It’s tough being a blockchain startup these days. Competition is increasing with the influx of new players across verticals. The crypto market has also been bearish to start 2018. Initial coin offerings or ICOs – the main means startups acquire funding – have gotten quite a negative reputation. There has been no shortage of news regarding failed ICOs and scams leading regulatory bodies to advise caution on investing.
While there are many legitimate and well-meaning blockchain startups, there are also bad intentioned ones out to make a quick buck and cheat their investors. Take the case of Prodeum which is one of the latest reported ICO scams. The company supposedly wants to build a database of fruits and vegetables on the Ethereum blockchain. The concept may already have had “scam” written all over it but the internet has been known to indulge all sorts of interests. Even an ironic coin such as Dogecoin is able to reach over half a billion dollars in market capitalization.
Confido, another exit scam, tried to present itself as a legitimate venture complete with a website, social media presence, and a white paper. Then, in November 2017, all digital presence suddenly disappeared along with $375,000 of invested funds.
For well-meaning ventures, these kinds of scams and illegal activities make winning over investors even more challenging. But even with the best of intentions, legitimate ICOs aren’t immune to mistakes and issues that can also cost them potential funding. Perhaps among the costliest of errors happened to The DAO back in 2016 when vulnerabilities in its code allowed theft of what was then 50 million dollars worth of Ether. Given the pace in which ICOs are conducted these days, many startups face similar risks.
Blockchain security firm Hosho co-founder Yo Sub Kwon has highlighted the need for startups to pay attention to security. He’s said that: “Once smart contracts are deployed for a token generation event, there’s no turning back. Companies need to make sure that at least one technical audit of the smart contract is conducted.”
Cyber attacks threaten ICOs
ICOs generated more than $3.7 billion in 2017. With these kinds of amounts, it’s only natural for cybercriminals to target ICOs. In addition, it’s easy for attackers to successfully get away with their take if they’re successful. They’re emboldened by the pseudo-anonymous and nature of cryptocurrencies used to fund ICOs like Bitcoin and Ether.
The DAO is just one of the growing number of ICOs that fell victim to such attacks. Smart contract platform Etherparty’s ICO was also briefly compromised when an attacker hacked its official website on launch day and changed the contribution wallet address. This allowed some ICO contributions to be sent directly to the attacker instead. Fortunately, Etherparty was able to quickly intervene and resolve the matter before any more damage was done. CoinDash also suffered from a similar attack.
Even just a threat of attack can hamper a startup’s progress. The release of the ICO coins of UK-based cryptocurrency Electroneum was delayed because of this. According to the group, a number of investors used email addresses that were previously compromised in unrelated events to register to the ICO. This put those investors and their coins at risk prompting the company to push back the token release and even tapping security firm HackerOne to perform a security audit of their system. Fortunately, the ICO coins were eventually released without experiencing attacks.
Security measures are a must
Because of this constant threat, startups must be proactive in putting up security measures as part of their ICO preparations. For ICOs, upping security involves performing thorough security audits especially in their smart contract code. This ensures that the right actions are executed as key conditions are met. Penetration testing is also a must. This ensures that attackers won’t be able to hijack any part of the system and compromise accounts, wallets, and tokens.
Securing a third-party firm to perform testing and auditing is often advised. Many times, it’s tricky for the development team to have an unbiased view of the product. Letting some other group to preemptively try breaking the system makes sense so that vulnerabilities can be patched before the ICO starts.
Kwon advises ICO organizers to put security at the forefront of their concerns. He mentions performing smart contract audits and penetration testing and implementing two-factor authentication and secure password storage as key steps ICOs must consider to secure their efforts.
Aside from audits and testing, ICOs must also anticipate other common cybersecurity threats such as distributed denial-of-service (DDoS) attacks. Disruptions and downtime caused by DDoS can cause investors to lose faith in the project and ultimately avoid participating in the ICO.
Covering all bases
It’s important for companies to keep in mind that it pays to cover all bases when conducting ICOs. Successful marketing and communication might be able to attract significant interest but suffering from glitches and cyber attacks can nullify all that.
Regulators are also ramping up their vigilance in protecting investors from losing money. Ventures must take care not to fall victim to an attack since this could draw the ire of regulators and open up their efforts to further scrutiny. Angry investors can also band together to pursue class action suits. Dealing with litigation and a damaged reputation at such an early stage could very well spell the demise of a blockchain startup.
Companies must also scrutinize their systems to ensure the security of their technology and their investors’ contributions in the same way investors are advised to study and perform due diligence before participating in ICOs. Investing in security audits and testing could save startups many headaches down the line.
Jim Hoffer is founder and managing director at Hoffer Financial Consulting. Follow him on Twitter.
© 2018 Newsmax Finance. All rights reserved.