no sign of slowing down. With such large sums of money available, incentives for cybercriminals are high, and seven percent of all funds raised in ICOs last year were stolen, totaling $300 million.
"In an ICO, time is of the essence, and short time frames mean that anticipating attacks well in advance is critical for avoiding financial losses," Leigh-Anne Galloway, cyber security resilience lead at Positive.com says. "The latest figures have shown the rapidly increasing rate of crime and fraud on the cryptocurrency market, with cybercriminals recognizing the opportunity presented by the dramatic rise of the cryptocurrency market in recent months. However, none of the ICOs protected by Positive.com fell victim to cyberattacks and all successfully completed their ICOs without incident."
Vulnerabilities in smart contracts were in 71 percent of tested projects. Smart contracts are the heart of an ICO, once the offering starts the contract can't be changed and is open to everyone, meaning anyone can view it and look for flaws. One in three ICOs had flaws that enabled attacks against their organizers, and 23 percent of projects tested contained flaws that allow attacks against investors. Perhaps most alarming is that vulnerabilities were detected in 100 percent of ICO mobile applications.
In response to the findings Positive.com is launching the open beta phase of its Chainwatch product. This allows real-time monitoring and detection of attacks on ICO smart contracts and wallets.
"The second a company goes public with an intention to do an ICO, it's waving a huge flag to cyber criminals that it’s both valuable and also in a very vulnerable phase of its company growth," Galloway adds. "ICO teams have a responsibility to ensure their security posture is as robust as possible, from the development of the smart contract and web applications, to monitoring load once the ICO has begun and helping investors avoid phishing attacks."
You can find out more on the Positive.com site.