NEW YORK (Reuters) - More than 10 percent of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.
The professional services firm analyzed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400 million of the total $3.7 billion funds raised to date had been stolen, according to research published on Monday.
Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5 million in ICO proceeds per month, according to the report.
The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25 percent of ICOs reached their target in November, compared with 90 percent in June.
The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.
The challenges faced by more recent ICOs in reaching their targets are partly attributable to the lower quality of projects, as well as issues that have emerged around earlier projects, said Paul Brody, global innovation leader for blockchain technology at Ernst & Young (EY).
“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Brody said in an interview.
“We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”
In ICOs companies typically raise money to build new technology platforms or to fund businesses that use cryptocurrencies, also called tokens, and blockchain, the software that underpins them. Yet for many of these projects the need for blockchain and cryptocurrencies is often unjustified, according to EY.
It also noted valuations of ICO tokens are often driven by “fear of missing out”, or “FOMO”, and have no connection to market fundamentals such as project development. EY said “FOMO” has led investors to pour money into ICOs at record speeds, with the 10 shortest lasting ICOs attracting $300,000 per second on average.
The study also found several instances in which the underlying software code of a project contained hidden investment terms that had not been disclosed, or contradicted previous disclosures. For example, a whitepaper might state that there will be no further issuance of a cryptocurrency, while the code might leave that option open.
https://www.reuters.com/article/us-ico-ernst-young/more-than-10-percent-of-3-7-billion-raised-in-icos-has-been-stolen-ernst-young-idUSKBN1FB1MZIts hard to believe phishing is still a valid attack, much less the most successful attack vector utilized to steal money from ICO's.
(I wonder if some of the more shady ICO's raise money, then steal it from themselves to generate income.
)
$400 million is a lot of money. Seems like it pays to be a hacker these days. I should have studied harder to be a hacker in school.