We will talk about the things in reference to a few ICOs that were hacked and what went wrong with them and how you can learn from their failure to ensure your own success.Taeyong Kim
Planning to launch your own ICO? Well, you ought to know that even token sales are not safe from online theft and hacking. In fact, at least one or two ICOs get hacked almost every week. Now to a more important point, is your ICO secure? What steps are you taking to make sure that your sale is not hacked? Let’s discuss some.
An ICO is a type of crowdfunding, the main purpose of which is to raise funds. Basically, you will be collecting thousands, if not millions, of dollars from your investors. These funds are usually stored in an escrow wallet or the company’s own wallet until the sale is concluded. In addition to investing in the planning and marketing of your ICO, you should also take actions to protect your ICO and crypto project from hackers.
Blockchain may be a very secure technology and all, but most startups do not pay enough attention to the security of their token sales which along with the fact that ICOs are the most profitable methods of funding today make them vulnerable to hacks.
Thankfully, there is a solution. There are a few things you can do to protect your ICO from hackers and other related suspicious activities. Let’s get started.
The code vulnerability
One of the worst things you can do with your blockchain project is use a vulnerable code. A classic example is the ‘DAO’ project which was hacked because of a bug in the code shortly after its ICO concluded with $150 million in funds. It was an Ethereum blockchain based project, but the problem was in the project code and not in the Ethereum platform. The hacker drained over $50 million from the ICO by identifying and exploring a bug called “recursive calls” in the code.
So, what can you do in order to save your own ICO from such attacks? First, make sure that you employ the best expert programmers to write the code for your project. They should follow the standards and practices to avoid common coding bugs. Get your code tested by multiple experts and users. Listen to warnings and security recommendations shared by your community. Use an escrow wallet for your ICO to ensure that funds are on hold for a number of days before they are processed.
The website security
There have been instances when the entire website or the ICO platform of a crypto project is hacked and changes are made in significant details/information. One example is the hacking of the Coindash ICO where hackers managed to get away with $7 million by merely changing a text on the Coindash website. They hacked the Coindash website and changed the Ethereum address, where investors were supposed to send money, with a fraudulent address and received about 43,000 ETH in just 7 minutes. The sale was terminated soon after.
Want to protect your own ICO from such hacks? Here’s what you can do. Invest more in strengthening the security of your ICO platform/website and make it scam-proof.
Flaw in the Wallet
Another major bug that has been identified in a number of ICO hacks was of flaws in the wallet itself. One such hack was reported by Parity in July 2017, when a series of its user wallets were hacked, which resulted in a loss of Ether worth $31 million. Thankfully, the hack was identified and stopped in between, otherwise, much more could have been stolen by the hackers from vulnerable Parity wallets. The vulnerability was present in the “init” code of the Parity’s multi-signature wallet where a scope was not defined.
What is the solution? Well, it is natural to make errors, but you should be alert enough to identify and fix those bugs before a hacker finds them out. Recheck your code whenever possible, and audit again and again.
Hack and Theft
The most common and straightforward type of ICO hack is basic wallet hack and theft of tokens. This is exactly what happened with Tether tokens. As posted on the company’s website, an unknown hacker hacked into the Tether wallet of the company and stole over $30 million worth of tokens. The tokens were sent by the hacker to a fraudulent Bitcoin address.
You can save your ICO from such incidents by enabling more proper security measures. However, the online token wallets are always prone to hack, no matter how much security you employ. A better alternative is to store your tokens in an offline ‘cold storage’ wallet and/or vault.
1. Strictly follow the programming recommendations of smart contracts to avoid failures;
2. Keep a close eye on your ICO process and act quickly when needed;
3. Take measures to protect your project and community from hackers;
4. Make sure that your smart contract is not vulnerable and doesn’t give a chance to scammers in any way;
5. Regularly communicate with your users via your website and social pages and ask them to use the right website ( URL) for any transaction;
6. Tell your users not to act on spam emails and messages and give your official email id;
7. Listen to and implement the advice shared by your crypto community;
8. Check your code on a regular basis and get it tested by experts;
9. Educate your team about vulnerabilities and cyber hacks and the steps to prevent/avoid them.
10. Lock down your funds in a hardware wallet.
Security of your ICO is as important as of the blockchain itself. If your project is hacked at the ICO stage itself, it sends a bad message to your potential investors. It is not good for any of the involved parties, except for the hackers. So be aware of the fraudulent activities and persons in the ICO premises. Follow the tips mentioned above and keep your project as secure as possible.
Looking to invest in a good ICO? Try Medipedia, which is a blockchain based healthcare service platform that connects patients directly with top-quality doctors and medical services in foreign countries.