Crypto-currency's hottest trend is under threat
Initial coin offerings (ICOs) - the hottest trend in crypto-currency - are facing increased threats from hackers.
An ICO is an unregulated means of crowdfunding via use of crypto-currency. Ethereum is, as of 2017, the leading blockchain platform for ICOs, with more than 50% market share.
However, the Ethereum network ICOs have resulted in much phishing, Ponzi schemes, and other scams, accounting for about 10% of ICOs.
Yesterday, Chinese regulators officially outlawed all ICOs, demanding that the proceeds from all past ICOs be refunded to investors or face being "severely punished according to the law". This action by Chinese regulators resulted in large sell-offs for most crypto-currencies.
Although ICOs are not banned in the US, the country's Securities and Exchange Commission on 25 July ruled that ICOs should be treated as investment securities and subject to the relevant regulations. Following the announcement, some ICO promoters responded to the ruling by either tightening access to ICOs, or by making them unavailable to US investors.
In SA, Francois Groepe, deputy governor of the South African Reserve Bank, recently said it will be too risky for the central bank to start issuing virtual currencies or crypto-currencies at the moment.
A new study from Juniper Research has found the value of crypto-currency transactions is expected to surpass $1 trillion in 2017, more than 15 times the level in 2016. The new research states that transaction values in H1 2017 surpassed $325 billion, driven by the dramatic increase in Ethereum's price, which saw it account for two-thirds of crypto-currency transaction values in that time.
Crypto-currency is now typically seeing daily trades well in excess of $2 billion, says Juniper Research.
However, Chainalysis, a New York-based firm that analyses transactions and provides anti-money-laundering software, says more than 30 000 people have fallen prey to Ethereum-related cyber crime, losing an average of $7 500 each, with ICOs amassing about $1.6 billion in proceeds this year.
Recently, an ICO for a little-known start-up project called CoinDash was shelved when it was revealed the sale had been compromised. In total, the ICO was able to raise $7.53 million before the Ethereum address it was using to solicit funds was altered to a fake one by an unidentified hacker, resulting in the Ethereum going to another source.
Following the CoinDash hack, High-Tech Bridge CEO Ilia Kolochenko says this is one more confirmation that crypto-currencies are unreliable.
"Before all the details of the incident become clear, it's a bit early to calculate damages from the alleged exploitation of the flaw. Nonetheless, this is one more empirical confirmation that modern crypto-currencies are very far from being reliable and secure."
According to Kolochenko, the blockchain technology itself can assure very high integrity of data and transactions; however, it does not provide any immunity from other attacks targeting users or intermediaries.
He adds that one more reminder from the incident is that blockchain technology in isolation cannot assure additional security, but even in contrary - increases the risks.
"Many users, fooled by investors and so-called serial entrepreneurs, blindly believe that blockchain, particularly crypto-currencies, can make a digital revolution and provide an 'unbreakable' security. Unfortunately, this assumption is wrong and leads to a very dangerous feeling of false security.
"Blockchain technology can assure a very high level of data integrity, but we need to remember the numerous intertwined layers of modern technology stack, where one breached system or host can put the entire structure at risk."
Financially speaking, crypto-currencies are nothing really new, Kolochenko says. "They can bring incredible income, but can unavoidably cause a 100% loss of investment. Very profitable, but risky game, like investing into North Korea.
"Victims of this hack will quite unlikely get their money back as, technically speaking, it's virtually impossible. Moreover, law enforcement won't be able to help either in this case, except if it is an insider attack that can be investigated and prosecuted."
Lorien Gamaroff, CEO of Bankymoon.com, is of the view that blockchain-based crypto-currencies that are supported by a sufficient number of transaction processing computers (miners) are extremely difficult to hack.
He explains that vulnerabilities are introduced by the various wallets and exchanges that operate on top of the decentralised network. "They are the weak points that hackers exploit to steal coins. Users are exposed when they allow third parties to act as custodians of the private keys which are used to spend funds.
"Crypto-currencies allow users to be their own banks but with great power comes great responsibility. The onus is on the user to ensure private keys are kept safe. Unfortunately, the industry is not mature enough to provide safe and secure tools and services which are able to sufficiently protect private keys. It is still early in the evolution of these technologies and reliable services do not yet exist. There are options with varying levels of security that users can make use of to keep keys safe. Hardware wallets are USB drives with special software and are currently the most reliable ways to store crypto-currencies," says Gamaroff.
Gideon Louw - a software developer at Sagteware.NET, which recently developed a local crypto-currency called Number42 - says any crypto-currency can be hacked once a hacker can figure out a user's private key.
"Users should never write down passwords, or save passwords on text files within the PC. Also, if you download a wallet, your wallet will automatically save your private key to the PC where the wallet is installed. Users should make sure they lock their PC when they are not around, because anyone with access to your PC will be able to transfer funds from your wallet."