More than 10 percent of $3.7 billion raised in ICOs has been stolen: Ernst & You

[Hydrogen]

NEW YORK (Reuters) - More than 10 percent of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.

The professional services firm analyzed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400 million of the total $3.7 billion funds raised to date had been stolen, according to research published on Monday.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5 million in ICO proceeds per month, according to the report.

The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25 percent of ICOs reached their target in November, compared with 90 percent in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.

The challenges faced by more recent ICOs in reaching their targets are partly attributable to the lower quality of projects, as well as issues that have emerged around earlier projects, said Paul Brody, global innovation leader for blockchain technology at Ernst & Young (EY).

“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Brody said in an interview.

“We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”

In ICOs companies typically raise money to build new technology platforms or to fund businesses that use cryptocurrencies, also called tokens, and blockchain, the software that underpins them. Yet for many of these projects the need for blockchain and cryptocurrencies is often unjustified, according to EY.

It also noted valuations of ICO tokens are often driven by “fear of missing out”, or “FOMO”, and have no connection to market fundamentals such as project development. EY said “FOMO” has led investors to pour money into ICOs at record speeds, with the 10 shortest lasting ICOs attracting $300,000 per second on average.

The study also found several instances in which the underlying software code of a project contained hidden investment terms that had not been disclosed, or contradicted previous disclosures. For example, a whitepaper might state that there will be no further issuance of a cryptocurrency, while the code might leave that option open.

https://www.reuters.com/article/us-ico-ernst-young/more-than-10-percent-of-3-7-billion-raised-in-icos-has-been-stolen-ernst-young-idUSKBN1FB1MZ

Its hard to believe phishing is still a valid attack, much less the most successful attack vector utilized to steal money from ICO's.

(I wonder if some of the more shady ICO's raise money, then steal it from themselves to generate income.  )

$400 million is a lot of money. Seems like it pays to be a hacker these days. I should have studied harder to be a hacker in school.

[1713434391]

1713434391

[1713434391]

1713434391

[1713434391]

1713434391

[1713434391]

1713434391

[jvper]

These figures seem to be underestimated. I bet the real number is unfortunately much more than 10%. Nice article though.

[joebrook]

NEW YORK (Reuters) - More than 10 percent of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.

The professional services firm analyzed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400 million of the total $3.7 billion funds raised to date had been stolen, according to research published on Monday.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5 million in ICO proceeds per month, according to the report.

The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25 percent of ICOs reached their target in November, compared with 90 percent in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.

The challenges faced by more recent ICOs in reaching their targets are partly attributable to the lower quality of projects, as well as issues that have emerged around earlier projects, said Paul Brody, global innovation leader for blockchain technology at Ernst & Young (EY).

“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Brody said in an interview.

“We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”

In ICOs companies typically raise money to build new technology platforms or to fund businesses that use cryptocurrencies, also called tokens, and blockchain, the software that underpins them. Yet for many of these projects the need for blockchain and cryptocurrencies is often unjustified, according to EY.

It also noted valuations of ICO tokens are often driven by “fear of missing out”, or “FOMO”, and have no connection to market fundamentals such as project development. EY said “FOMO” has led investors to pour money into ICOs at record speeds, with the 10 shortest lasting ICOs attracting $300,000 per second on average.

The study also found several instances in which the underlying software code of a project contained hidden investment terms that had not been disclosed, or contradicted previous disclosures. For example, a whitepaper might state that there will be no further issuance of a cryptocurrency, while the code might leave that option open.

https://www.reuters.com/article/us-ico-ernst-young/more-than-10-percent-of-3-7-billion-raised-in-icos-has-been-stolen-ernst-young-idUSKBN1FB1MZ

Its hard to believe phishing is still a valid attack, much less the most successful attack vector utilized to steal money from ICO's.

(I wonder if some of the more shady ICO's raise money, then steal it from themselves to generate income.  )

$400 million is a lot of money. Seems like it pays to be a hacker these days. I should have studied harder to be a hacker in school.

Phishing please, that is indeed the most novice ways to hack and if the ICO's wants us to believe that they were compromised because of Phishing, then indeed they are very much lying. Since this is a theft,  think the proper securities should be made aware of it so that they can give the investors exactly what happens.

[apvmoreira]

If its only 10% it's worth the risk.

But i don't think its true. Most ICOs that did see the sun where scams. In fact they all are into a certain point, but the earning may pay for that risk.

I will go to 10% hackers and 40% that don't end the ICO and vanish with the money.

Plus more 30% that are not profitable and that leaves you with 20 % ICOs that can live.

From those 20%, 15% are controlled by teams that don't know what to do in the right time and are always changing the roadmap.

This, leaves 5 % that you can get a goo profit. Just need to find them in the jungle.

And take the money asap to not get scamed, don't forget!!

[andrei56]

NEW YORK (Reuters) - More than 10 percent of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.

The professional services firm analyzed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400 million of the total $3.7 billion funds raised to date had been stolen, according to research published on Monday.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5 million in ICO proceeds per month, according to the report.

