10 per cent of new cryptocurrencies stolen by hackers during ICOs, report finds
Image credit: Dreamstime
A report by Ernst & Young (EY) analysing the risks associated with initial coin offerings (ICOs) has found that more than 10 per cent of new cryptocurrency tokens could be lost or stolen by hackers.
An ICO is a process in which a new digital currency is distributed to investors; this can be used as a means of crowdfunding hundreds of millions of dollars for a start-up. Investors bid for tokens of the new currency, which becomes a functional currency if the ICO funding goal is achieved and the start-up is able to launch.
A previous EY report found that in 2017, ICOs had raised nearly 40 times as much capital as they had in 2016. This was, however, less than two per cent of that raised by conventional stock market launches.
ICOs can be risky ventures for investors, particularly given the volatile nature of cryptocurrencies, and in September 2017 the UK Financial Conduct Authority warned that they are sometimes scams and offer no protections for investors.
The typical ICO has no customers, no revenue and more often than not, no working product, with the only foundation being a white paper and sample of software, EY found.
According to the report, the number of offerings has been declining since late 2017. In June 2017, 90 per cent of ICOs reached their target, while in November, just 25 per cent reached their target.
This was in part due to the lower quality of projects and in part due to issues emerging relating to earlier projects kickstarted with ICOs, said Paul Brody, global innovation leader for blockchain technology at EY. Many of the projects behind ICOs had no need for blockchain technology, the company found, and valuations of the tokens on offer are too often driven by “fear of missing out” with little regard for fundamental valuation. This has led investors to invest in ICOs at record speeds.
“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Brody told Reuters. “We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”
For example, a white paper may state that there will be no further issue of the currency, while the code leaves that option open.
“As ICOs continue to gain popularity and leading players emerge globally, there is a risk of having the market swamped with quantity over quality of investments. These high-risk investments and the complexity of ICOs need to be managed to ensure their credibility as a means of raising capital for companies, entrepreneurs and investors alike,” said Brody.
Investors may also face difficulties due to the different levels of regulatory strictness between countries, the report warned.
An additional risk associated with ICOs is the widespread theft of new currencies; in an analysis of 372 ICOs, EY found that of $3.7bn (£2.6bn) raised so far, approximately $400m (£280m) had been stolen. Hackers benefit from the current cryptocurrency hype, the irreversible nature of blockchain-based transactions and basic errors in a start-up’s code which can be exploited.
According to the investigation, the technique used most widely for plundering ICOs was phishing, which were found to have been used to steal up to $1.5m (£1.1m) from ICOs every month, although hackers also used site hacking, accessed private keys and broke into stock exchanges and wallets.