Hackers have stolen $400 million worth of ICO investments

Take a deep breath.
Take a deep breath.
Image: Reuters/Thomas White
We may earn a commission from links on this page.

Government watchdogs have been warning investors about initial coin offerings (ICOs)—a digital gold rush that some enterprises around the world have used to raise about $3.7 billion. It may have been wise to listen to the advice: More than 10%, or roughly $400 million of that amount, has been stolen in hacker attacks, according to consulting firm EY.

The speed and size of the transactions is part of what attracts hackers (phishing is the most common technique): Investors have poured $300,000 per second into some ICOs. The world’s largest economy is also the ICO leader, with $1 billion raised so far. Russia and China (mainland ICOs combined with those that are Hong Kong based) are close in line, having raised more than $300 million each, according to EY.

For a while it seemed like the amount of money available for ICOs was almost unlimited. An ICO called Tezos raised $232 million; another called “Useless Ethereum Token” raised more than $40,000 in less than three days. Still, there are signs the boom has cooled slightly: About 25% of projects met their fundraising target in November, compared with 90% in June, EY says.

“There is a risk of having the market swamped with quantity over quality of investments,” said Paul Brody, EY’s global innovation blockchain leader.

Regulators have warned that ICOs have a high risk of fraud and investors could lose all of the money they put in. As some watchdogs crack down, EY says risky operators are likely to move to jurisdictions with a lighter touch.

ICOs issue digital tokens that blend aspects of cryptocurrencies like ethereum with crowdfunding. Sometimes the tokens correspond to a product—one digital unit might confer the right to use a new system, for example. If the system is popular, the token should increase in value.

Regulators have been wary of that reasoning. The US Securities and Exchange Commission has signaled that so-called utility tokens could actually be securities and could violate the law if they aren’t treated accordingly.

EY argues that there’s seldom a business need for the token, and that the benefits of distributed, blockchain technologies could be applied without them. The consultant said the digital token usually adds unjustified complexity. Most ICOs are also lacking in things like customers, revenue, and a product, making them substantially more risky that the typical stock market initial public offering (IPO).