Experts say that over 100 cyber attacks are detected each month that target the average ICO (Initial Coin Offering).
Group IB, a Russia-based cyber security company, analyzed about 450 attacks, and the results show that criminals are increasingly using modified Trojans previously used for bank theft.
According to Group-IB, the number of attacks on each ICO in the end of 2017 increased tenfold in comparison to the beginning of the year. Such attacks include phishing, defacement and DDoS, as well as targeted attacks with a view to compromise secret keys and secure control over accounts.
"In most cases, ICO projects face phishing, website defacement, compromise of administrator accounts - Slack, Telegram, as well as vulnerabilities in their own smart contracts," said Ruslan Yusufov, Group-IB's director of private client services.
Hackers also redirect investors to fake websites. "Most attacks use traditional and well-proven methods, which are also effective in stealing cryptocurrency from end users," Yusufov added.
Dangerous tactics
According to Group IB, there are many new criminals who are proficient in using banking Trojans, and they’re now updating their tools to focus on cryptocurrencies. They threaten not only ICO projects, but traders, crypto-enthusiasts and cryptocurrency owners.
Attackers also try to replace the addresses of wallets used for fundraising. For instance, the investment portfolio management platform, CoinDash, lost about $7.5 million in the first 3 minutes of its ICO start after its website was hacked.
In the final months of 2017 and early 2018, Group-IB specialists recorded a rash of fraud on social media where criminals used well-known techniques (messages from "security teams of cryptocurrency services," notifications of prizes in coins, invitations to take part in important community activities, and etc.
Сriminals are mostly interested in ICOs that have not yet been announced, but which have hype potential, such as Telegram’s expected ICO. Some banking Trojans — TrickBot, Vawtrak, Qadars, Triba and Marcher — have been retargeted to focus on users of cryptocurrency wallets.
What to expect in 2018?
"Throughout last year, we saw examples of the adaptation of hacker tools to the crypto industry," said Ilya Obushenko, security analyst at Group-IB. "The banking Trojan TrickBot obtained additional modules for stealing money from accounts in Coinbase as early as in August 2017. Features for attacks on cryptowallets have also been added to Tinba, another banking Trojan."
Group IB said this coming year founders, members of project teams and communities should be prepared to dealing with hackers; their personal accounts might be compromised.
"Market participants announcing ICOs are already being shortlisted by criminals," Group IB said in a statement. "Various forms of fraud on social media, which focus on cryptocurrency owners and are allegedly implemented on behalf of platform developers, are gaining momentum."
Hackers will increasingly adapt banking Android Trojans to attack cryptocurrency owners.
According to the latest Ernst & Young research, $400 million of the $3.7 billion raised globally via an ICO was stolen or lost.