Practical Assurance Blog

Over half of all the ICOs optioned in 2017 have already failed, according to analysts, and no small portion of those failures have been due to the scandalous 10% theft rate amongst ICOs.

Of the $3.7 billion raised to fund ICOs so far, around $400 million have been stolen, mostly by very basic phishing techniques that rack up over $1.5 million per month in pilfered cryptocurrency.

While many ICOs fail simply because the companies behind them aren’t sound (or the ICOs are designed to fail as good, old-fashioned “exit scams” for nefarious founders), ICO security is emerging as a cause for concern amongst savvy cryptocurrency investors.

After all, part of the appeal of cryptocurrency is that high-grade encryption and security are integral to the technology. If simple phishing attacks can scam one in 10 customers out of your virtual currency, that’s a perfectly valid reason for investors to pass on your ICO. Even if the phishing isn’t “your fault” — some customers are going to get scammed simply because they are dumb customers, regardless of how you try to protect them — it still creates a customer service and public relations problem if your theft rate is very high.

This problem grows worse when a typical response to ICO adversity is to simply ghost on your investors and customers, in what Bitcoin.com calls a pattern of “abandoned Twitter accounts, empty Telegram groups, websites no longer hosted, and communities no longer tended.”

Investors want to know you have processes in place not just to prevent hacks, but to adequately and professionally respond when hacks occur and times are tough. Proving you have basic internal controls and professional processes in place will soon be a standard part of ICOs, just like it is for any viable investment practice.

If you want to be sure you’re taking every reasonable professional measure to make your ICO secure and sustainable, you need an ICO security audit. An audit can demonstrate to your investors (and yourself) that you won’t be part of the 10% of ICOs that get easily hacked, which will help you stay out of the 59% percent of ICOS that fail.

Get your ICO security audit today.

Blockchain-based technologies are appealing because they theoretically offer decentralized transactions with no corruptible (or hackable) central management authority — but the reality of blockchain is proving somewhat different than the theory. If your ICO is built on the same basic principles as Bitcoin or Ethereum, you need to be prepared for the fallout of a possible “51% attack.”

As outlined here, a 51% attack is a case where 51% of all the miners in blockchain ecosystem are aligned with a single hashpool, or consortium of centrally controlled miners. (You could actually enact this attack with any absolute majority of miners in an ecosystem, so anything above 50%.) With a majority of miners under one controlling authority, the entire blockchain ledger is vulnerable to manipulation.

Now, blockchain was ostensibly designed to not require a central authority, but it doesn’t prevent anyone from creating one by cornering the market on miners. Recent research has shown that greater than 50% of mining on both Bitcoin and Ethereum is performed by four of fewer miners.

In a way, blockchain encourages centralization, as the more miners you control, the less variance in mining occurs — because you increase the likelihood that any transaction in the ecosystem will be routed to your miners for initial authentication. While “paying” miners in Bitcoin should theoretically encourage a diverse group of miners to all get in on the action, in reality it simply encourages the creation of bulk mining operations to get a nice stable chunk of the Bitcoin output available.

Similar unexpected externalities also seem to be encouraging the physical collocation of several blockchain mining operations. Hydro Quebec, a Canadian hydroelectric utility, ran a campaign to encourage tech companies to set up data centers in its service area, as cold weather and cheap power are ideal for inexpensive server farms. Instead of tech startups, they attracted Bitcoin miners. As a result, any major outage or disaster to befall Hydro Quebec could now have a non-trivial effect on the entire cryptocurrency ecosystem.

Most developers and investors assume that a blockchain ecosystem will be naturally decentralized and thus naturally resistant to any brute force attack or natural disaster. It turns out that the real-world implementation of blockchain – especially blockchain as it is implemented under Bitcoin – perversely encourages centralization in unexpected ways. And, because there is no Bitcoin version of the Federal Reserve to oversee these market-cornering mining operations, the risks posed by blockchain centralization are hard to assess and harder still to thwart.

That’s why every ICO needs to perform a full security and operational audit to ensure your blockchain-type technology is hardened against these unexpected brute-force attacks, and to establish protocols to respond if your blockchain is targeted for 51% majority manipulation.

If you want the market to have confidence in your ICO, you must ensure your ICO is hardened against market manipulation. Sign up for an ICO audit today.

One of the most dangerous aspects of an ICO is the general ignorance regarding blockchain amongst not just the public, but investors as well. The public views blockchain tokens as some sort of weird hybrid of fairy dust and gold bouillon, in that you can sprinkle blockchain on an ordinary product and suddenly it becomes immensely valuable.

For example, the Long Island Iced Tea company saw its stock value triple when it changed its name to Long Blockchain. No one knows what, if anything, Long Blockchain will actually use blockchain tech for, but the name change alone was assumed to be valuable.

By the same token (pun intended), a major Hooters franchisee is planning to convert its customer loyalty system to a blockchain rewards program, so that you can now literally measure the value of certain tokens in chicken wings and hamburgers.

The problem with these gimmicks isn’t that they are fleecing investors who still think of Bitcoin as a conventional currency. The danger is the huge risks posed by tacking on blockchain as a cash-grab, rather than as a fully secured technology. These “Junk Food ICOs” — so called not because they involve fast food companies, but because they treat blockchain as something you can just grab as quick-profit takeout food — pose real “health risks” to their parent companies.

Blockchain in general, and Bitcoin in particular, can’t be counterfeited, but can very easily be lost or stolen. And if your ICO investors assume that your tokens can be used like a conventional currency, and that they have the same protections and conveniences as modern credit cards, you’re setting yourself up for some serious customer dissatisfaction the moment the first cache of your tokens gets misplaced or social-engineered away.

Conventional currency has a safety net built in. The amount of cash in circulation is regulated by central banks, most American consumer bank accounts are insured by the FDIC, mainstream credit cards have built-in fraud protections, and American investment vehicles are regulated by the Securities and Exchange Commission. If something goes wrong, there are established protections to limit the damage and protocols for seeking restitution.

Blockchain tokens don’t have this same mature security ecosystem, and the public (nor investors nor corporations) clearly doesn’t appreciate the risks that entails. Thus, it is incumbent on you to build security into your blockchain ecosystem prior to any ICO — if only to prevent a wave of customer and partner backlash should anything go wrong.

Moreover, at some point a major consumer blockchain play is going to go bad, and the public will demand proof that any other token offering has better protections in place. The companies that invest in ICO security and compliance now will have a head start on every other blockchain firm when the public finally starts to take token security and management seriously.

Initial Coin Offerings are the Wild West of technology and investment — which means you might strike gold, or you might get robbed by bandits — but it also means that those who build their ICOs on secure foundations are best positioned to survive the chaos ahead.

If you want to ensure the security of your token technology, sign up for an ICO security and compliance audit today.