In the IT world, it’s hard to predict which sector will become vulnerable to a cyber attack next, or even when it will happen, but it’s necessary for all industries to prepare themselves for the worst-case scenario. Cybersecurity is one of the crucial areas that any management team must focus on. In a bid to improve the overall security in the digital community, (startups and ICOs in particular), here is the description of two cybersecurity threats and the means on how to eliminate them.
Put simply, an ICO is an Initial Coin Offering, which refers to the process of funding a project. This process supposes the habitual stifling and standardized capital-raising that is necessary for the investment capitalists or banks to be involved. The most common ICO procedure requires investors to send funds (normally Bitcoin or Ether) to a smart contract that later sends back an equivalent value, issued in the new token, according to the sum collected.
Although there are hundreds of successfully completed ICOs, and the algorithm is already regarded as a groundbreaking, innovative tool, some investors are understandably skeptical, because some crowdsales turned out to be fraudulent. Being non-regulated by financial authorities, ICOs can have both and advantages and disadvantages; of course the biggest disadvantage is that funds lost due to malevolent activities are almost never recovered.
Despite the best efforts of cyber security specialists, phishing remains the most often used technique by cyber criminals. Phishing is the act of deceiving investors by redirecting them to fake websites. This is done in order to steal customer personal information and cryptocurrency.
Malicious look-alike versions of social media accounts, Slack channels, and Telegram groups are used to lure investors into traps. Fake accounts are carefully and cleverly designed to make people believe that they are dealing with a legitimate person or business.
In 2017, Chainalysis found that the look-a-like trick (phishing) was responsible for more than 50% of all cybercrime revenue. At the beginning of 2018, hopeful investors of the Bee Token ICO were defrauded out of nearly $1 million in just over 25 hours. The public ICO was launched on January 31, that day it took several hours for scammers to launch their attack posing as company personnel. Using fake emails that looked legitimate, the black hackers contacted the buyers and managed to deceive a large number of them. They stole at least $928,000 from potential investors.
One recent example was a fake profile of Vitalik Buterin, the founder of Ethereum. The fraudulent Twitter account requested people to send between 0.3 and 0.7 ETH to an Ethereum address promising to make returns of between 2 and 10 times higher than the initial investment. As a result, the scammers stole over $21,000.
Want to see a real life example of a phishing attack? Check Nucleus Vision case
Measures to be taken
False URL or copyrighted material: http://www.dmca.com
False Google Doc or Form: https://support.google.com/legal/answer/3110420?hl=en
Smart contract technology can be used in the financial sector to eliminate the need for a third party in transactions. This makes deals simpler and more economical. The technology has become invaluable for ICO startups and IT companies that operate using cryptocurrency. However, the issue of cybersecurity is always an important topic, because even the smallest mistake can lead to unfortunate and costly consequences.
The summer of 2017 was brutally challenging for the cyber community because of the numerous smart contract hacks. For instance, in July, CoinDash fell victim to a $10 million attack. About 2000 investors unwittingly sent their ETH to fraudulent addresses. Later, in October of 2017, Etherparty announced that their smart contract appeared to be vulnerable to cyber attacks. The legitimate receiving address of Etherparty was being used, and at first, everything seemed to go along smoothly. However, the engineers did not notice that the terms of the smart contract had been secretly edited by the hackers, and this caused the funds to be redirected to their wallet.
Cybersecurity threats can negatively impact projects in terms of sustainable functionality. The website, products, the amount of money you can raise, and the good faith and trust of your investors may be undermined. Black hat hackers can alter development perspectives, and destroy the reputation (not to mention nerves). Hacken has the expertise to provide you with effective solutions, and can offer you a clear guide on how to minimize cyber security threats. Always remember, you CAN stay safe and secure with Hacken.
Do you know any other cybersecurity threats that startups and ICOs may face? Tell us in comments or join our chat, we love cybersecurity and crypto!
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.