In the IT world, it’s hard to predict which sector will become vulnerable to a cyber attack next, or even when it will happen, but it’s necessary for all industries to prepare themselves for the worst-case scenario. Cybersecurity is one of the crucial areas that any management team must focus on. In a bid to improve the overall security in the digital community, (startups and ICOs in particular), here is the description of two cybersecurity threats and the means on how to eliminate them.
Put simply, an ICO is an Initial Coin Offering, which refers to the process of funding a project. This process supposes the habitual stifling and standardized capital-raising that is necessary for the investment capitalists or banks to be involved. The most common ICO procedure requires investors to send funds (normally Bitcoin or Ether) to a smart contract that later sends back an equivalent value, issued in the new token, according to the sum collected.
Although there are hundreds of successfully completed ICOs, and the algorithm is already regarded as a groundbreaking, innovative tool, some investors are understandably skeptical, because some crowdsales turned out to be fraudulent. Being non-regulated by financial authorities, ICOs can have both and advantages and disadvantages; of course the biggest disadvantage is that funds lost due to malevolent activities are almost never recovered.
Despite the best efforts of cyber security specialists, phishing remains the most often used technique by cyber criminals. Phishing is the act of deceiving investors by redirecting them to fake websites. This is done in order to steal customer personal information and cryptocurrency.
Malicious look-alike versions of social media accounts, Slack channels, and Telegram groups are used to lure investors into traps. Fake accounts are carefully and cleverly designed to make people believe that they are dealing with a legitimate person or business.
In 2017, Chainalysis found that the look-a-like trick (phishing) was responsible for more than 50% of all cybercrime revenue. At the beginning of 2018, hopeful investors of the Bee Token ICO were defrauded out of nearly $1 million in just over 25 hours. The public ICO was launched on January 31, that day it took several hours for scammers to launch their attack posing as company personnel. Using fake emails that looked legitimate, the black hackers contacted the buyers and managed to deceive a large number of them. They stole at least $928,000 from potential investors.
One recent example was a fake profile of Vitalik Buterin, the founder of Ethereum. The fraudulent Twitter account requested people to send between 0.3 and 0.7 ETH to an Ethereum address promising to make returns of between 2 and 10 times higher than the initial investment. As a result, the scammers stole over $21,000.
Want to see a real life example of a phishing attack? Check Nucleus Vision case
Measures to be taken
- Make an announcement directly to the channel involved. Earlier, we mentioned which official institutions to contact in the event of internet fraud, check them. However, it’s also vital to notify the media account that was compromised. Below are links to report fraudulent social media accounts (I hope you will never need to use them)
False URL or copyrighted material: http://www.dmca.com
False Google Doc or Form: https://support.google.com/legal/answer/3110420?hl=en
- Spread the Word. Contact all your potential and existing investors and clients to inform them about the phishing attack. Make sure there are numerous warning posts across all of your social media accounts, as well as in the business accounts of your team. The whole crypto world should be made aware of the fraud!
- Employ the professionals. If you have fallen victim to this kind of fraud, or especially if you would never want anything like this to happen, ensure that you are equipped with quality anti-phshing software or a monitoring tool that safely controls your brand usage. It’s worth noting that Hacken’s anti-phishing software includes three phases of elimination that are activated when a phishing website is detected during an ICO, and two phases operating in a passive mode; it’s already saved Ambit, Nucleus Vision, and Remme). Want to know more? Review it here.
Hacking into Smart Contracts
Smart contract technology can be used in the financial sector to eliminate the need for a third party in transactions. This makes deals simpler and more economical. The technology has become invaluable for ICO startups and IT companies that operate using cryptocurrency. However, the issue of cybersecurity is always an important topic, because even the smallest mistake can lead to unfortunate and costly consequences.
The summer of 2017 was brutally challenging for the cyber community because of the numerous smart contract hacks. For instance, in July, CoinDash fell victim to a $10 million attack. About 2000 investors unwittingly sent their ETH to fraudulent addresses. Later, in October of 2017, Etherparty announced that their smart contract appeared to be vulnerable to cyber attacks. The legitimate receiving address of Etherparty was being used, and at first, everything seemed to go along smoothly. However, the engineers did not notice that the terms of the smart contract had been secretly edited by the hackers, and this caused the funds to be redirected to their wallet.
Measures to be taken
- Audit Your Smart Contract. It is a well-known fact that the terms of the SC are immutable once the smart contract is launched. Thus, there is a great necessity to order a smart contract audit. This measure will increase your security immensely. Specialists will check whether your SC corresponds to the intended logic, will perform a gas analysis, and provide you with a detailed report of certification. Also, there is a golden rule to follow: all smart contracts must be audited by two different, and most importantly, independent, experts. The Hacken team already has the success stories of Legolas Exchange, Membrana, and Indorse.
- CyberInsurance. Insurance is a guarantee of protection for you and your customers. It allows you to have the freedom that comes from knowing that you and your customers are secure, it provides you with peace of mind, so that you can perform at your best. Currently, this service is in the development phase, but soon your precious project, your valued creation, will be safe in the hands of Hacken-your cybersecurity specialists.
Cybersecurity threats can negatively impact projects in terms of sustainable functionality. The website, products, the amount of money you can raise, and the good faith and trust of your investors may be undermined. Black hat hackers can alter development perspectives, and destroy the reputation (not to mention nerves). Hacken has the expertise to provide you with effective solutions, and can offer you a clear guide on how to minimize cyber security threats. Always remember, you CAN stay safe and secure with Hacken.
Do you know any other cybersecurity threats that startups and ICOs may face? Tell us in comments or join our chat, we love cybersecurity and crypto!