Cybersecurity For Initial Coin Offering
Nowadays, more and more companies raise funds through an Initial Coin Offering (ICO). By launching an ICO, a company can create a new coin to make money. In addition to Bitcoin, Ethereum, and Litecoin, there are a large number of other coins in the market. However, companies might face security challenges when using cryptocurrency and launching ICO.
The following are some steps that companies should take careful consideration in a coin life cycle:
- Coin offering: Hackers can attack offering websites to modify provided services.
- Coin trading: DDoS attacks make cryptocurrency websites or applications unavailable to investors.
- Currency exchanges: When trading currencies, an investor is likely to face risks of DDoS attacks or account takeover attacks.
- Wallet: It is used to archive, receive and send crypto coins. Therefore, it is a lucrative target of malicious hackers.
Let’s learn about some aspects of a cryptocurrency attack and how to protect your assets against these attacks.
What is ICO?
When launching an ICO, a company will create a new cryptocurrency and sell it to investors to receive money or another cryptocurrency, usually Bitcoin or Ether. Investors can use these cryptocurrencies to pay for services provided by this company or create transactions.
ICO is similar to crowdfunding because it is available for every investor without too many regulations. Companies can raise a lot of money through an ICO, for example, Blockchain Filecoin raised over 250 million dollars through ICO.
New cryptocurrency published in an existing platform like Ethereum, following ERC-20 standard, does not require a firm knowledge of the underlying blockchain technology of cryptocurrency.
Blockchain technology vulnerabilities
Since cryptocurrency was first introduced, it has brought high interest and value to investors. Therefore, more and more hackers are interested in exploiting the vulnerabilities of this market. Although blockchain technology is decentralized and immutable, many vulnerabilities are still found and exploited.
A typical example of direct attacks is an attack on the ICO of CoinDash – a start-up working in cryptocurrency portfolio management and related services.
According to the CoinDash blog, when the contract’s address provided by Ethereum was public, the attacker changed the official address to an incognito address. Due to high demand at that time, around 43,000 Ether was redirected to the incognito account within only 7 minutes. The website was shut down immediately as soon as it was found hacked. The attack caused a loss of about 7 million USD. Finally, it is defended against the attacker by the web application firewall.
Another example is a DDoS attack on the Bitcoin Gold website when it was introduced to the market. The attack made the website unavailable for a while. Although this did not directly affect the coin, it damaged the credibility of the whole project.
Electroneum – a cryptocurrency provider – informed about a delay of their website and application due to a DDoS attack. 140,000 investors could not access their accounts and their cards were frozen. Finally, it was protected by using DDoS security.
How to protect your cryptocurrency
Web application firewall
Web Application Firewall (WAF) introduced by Gartner is a leading web application for four years continuously. It analyzes users accessing your website to protect your website from attacks. WAF can defend against web attacks including OWASP, which is one of the top 10 security threats and malicious bots. It controls the client accessing your application with a traffic filter based on different factors.
WAF analyzes all aspects of your website to detect attacks, which will keep your website away from authentication requests such as CAPTCHA.
Comprehensive security platform
After safely introducing your crypto coin, you should be aware of vulnerabilities that might be exploited through a cryptocurrency life cycle, including DDoS, cryptocurrency trade, and e-wallet. We will do more research on this problem and provide you with suitable solutions soon.
Use CyStack Platform to discover security vulnerabilities timely to prevent your cryptocurrency exchanges from attacks.