Home > Cyber News > ICO Security: Current Threats and Trends

ICO Security: Current Threats and Trends

ICO security image

The ICO (initial coin offering) sales and offers are gaining popularity among investors worldwide. Advertisements, long business plans and elaborate marketing strategies are used to bring potential buyers into hundreds of platforms. However the cybersecurity risks associated with these practices are substantial and should be examined in detail.

ICO Offers and Plan of Operations

ICO is the abbreviation of Initial Coin Offering which is the latest trend among investors worldwide. The potential buyers are invited to fund startup companies and projects in return for cryptocurrencies like Ethereum and Bitcoin. This is also the primary way to fund the organization and development of new digital currencies. The tokens themselves are usually generated in advance and then sold on exchanges in return for other currencies. Whenever one of them gains momentum, a market forms and the value of the respective coin rises. The investorс themselves having an initial supply of the currency in turn have more funds with higher value.

It is important to note that some of the ICO projects have progressed into some of the most widely known currencies like Ethereum. Many ICO projects claim that they can reach the success of Ethereum and use such tactics in order to gain funding opportunities. In comparison with centralized currencies the ICO projects rely on the Blockchain which is a decentralized network. Some of the key advantages of using this setup is that there is no central authority (and consequently failure). Security experts note that there are three essential factors that present a key advantage over traditional operations: immutability, corruption and tamper proofing, and a reliance on strong cryptographic mechanisms. The Ethereum platform makes it easy for ICO investors to create their own blockchain applications in an efficient way. They can setup their own projects using the already available network.

Related Story: The Coincheck Heist Highlights What Is Wrong with Crypto Exchanges

ICO Projects and Policy Regulations

The United States Securities and Exchange Commission also known as SEC announced the first action in ICO territory. Before this, the ICOс were perceived as unregulated transactions. The first report of investigation was commissioned in July 2017 related to the issuance of about 1.15 billion DAO tokens by the organization known as “The DAO” in exchange for about 12 million Ether tokens. At the time of closing their market value was around $150. The investigation revealed one of the tricks that potentially criminal ICO projects used — pervasive and agresсive outreach via social media, publishing of various “white papers” revealing concepts, and media appearances. Security experts speculate that these marketing attempts while comparable to legitimate services and major industry players in the “traditional” sphere of operations, they might be signals of a rogue operation when it comes to ICO.

SEC were able to suspend the trading operations in three public companies indicating an interest in ICO. The reported reasons were a questionable accuracy of the assertions made by the group about the ICO investments. The short series of investigations led to the publishing of three important suspension factors that the institution would consider in the future:

  • A lack of current, accurate, or adequate information about the company — for example, when a company has not filed periodic reports for an extended period.
  • Questions about the accuracy of publicly available information, including in company press releases and reports, about the company’s current operational status and financial condition.
  • Questions about trading in the stock, including trading by insiders, potential market manipulation, and the ability to clear and settle transactions in the stock.

The fact that the ICO projects are now governed by traditional law means that the criminal strategies are likely to shift.

Related Story: Satori.Coin.Robber Botnet May Be Stealing Your Ethereum

ICO Security Checklist

The security experts note that all of the basic guidelines followed by general IT managers should be followed in a similar way. Founders of ICO projects should make sure that their sites are designed with the state of the art users monitoring systems. All project components should be monitored by an experienced cybersecurity administrator. Events to watch out for are all manners of system profiles changes that may seen illogical.

Nowadays the login systems should employ two-factor authentication by email, phone or another device. Advanced logging capabilities should be implemented to monitor for all site-wide interactions. Analysis of the reports can reveal criminal surveillance and botnet attempts. A simple automated security check that can prevent abuse is the checking of the address used for the token output via sites and not smart contacts. The ICO projects can benefit from a well-maintained and configured intrusion detection system that can scan the behavior patterns of the users.

The investors on the other hand should be aware of the general security guidelines:

  • Password strength is of utmost importance. All passwords should be setup as complex as possible and never reused on other services. Likewise, the security guidelines impose that they should be frequently changed.
  • Two-factor authentication should be used whenever it is available. One of the best approaches would be to use the Google Authenticator service in combination with SMS messages.
  • All potential hyperlink interactions should be examined before actioned upon. Official sources like blogs and websites should be the only sources of trusted information.
  • Wallet transactions should be monitored at all times.
  • Sending money to smart contract without inspecting the outgoing profile is not recommended.
  • Standalone wallets should be used for money transаctions instead of exchange or web-hosted ones.

In all cases, users should utilize a quality anti-spyware solution in order to guard themselves against computer threats that can hijack the acquired cryptocurrency.


Malware Removal Tool

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree