The research, published by Moscow-based cyber security firm Group-IB on Wednesday, was based on an analysis of 450 attacks on ICOs since the beginning of 2017. Attempts by hackers to steal money from ICO projects increased tenfold over the period.
Group-IB also took part in a study published this week by Ernst & Young which showed that roughly $400 million of the $3.7 billion raised via ICOs to date had been stolen.The findings come amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund projects, with often little more than a handful of employees and an outline business plan.There is also growing scrutiny from regulators and investors, some of whom say they have been misled or defrauded via ICO schemes.Group-IB said ICOs and cryptocurrency investors were particularly at risk from so-called phishing attacks - when hackers spoof emails and websites to steal passwords and personal information - with some groups who previously targeted banks now stealing as much as $1.5 million a month this way.In some cases, hackers have also attacked and doctored ICO project websites, changing the information so would-be investors send their money to the wrong digital "wallets" used for storing cryptocurrencies."Most attacks use traditional and well-proven techniques, which are also very effective for stealing cryptocurrencies," said Ruslan Yusufov, director of private client services at Group-IB. "Lots of projects underestimate cybersecurity risks, which leads to an avalanche of threats and successful thefts." (Reporting by Jack Stubbs; Editing by Alexander Smith)