On December 11, 2017, SEC Chairman Jay Clayton issued a stern warning to mainstream investors about cryptocurrencies and initial coin offerings (ICOs). He comments,
A number of concerns have been raised regarding the cryptocurrency and ICO markets, including that, as they are currently operating, there is substantially less investor protection than in our traditional securities markets, with correspondingly greater opportunities for fraud and manipulation.
It’s no surprise that crypto enthusiasts don’t like the SEC or other financial regulators. If many authorities had their way, cryptocurrency exchanges would be done away with completely. Yet Clayton’s warning, though overboard at times, raises some very valid points. It is a well-known fact, as the memo states, that ICOs provide “greater opportunities for fraud and manipulation.”
According to an Ernst & Young study, about $400 million has been stolen from funds raised through initial coin offerings. This large pile of unrecoverable investor capital represents over 10 percent of the $3.7 billion raised in 2017. In addition, the report noted that most funds are stolen through phishing attacks, racking up losses of $1.5 million a month. Only a quarter of ICOs reached their funding goals in November 2017, down from 90 percent in June that same year. Throw in pump and dump schemes orchestrated by hedge funds, and ICO investors are less likely than ever to see their full investment again, let alone turn a profit.
These glaring security issues are one of the leading reasons why ICOs fail. Not only do fraudsters and hackers siphon a firm’s capital, they also disincentivize potential investors. In order to combat ICO security issues, several companies have offered suggestions, ranging from educating investors to altering the way capital is raised.
Knowing is Half the Battle
G.I. Joe may not be popular like it once was, but the famous quote “knowing is half the battle” is just as true today as it was back then. Unfortunately, investors fall prey to ICO scams because they lack the education necessary to invest wisely. If investors don’t know what they’re doing, their investment risk shoots through the roof.
Some companies like Fund Platform are creating interfaces that educate potential investors about ICOs and cryptocurrency investing in general. They create trading and investment funds that allow users to invest in baskets of assets, rather than just one or two coins. Additionally, these platforms protect ICO investors through ratings and risk/return indicators, similar to what many Wall Street banks do with stock and fund evaluations. To be sure, the onus is still on investors to educate themselves, but these platform the tools to succeed.
Whether individuals educate themselves or not, ICO teams need to do their best to educate potential investors. In a recent Senate Banking Committee hearing, Jay Clayton applauded Facebook’s restriction of ICO promotions, calling it a “responsible step”. If the SEC begins cracking down on ICOs, companies must be sure that they do everything in their power to protect potential investors.
The Ironic Relationship Between Blockchain Technology and Auditing
All blockchain companies boast that their platforms, because they use blockchain technology, can be audited by any and all parties. Sadly, some companies don’t back up their big talk. This is especially true of ICOs, where infrastructure issues and security vulnerabilities can cripple a campaign before it has the chance to thrive.
In response, several companies, including Hosho, offer smart contract auditing and security services. They scour ICOs and blockchain platforms for smart contract errors and propose fixes to ensure that smart contracts do exactly what they are programmed to do. What’s more, they also run codes against a database of known attack vectors, alerting ICO and development teams of any existing issues. Some say the best offense is a good defense, and auditing security measures can help identify potential threats before hackers can actualize them. If an ICO team fails to fully vet their ICO and platform, fraudsters and hackers could take advantage and severely damage both the startup and its potential clients.
With the stunning number of hacks and frauds in the ICO world coming more and more into focus, the need for external auditing and control to protect customers and investors has never been greater. According to Hartej Sawhney, founder at Hosho, “The number of successful high-profile attacks and data breaches are indicative of the security weaknesses that many companies and organizations have. Companies preparing for a Token Generation Event should get at least one third party technical audit of their smart contracts.”
Further, Sawhney sees that the need for external security testing as critical for ICO success. Nevertheless, companies are wont to invest funds into non-sales activities, regardless of the important. He said, “Companies need to allocate time and capital towards security. Unfortunately, many companies put too much focus on compliance, thinking that as long as they meet all regulations, their sensitive data will be thoroughly protected.”