The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25 percent of ICOs reached their target in November, compared with 90 percent in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.

The challenges faced by more recent ICOs in reaching their targets are partly attributable to the lower quality of projects, as well as issues that have emerged around earlier projects, said Paul Brody, global innovation leader for blockchain technology at Ernst & Young (EY).

“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Brody said in an interview.

“We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”

In ICOs companies typically raise money to build new technology platforms or to fund businesses that use cryptocurrencies, also called tokens, and blockchain, the software that underpins them. Yet for many of these projects the need for blockchain and cryptocurrencies is often unjustified, according to EY.

It also noted valuations of ICO tokens are often driven by “fear of missing out”, or “FOMO”, and have no connection to market fundamentals such as project development. EY said “FOMO” has led investors to pour money into ICOs at record speeds, with the 10 shortest lasting ICOs attracting $300,000 per second on average.

The study also found several instances in which the underlying software code of a project contained hidden investment terms that had not been disclosed, or contradicted previous disclosures. For example, a whitepaper might state that there will be no further issuance of a cryptocurrency, while the code might leave that option open.

https://www.reuters.com/article/us-ico-ernst-young/more-than-10-percent-of-3-7-billion-raised-in-icos-has-been-stolen-ernst-young-idUSKBN1FB1MZ

Its hard to believe phishing is still a valid attack, much less the most successful attack vector utilized to steal money from ICO's.

(I wonder if some of the more shady ICO's raise money, then steal it from themselves to generate income.   )

$400 million is a lot of money. Seems like it pays to be a hacker these days. I should have studied harder to be a hacker in school.

Phishing may be be basic but it is effective, I invested in an ico some months ago, and in the telegram channel and slack there were a lot of phishing and social engineering attacks, the devs gave a warning and identified themselves to try to stop those attacks but there were many coins stolen and things only got worse when people tried to sell their coins because the price took a nosedive after the ico.

[Tstar]

Phishing attacks are getting more sophisticated and people are negligible their security.

According to Google, only 10% are using some kind of 2FA. I guess in crypto community the percentage is higher, but still this is one of the main reason phishing attacks to be successful.

[Pleione527]

This is quite alarming because it says that possiibilities of future crypto hackers can actually steal or savings I think this is an eye opener to developers to become more strict in providing good protection from hackers and also create more strong authentication.It is also a good thing that auditing firms are now starting to look into cryptos they can really give a big help.

[Nellayar]

Phishing attacks are getting more sophisticated and people are negligible their security.

According to Google, only 10% are using some kind of 2FA. I guess in crypto community the percentage is higher, but still this is one of the main reason phishing attacks to be successful.

Its real! People now on are vulnerable in phishing attacks. We don't have the assurance that our coin is at the good hand. These phishing attacks may lead to a total lose of cryptocurrency. I hope not.

[kevoh]

The salient points raised in the news article are some of the reasons why I partly support government regulation of these ICOs. The system is just so messed up with individuals and groups who have no business doing ICOs in the first place. There are many ICO projects out there that do not need the amount they are trying to raise.

[Uchiage]

The salient points raised in the news article are some of the reasons why I partly support government regulation of these ICOs. The system is just so messed up with individuals and groups who have no business doing ICOs in the first place. There are many ICO projects out there that do not need the amount there are trying to raise.

the same as what is happening in the forum. A lot of scammers and some nonesense services which they say its free but later on will ask for money. Good thing we have also a growing number of forum "cops". I think these should also be the same around the web in terms of catching these websites, As a common user we have tendency to neglict and just ignore as long as we are not scammed. But i hope we would also at least bring them to spotlight and take actions against them. Because 3.7B is quite high for just annonymous deals.

[Thirdspace]

NEW YORK (Reuters) - More than 10 percent of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5 million in ICO proceeds per month, according to the report.

this probably true backed up on some research and data gathered by Ernst & Young
but they failed to emphasize.... the 80% of funds raised was stolen by the ICO team itself... in another word SCAM ICO
and only the last 10% probably for the real legit ICO for actual business companies 

[Maveth13]

This is really not surprising, most phishing attacks target stupid people. If you visit some telegram groups from different icos, you'd see that most of the investors there are illiterate, and don't even know a single thing about what they're investing in just for the sake of easy money. You'd see a lot of 'how to invest', 'how to see it in my wallet' kind of questions repeatedly being asked. If they don't know these basic things, they're bound to be victims of phishing attacks.

[audaciousbeing]

If this is the amount that they are putting an estimate to, that have been stolen then I would say its either not as bad as we thought, or maybe they just decide to be economical with the their findings but trusting the source of the information, I would rely on it. It then means the whole noise about banning of ICO is just blown out of proportion relatively, that amount is on the high side but I wouldn't compare it to the amount that is being raised on various IPO or Right issue of several countries across the world that the directors of those companies have only seen as an avenue to become exceedingly rich in disguise of moving the company forward only to pay investors peanuts as dividend at the end of every year.

