How to Keep Hackers Out of Your Initial Coin Offering (ICO)
A week without hearing about an ICO being hacked is unusual. Given the obvious and ongoing issues, it is surprising that there is so little information available on how to protect your ICO for teams starting or running a blockchain firm.
When your project announces its ICO to the world, it essentially guarantees that it will collect hundreds, if not millions, of dollars in bitcoin. You're setting yourself up as a target.
3D Modeling Services creates a magnificent and impressive visual experience for Information Transformation Services' clients. We are absolutely committed to providing our customers with a variety of appealing 3D designs that have been meticulously designed to fulfil all types of requirements.
It's the equivalent of openly declaring that you've amassed and are hoarding millions of dollars in your apartment. Criminals will take notice and exploit any weakness. Your ICO or blockchain project will almost probably be hacked unless you take action.
Why is there such a plethora of hacks?
The prevalence of breaches is most likely due to a combination of factors, including record amounts of money entering the industry, the absence of security concerns in new initiatives, and the security vulnerabilities inherent in this developing ecosystem.
A quick disclaimer
This paper is not meant to be a comprehensive cybersecurity manual or a comprehensive list of attack vectors. It is intended to increase your understanding of the numerous types of security threats out there, to provide you with practical recommendations on how to secure your ICO or blockchain project, and to push you to take action.
Information Transformation Service offers web scraping services to improve business outcomes and facilitate intelligent decision making. Their web scraping service allows you to scrape data from any website and transfer web pages into an easy-to-use format such as Excel, CSV, JSON, and many more.
To that end, this post will look at six well-known crypto breaches and discuss the security implications. It will also offer ten essential security recommendations to help ICO teams and blockchain companies avoid becoming the next hacking statistic.
The DAO Scheme
The DAO, a company that is building a Decentralized Autonomous Organization (DAO) on the Ethereum blockchain, has been hacked. The DAO project was started in late April 2016, with a 28-day financing period.
The project was funded through a token sale, which was a big success, raising around $150 million from approximately 11,000 people worldwide. 'The DAO' was hacked by an unknown attacker who stole $55 million in Ether shortly after the funds were raised.
Despite reports detailing security issues and advising people not to support the DAO, it was the largest crowdfunding project in history at the time. Finally, the hacker stopped draining The DAO's assets, and the Ethereum community seized control of the situation. The money, fortunately, was subject to a 28-day hold period, which stopped the hacker from spending the stolen Ether.
The postmortem investigation
The attack was ultimately enabled by a weakness in The DAO code rather than the Ethereum network itself. Many developers warned that the DAO project was vulnerable to a programming hazard or bug known as “recursive calls” — “where an attacker called the “split” function, and then called the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.” 
This allowed the attacker to drain more than $50 million in ether into a "child DAO" with the same structure as The DAO, and the attacker was able to continuously request the ether from the smart contract (DAO) before the smart contract could update its balance. The DAO's programming was flawed because it sent the ETH funds first and then changed the balance.
Key recommendations for protecting your ICO from hackers
The process of creating Ethereum smart contracts is notoriously error-prone, with the repercussions of even a single mistake or loophole being severe.
At the very least, use programming manuals that offer best-practice recommendations to avoid frequent errors.
Take security concerns seriously and pay attention to what your community has to say.
Consider putting a doomsday clause in your smart contracts that prevents any Ether from being converted into fiat money after a certain number of days.
It is critical to monitor ICO activities and be able to act quickly.
CoinDash is a cryptocurrency-based portfolio management tool. The Coindash Initial Coin Offering (ICO) was hacked almost soon after it launched in July 2017. As a result, several potential clients transferred money to a fictitious address. The sale was cancelled following a $7 million loss.
When the Coindash team discovered that hackers had changed the official wallet address to a wallet owned by the hackers, they issued an emergency alert. It was, however, too late.
“This is an emergency message issued to you to prevent you from sending money to an unapproved ETH address. Our Token Sale website appears to have been tampered with, and the sending address appears to have been changed. Please do not send any funds to any of the addresses unless we specifically instruct you to do so. We are actively researching the issue and will provide additional instructions as soon as possible.”
The postmortem investigation
Coindash, like many other ICOs, featured a page on its website that received thousands of unique visitors, with text indicating an Ethereum address to which buyers could send money.
Purchasers were misled into sending money to the wrong address during the Coindash Initial Coin Offering. In about 7 minutes, 43 thousand ETH were redirected to a malware address. The hacker achieved this by getting control of the official Coindash website immediately after the ICO began and simply changing the text on the site to reflect their ether wallet address rather than Coindash's address.
The exploit methods, according to cyber security experts, imply that it was most likely carried out by a highly adept group of people rather than a single person.
An investigation into the hack of the CoinDash WordPress site has begun and is still ongoing. The Coindash blog has some preliminary findings -