2018 will be the year of ICOs. This brings a large concern because setting up an ICO is pretty easy. You have tons of Youtube videos how to set up the ERC20 token (token built on Ethereum blockchain). That, on the contrary, lowers the level of skills that are needed to enter the market. Hackers that are targeting ICOs know that it’s almost impossible to hack Ethereum’s or Bitcoin’s Blockchain, instead of doing that they are targeting weak points.
How do the hackers usually move? They will start pinging the ICO crowdsale platform, to find security holes, from where they can get in. Most of the crowdsale platforms, usually don’t know that they have been breached. When they have reached access to the critical parts, they don’t just swoop in guns blazing and take what’s up for the grabs on the first go. Instead they will monitor the ICO. when ICO has collected enough funds, they will initiate the hack.
We have made an overview, where are the main security issues from the past hacks, and how could you avoid them.
If it’s offline, it’s hard to touch. For an extra layer of security use hardware wallets or paper wallets. Remember to lock them up in some place secure.
You need only one security breach to turn everything upside down. Use different passwords for all the accounts, if one of them gets hacked, the rest are safe.
If possible, always use 2-step verification. If your password is compromised, they still need to access your phone to get that second step verification.
Don’t expect your ICO’s team to be experts in cybersecurity. When dealing with other people’s money, security comes first.
Keep the passwords for different servers or services on only need-to-know bases. By doing so it will lower the risk of sensitive information ending up in wrong hands.
One of the biggest victims are the people who are never cautious or are lazy. There will be phishing sites that look exactly like yours. To reduce the risk of that happening, buy domains that are similar to yours. That means to get all the .net, .org, .co or even some misspelled domains. It will lower the risk of phishing sites to look authoritative.
Your customers need your help. Educate them on how to store their tokens, how they can trade your tokens, and how they can keep their ICO tokens secured.
Technology is growing at a rapid base. Always monitor, test, and audit your code.
When you build a great community around your ICO or blockchain project, you will create an extra layer of defense. This means that people will care more about your project, and you will have more eyes and ears around you, who will report if they see something that is out of ordinary, like phishing sites.
Always have people who are monitoring your social media accounts and are ready to react when someone spams your community or advertises false information.
Let us know in comments below, how would you improve the security of an ICO or Token-Sale?