The decentralized nature of cryptocurrencies and their underlying blockchain technologies offer advantages over traditional funding and transactional platforms, but they are a boon for hackers, too. A new report on the initial coin offerings (ICO) of new cryptocurrencies claims that as much as 10 percent of all early investor funds are stolen by hackers.
Although bitcoin and other alternative cryptocurrencies have been on the rise in recent years, the boom they saw in 2017 was partly driven by an increase in the number of ICOs. Although that trend has slackened off in the last few months, it has led to a lot of money in fiat and cryptocurrencies being snatched by nefarious attackers.
In the report published by Ey Research, it was suggested that a focus on promotion meant that security was often a secondary consideration and that phishing attacks on the cryptocurrency founders and investors were common. That might involve substituting phony wallet addresses, or stealing login information with phony phishing sites in order to transfer funds improperly.
Other attack vectors include denial of service attacks against websites involved in the ICO and attacks on employees and IT infrastructure.
In some cases, the real losses come from indirect damage to the cryptocurrency itself. Losing a portion of investor funds could reflect a lack of security with a new offering, thereby damaging the cryptocurrency’s reputation long-term and negatively impacting its value.
That can be much more heinous than even hacks of traditional banks. Ey Research’s report suggests that the average banking hack is worth around $1.5 million and insurance mitigates the damage. On the other hand, cryptocurrency exchange losses have reached upwards of $2 billion and a lack of reversible transactions and increased anonymity make them extremely attractive to hackers.
Just as attractive, however, are the reams of personal data stored on exchanges. Although many do adequately store such information as banking details, Ey Research reports that some don’t, and that information can be just as valuable to potential attackers when sold on the black market.
In terms of adequate response, the report isn’t too optimistic. Although it discusses some regulation that has been attempted — especially in cases of potential tax avoidance and money laundering — as we highlighted recently, cryptocurrency regulation is nearly impossible to perform effectively.
The report suggests that the rate of attacks is increasing, and calls on investors, founders, and regulators to do more to secure funds and private data during ICOs and on exchanges themselves.