Initial coin offering (ICO) investments have soared in 2017, raising an estimated $1.6 billion in funding and attracting the attention of regulators across the globe. Venture capital firms have begun pouring cash into ICOs and celebrities ranging from Floyd Mayweather to Paris Hilton have endorsed individual tokens.
According to a new report from blockchain-tracing firm Chainalysis, this ICO fervor has created fertile ground for cyber criminals. Chainalysis–whose software the U.S. Internal Revenue Service (IRS) reportedly uses to track bitcoin tax evaders–estimates that cyber criminals have acquired approximately $225 million from Ethereum-related attacks. More than half of that–$125 million–was stolen from June to August alone.
The report states that more than 30,000 victims have fallen prey to these attacks, losing an average of $7,500. Astonishingly, Chainalysis estimates that “10% of Ethereum holdings marked for ICO investment lies in the hands of criminals.”
The most high-profile attacks have been hacks and exploits. In July a hacker exploited a vulnerability in Parity’s multi-signature wallet and managed to net more than $30 million in funds, including development funds raised by ICO startups such as Swarm City. Also in July, an attacker hacked into the CoinDash website and changed the ICO deposit address, leading contributors to unwittingly send more than $9 million to the wrong address. Then, in August, a hacker compromised Enigma’s website and social media accounts. The hacker sent emails and posted messages from official Engima accounts claiming that the startup’s ICO pre-sale had begun. Before Enigma could spread the word that the message was fraudulent, contributors sent more than $500,000 to the hacker’s address.
However, Chainalysis says that the majority of Ethereum cybercrime actually comes from phishing attacks, not hacks and exploits.
While some cyber criminals have opted for high profile hacks and exploits, phishing is actually driving the most revenue today. It now makes up more than 50% of all cybercrime revenue generated this year ahead of exploits which sometimes get the most coverage in the press due to their nature.
According to their statistics, phishing attacks account for more than $115 million of thefts, affecting nearly 17,000 victims.
Cybercriminals within the digital currency space exploit both greed and the fear of missing out on lucrative opportunities. Both of these emotions lead users to make poor decisions in the heat of the moment rather than approaching situations rationally.
Chainalysis provides several security tips to help investors avoid becoming a victim. They advise users to be wary of direct messages from companies since most reputable businesses communicate with contributors on a public rather than individual level. Similarly, they caution that slackbots messages may not always come from where they claim. Investors should also be wary of using search engines to access a crypto service since domain squatters will often set up fake websites that mimic a reputable service and steal your data. Finally, they recommend that crypto users remain apprised of the Ethereum Scam Database and check it when they encounter a suspicious website or message.
In addition to these tips from Chainalysis, one should also remember that it’s important to maintain control of your private keys rather than permanently storing your holdings on third-party wallets or exchanges.
Featured image from Shutterstock.