Initial Coin Offerings, or ICO’s, are a way to create and sell your own cryptocurrency which is based on an exchange rate tied to Bitcoin or Ethereum. With the increasing popularity of ICO’s, the security of funds raised is becoming a recurring and crucial concern for key players in the market. From “Security by Design” to an efficient organisation, there are methods that must be applied by everyone, contributors and intermediaries alike, in this new area of financing.
A recent Ernst and Young study found that out of $3.7 billion raised during the 372 ICO operations in 2017, 11% of this sum was supposedly lost or stolen, equating to almost $400 million seemingly disappearing into thin air.
>See also: Israel on the way to regulate ICOs
As with any emerging industry, and with any financial flow accessible by the click of a mouse, the ICO phenomenon arouses both enthusiasm and skepticism. Companies often want to launch their ICO quickly, without considering the consequences. Taking this into account, 2018 will certainly mark a turning point in professionalism, where security must now come before anything else, luckily, there are solutions that are already out there.
A good practice context
After a lightning increase in 2017, the ICO market is still working out how to structure itself. Initiatives such as the ICO Charter already suggest that there is a good practice in Europe. The charter has received a lot of support from credit rating agencies, law firms, ICO specialists and consulting firms.
Currently checking purchaser’s identities, the initial stage of fundraising is well verified, and the verification steps in the process work well when they are integrated as soon as possible. However, the latter part still poses problems as many lack hindsight and good practices in the area.
Previous experience shows that the fundamental points are not always respected during some ICO’s. As the result, the security of smart contracts is a fundamental element to consider. Although a smart contract is in essence secured, mistakes in the code can lead to indirect or malicious usage. This was the case last November during the freeze on all multi-signature Parity wallets. In this respect, the rules applied are those of every good developer: meticulousness and checking.
This is also why some ICO providers have now started to create “bug bounty” platforms. They use specialists that will test the contract/code to look for possible bugs or mistakes ahead of launching the project.
The bug bounty solution has its benefits, but there are already security precautions to take in the development of an ICO. Separating smart contracts is therefore recommended as it avoids centralisation and ensures the best possible efficiency in case of problems.
The use of multi-signature wallets is also strongly encouraged. This solution intrinsically allows fund security during sequestration and the process of taking legal possession of assets. In fact, this procedure requires two out of three key holding parties to give their authorisation the moment the funds are released. The three parties can, for example, be the ICO operator, the client and a trusted third party.
Security also applies for the project itself, and particularly in token development. The nature of ICO’s present security elements which can avoid missing out on the evaluation of the project.
Finally, it is essential to ensure that the ICO has been secured to its highest strength. There have already been numerous attacks, including sites being hacked to change the fundraising address.
Unfortunately, there is no coherent solution to this issue and therefore this must be left in the hands of IT security specialists. It is also necessary to buy all the ICO domain name extensions.
These measures all constitute a solid base to ensure ICO security. With some of the largest ICOs in 2017 raising over $275 million, this is a necessary undertaking to structure operations that have become more and more common, and to ensure that fundraising in 2018 surpasses the $10 billion mark.
Sourced by Laurent Leloup, CEO at Chaineum