Hackers come to ICO

in #ico4 years ago


The biggest risks a blockchain projects including when carrying out ICO, are in mechanisms of smart contracts and also in operation of web applications. The inattention to existence of such errors can lead to an interference in ICO of cyberswindlers and to multimillion losses.


The Positive Technologies company in which the main risks when carrying out Initial Coin Offering are analyzed (ICO, primary placement of tokens for attraction of financial resources in projects of the cryptomarket). Experts checked 15 projects, in particular utrust.io (a capitalization of $21 million), trade.io ($31 million) and Blackmoon ($30 million). Following the results of it was clarified that the greatest security risk (32% of total number) is posed by vulnerabilities in smart contracts (digital algorithms which determine terms of the exchange by assets between the sides), in web applications of projects and especially in their mobile versions.

"If it is wrong to determine terms of the exchange by assets, it is possible to lose everything" — the security director of the Positive Technologies applications Denis Baranov emphasizes. According to a research, because of mistakes in smart contracts most often there are possible such types of cyberfraud as frontrunning (allows to foresee future condition of the contract, and, for example, to get profit from tokens when there is a big purchase), thefts because of incorrect definition of area of visibility (for example when the function establishing the owner of a purse is available to a call to any user of the platform) and breakings because of the wrong generation of random numbers in a code
So, the mistake in definition of area of visibility in July, 2017 became the theft reason about $30 million from a purse of Parity on which means of a great number of clients were stored, including several large ICO. In November because of critical vulnerability of the new version of the smart contract more than $285 million clients of Parity have been frozen.

According to authors of a research, vulnerability in smart contracts arise because of the shortage of knowledge at programmers and insufficiently careful testing of the source code. The problem is that the technology only begins to develop, the director of global communications of Waves Platform Natalya Maleva reads. "The most part of smart contracts is written in the Solidity language which is owned up to standard by a small number of programmers

The cost of qualitative developers is high that induces owners of projects with the limited budget to address experts without experience" — the investment expert of BGP Litigation Vladimir Rusakov confirms. According to the head of analytical department of Aurora Blockchain Capital Georgi Ehrman, many customers don't know what vulnerabilities can be in their smart contracts therefore don't order additional audit. All community is traditional acted as the auditor of quality of a code, it occurs on the GitHub service, mister Rusakov specifies. But in process of promoting of technology of a blockchain the number of projects has grown therefore you shouldn't count on audit of a code, he is sure.

Also in Positive Technologies found out that the majority of web applications of projects, and especially mobile applications for investors is exposed to serious risks. So, vulnerabilities were found in 100% of mobile versions, in general they contain 2,5 times more vulnerabilities, than normal web resources. "Among the most widespread shortcomings — unsafe data transfer, storage of user data in backup copies, the control footing left by developers in an application code, disclosure of the identifier of a session" — mark authors of a research.

Such mistakes allow to receive additional data on the project, organizers and investors and can be used during the further attacks. In case of gaining access to the mobile phone of the victim the malefactor can get access to the application and perform operations from his face, including remove means. But these conclusions are confirmed by not all experts. Georgi Ehrman believes that mobile applications which are used for attraction of assets and the translations of tokens and cryptocurrency "are protected very carefully". If the application is used only for communication with target audience, he adds, it is possible and to save on protection.To know more visit: “https://www.engadget.com/2018/01/22/hackers-stealing-millions-cryptocurrency-ico/”




It's really bad news

Your Every post Crypto currency Update news
I love your blog

Very helpful post

Several report points out that together with poor security, issues like lack of regulation and poor standards for ICO valuations additionally plague the crypto world. The researchers aforementioned that rather than vital aspects like project development forecasts and therefore the nature of the token, ICO tokens area unit usually valued supported promotional material and FOMO -- worry of missing out.......Thanks for such a informative post..


FireShot Capture 69 - Hackers are stealing millions in crypt_ - https___www.engadget.com_2018_01_2.png

don't copy paste .this is just a warning for you @abu.bakkar . next time comment your personal opinion.

otherwise flag is ready for you .

Wow...what a concept..that was awesome.
First to last...i have read your post...@hossainsohag

can you please tell me about about ico scams . what do you think?

We should always alert... & what we are doing must research on it... otherwise things are going to be risky...

Thanks a lot bro for news related to crypto I'm also a crypto greek

I love currency
wonderful post

Great post I love you blog

did you read my post?

Hi @hossainsohag
How are you

well how'bout you ?

Thank you for collaborating with me to promote this post as explained at https://steemit.com/steemit/@jerrybanfield/10-ways-to-fund-a-steem-growth-project.