[GeoDudeScho]

If its only 10% it's worth the risk.

But i don't think its true. Most ICOs that did see the sun where scams. In fact they all are into a certain point, but the earning may pay for that risk.

I will go to 10% hackers and 40% that don't end the ICO and vanish with the money.

Plus more 30% that are not profitable and that leaves you with 20 % ICOs that can live.

From those 20%, 15% are controlled by teams that don't know what to do in the right time and are always changing the roadmap.

This, leaves 5 % that you can get a goo profit. Just need to find them in the jungle.

And take the money asap to not get scammed, don't forget!!

Very much agreed!

[GeoDudeScho]

Any time large amounts of money is being thrown around, you WILL get scammers. Protect yourself.

[Mometaskers]

Phising eh? Im surprised that in this day and age, people still fall for these.

(I wonder if some of the more shady ICO's raise money, then steal it from themselves to generate income.  )

That is quite possible. It' easy to just say that you were hacked rather than just disappear into thin air. That way you might still get some suckers to put in money for one more round.

[kasansa]

NEW YORK (Reuters) - More than 10 percent of funds raised through “initial coin offerings” are lost or stolen in hacker attacks, according to new research by Ernst & Young that delves into the risks of investing in cryptocurrency projects online.

The professional services firm analyzed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400 million of the total $3.7 billion funds raised to date had been stolen, according to research published on Monday.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5 million in ICO proceeds per month, according to the report.

The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25 percent of ICOs reached their target in November, compared with 90 percent in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.

The challenges faced by more recent ICOs in reaching their targets are partly attributable to the lower quality of projects, as well as issues that have emerged around earlier projects, said Paul Brody, global innovation leader for blockchain technology at Ernst & Young (EY).

“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Brody said in an interview.

“We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”

In ICOs companies typically raise money to build new technology platforms or to fund businesses that use cryptocurrencies, also called tokens, and blockchain, the software that underpins them. Yet for many of these projects the need for blockchain and cryptocurrencies is often unjustified, according to EY.

It also noted valuations of ICO tokens are often driven by “fear of missing out”, or “FOMO”, and have no connection to market fundamentals such as project development. EY said “FOMO” has led investors to pour money into ICOs at record speeds, with the 10 shortest lasting ICOs attracting $300,000 per second on average.

The study also found several instances in which the underlying software code of a project contained hidden investment terms that had not been disclosed, or contradicted previous disclosures. For example, a whitepaper might state that there will be no further issuance of a cryptocurrency, while the code might leave that option open.

https://www.reuters.com/article/us-ico-ernst-young/more-than-10-percent-of-3-7-billion-raised-in-icos-has-been-stolen-ernst-young-idUSKBN1FB1MZ

Its hard to believe phishing is still a valid attack, much less the most successful attack vector utilized to steal money from ICO's.

(I wonder if some of the more shady ICO's raise money, then steal it from themselves to generate income.  )

$400 million is a lot of money. Seems like it pays to be a hacker these days. I should have studied harder to be a hacker in school.

I would say that almost 50%of funds raised in ICOs get stolen as most of the ICO projects are just scam projects aimed at just looting the public money. That's why many countries have either started to regulate or just ban ICOs to protect the interests of their citizens.But still there are some promising ICOs and even some institutional companies are entering ICO to raise the required funds.

[jseverson]

Lol, when I was reading the topic title, I assumed the funds were being stolen by the organizers themselves and thought to myself: just 10%?

But yeah, it's not so crazy how many people fall prey to phishing attempts considering that the internet is pretty new in terms of sensitive transaction utility. I imagine most people simply don't know any better. It doesn't help that these attacks are ridiculously elaborate, and unless you're specifically looking out for them, chances are you're going to get duped.

The research also noted that the volume of ICOs has been slowing since late 2017. Less than 25 percent of ICOs reached their target in November, compared with 90 percent in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called “white paper”.

At least people are starting to get wiser with their investments. Most ICOs are scams, and for as long as they're successful, more and more will inevitably pop up.

$400 million is a lot of money. Seems like it pays to be a hacker these days. I should have studied harder to be a hacker in school.

Lol, I'd say you only need adequate coding skills. It's pretty trivial to clone websites and perform phishing attacks on the unsuspecting. It's sad, but that's the current state of things.

[nasiwaju]

I think hackers is the greatest treat for any any investment or project using Internet but nowadays, hackers are more interested in cryptocurrency and most expecially icos.
However, developers are aware of all this evil from hackers and endup taking the security of their website with little on no security

[andrei56]

Phishing attacks are getting more sophisticated and people are negligible their security.

According to Google, only 10% are using some kind of 2FA. I guess in crypto community the percentage is higher, but still this is one of the main reason phishing attacks to be successful.

This is really surprising, what I mean is people are investing millions of dollars in different coins and they do not take the time to enable 2FA, those people need to check their priorities, it is like people that have been hacked and lost hundreds of coins and they had their bitcoin in the personal computer with a pirated copy of window instead of investing a few dollars in getting a hardware wallet.