'ICO' which procures funds in virtual currency has on average five security flaws

by Marco Verch

" Initial coin offerings and (ICO)" means the mechanism referred to as "start-up companies to raise funds by using the virtual currency", initial public offerings in recent years much attention as a handy funding than the (IPO) I am gathering. Such ICO has been reported that "there are five security flaws on average per ICO".

Researchers: Last Year's ICOs Had Five Security Vulnerabilities on Average
https://www.bleepingcomputer.com/news/security/researchers-last-year-s-icos-had-five-security-vulnerabilities-on-average/

In ICO, companies or groups who want to raise funds issue their own virtual currency (token), investors who want to provide funds purchase tokens using different virtual currencies, and virtual It is a mechanism to use currency as funds. ICO is able to raise funds very easily compared with IPO which needs examination etc. of securities company, and point that investors all over the world can participate easily is highly appreciated.

On the other hand, ICO is also known as "fraudulent fund raising method", while ICO startups who gathered funds of nearly 500 million actually flew away and faced away Has also occurred. Since brokerage firms etc. are not interposed in mediation of fund procurement, there is room for entering the fraudster group that has just removed the apparent appearance, so caution is required when participating in ICO.

According to a survey carried out by security company Positive.com specializing in ICO security, ICO conducted in 2017 said "On average, five security flaws were found per ICO". Among them, many security flaws were seen in " smart contract " which is a program that automates the transaction of virtual currency using block chains.

According to the report of this time, security defects are confirmed in 71% of ICO projects investigated by Positive.com. Once ICO starts, all tokens and smart contract programs used for ICO will be released and all subsequent changes will be impossible, so that all people can look for ICO security flaws.

Many of the security flaws are caused by lack of expertise of programmers such as inaccuracy of random number generation and testing of insufficient source code. Positive.com reported that mobile applications contained 2.5 times as many defects as ICO's WEB application, "All mobile applications released by ICO in 2017 have security flaws There is it. " There are security flaws such as ICO's mobile application using a method that is not secure for data transfer and user data being stored in the backup of the mobile terminal itself, so malicious hackers are It is possible to target virtual currency.

In addition, Positive.com reports that there are many cases where ICO organizers themselves lack security awareness. For example, an ICO organizer may not have acquired an SNS account in the official domain, which means that a third party can create a fictitious official SNS, and a malicious hacker can use ICO investors as a phishing site It is possible to guide you to. In addition, there are cases where the two-step authentication in the secret account owned by the ICO organizer is not set, and concludes that "many ICOs and ICO organizers are vulnerable to attack by hackers".

When adding many ICOs conducted in 2017, it is said that the funds of more than $ 5 billion (about 550 billion yen) have been put into ICO from all over the world. Investors who are also considering investing in ICO by ICO organizers must review the security countermeasures again and carefully enter the ICO as long as they manage large amounts of funds.