Download as PDF, PPTX
Uploaded byNagib Aouini
ICO and Cyber security - How to protect from hackers during ICOs
The document discusses the timeline and cyber threats associated with Initial Coin Offerings (ICOs), highlighting various attack methods such as phishing, social engineering, and malware targeting. It emphasizes the importance of securing ICOs through best practices, including the use of smart contracts, cold storage for funds, and auditing procedures. Additionally, a top ten checklist for ICO security is provided, which includes recommendations for password management, two-factor authentication, and KYC compliance.
More Related Content
![Secure IoT with Blockchain: Fad or Reality? [BOF5490]](https://cdn.slidesharecdn.com/ss_thumbnails/j1-2016-bof5490-iot-blockchain-160927112314-thumbnail.jpg?width=640&height=640&fit=bounds)
![Initial Coin Offerings: An Overview [Digital Ventures]](https://cdn.slidesharecdn.com/ss_thumbnails/icobriefing-sept2017-170907035947-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to ICO and Cyber security - How to protect from hackers during ICOs
![Number_Guessing_Game_Dsbsbssbzboc[1].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/numberguessinggamedoc1-251206215042-a076fc05-thumbnail.jpg?width=640&height=640&fit=bounds)
ICO and Cyber security - How to protect from hackers during ICOs
- 1.
- 2. Agenda ― ICO timelineand cyber threats ― Best practices for securing token sales during ICO ― Q & A 1 2 3
- 3. ©copyright 2017 ICO timeline ICOand Cyber Security - ICOChain 2 - 01.11.17 3 • Hacker follows ICO listing via API • Attacks can be automated via CC dashboard Attack(s) start here Attack(s) continue … http://bitcoinchaser.com/ico-hub/ico-timeline-components
- 4. ©copyright 2017 ICO actorsand cyber threats ICO and Cyber Security - ICOChain 2 - 01.11.17 4 • Hijack DNS ownership • Usurpate identity to to change phone operator • Social engineering attacks • Social media hijack • Impersonate CEO and founding team • Target phishing email • Attacking wallets with malware http://bitcoinchaser.com/ico-hub/ico-timeline-components • Steal mailing list • Send phishing emails • Scam on slack and social networks (telegram, forum ..) • Fake website re-direct
- 5. ©copyright 2017 ICO timelineand cyber threats ICO and Cyber Security - ICOChain 2 - 01.11.17 5 Posting fake URL and fake token sales page, fake blog. Phishing links Register fake DNS domain ABC … Duplicate website / Spider Scam slack with slackbots and hacking Twitter account (even 2FA set with SMS) http://bitcoinchaser.com/ico-hub/ico-timeline-components Direct email message to investors to divert them in scam ETH address. Hacking password and 2FA (don’t use SMS) Direct attacks on ICO team (social engineering, malware email attachement, linkedin …)
- 6. ©copyright 2017 ICO hackstories ICO and Cyber Security - ICOChain 2 - 01.11.17 6
- 7. ©copyright 2017 ICO hackstories ICO and Cyber Security - ICOChain 2 - 01.11.17 7 a hacker was able to change the Ethereum address posted on the ICO’s website a hacker exploit a bug in parity wallet and steal 32Mln$ a white hacker group has also secured 270Mln$ Slackbot send fake MyEtherWallet URL
- 8. ©copyright 2017 Are yousure you want to use Slack for your ICO ? ICO and Cyber Security - ICOChain 2 - 01.11.17 8 1.Direct Message in Slack 2. Remind task by using Slack Bot 3. Scam ICO site with using False Advertising 4. Duplicate/Clone Site.
- 9. ©copyright 2017 Do youthink this is secured way to receive funds ? ICO and Cyber Security - ICOChain 2 - 01.11.17 9 ETH address Receive ICO token Receive ICO token Receive ICO token ETH address ETH address
- 10. 1 Securing your ICO ICOand Cyber Security - ICOChain 2 - 01.11.1710
- 11. What is aSmart Contract Smart contracts are computer protocols that facilitate, verify, or enforce the negotiation or performance of a contract, or that make a contractual clause unnecessary. Smart contracts often emulate the logic of contractual clauses Source : Wikipedia
- 12. ©copyright 2017 But smart-contractsare difficult to secure ICO and Cyber Security - ICOChain 2 - 01.11.17 12 Source: “A Survey Of Attacks On Ethereum Smart Contracts”, Atzei N., et al, 2017
- 13. ©copyright 2017 Securing funds 13 Softwarewallets / Mobile https://99bitcoins.com/best-bitcoin-wallet-comparison-review/ Paper Wallet / Cold Wallet , Hardware wallet ICO and Cyber Security - ICOChain 2 - 01.11.17 Which one you think is the most secured ?
- 14. ©copyright 2017 Cold /Hot storage ICO and Cyber Security - ICOChain 2 - 01.11.17 14 https://blog-archive.bitgo.com/bitgo-release-open-source-key-recovery-service/
- 15. ©copyright 2017 ICO securedtoken sales architecture 15 Registration KYC check Wallet Management User Management Peak Traffic Management MyEthWallet Bitcoin Wallet Tokensales.ABC.com Blockchain (Bitcoin / ETH) ICO smart-contract(s) ICO and Cyber Security - ICOChain 2 - 01.11.17
- 16. ©copyright 2017 Top 10– ICO Security Check-list ICO and Cyber Security - ICOChain 2 - 01.11.17 16 Secure password storage and rotation (SSH, FTP creds, admin account, social media …) 2FA for accessing ALL admin console : AWS, Twitter, Mailchimp, Web, Wallet …. And also to your investors ! Community management and “Angel” guardian(s) that clean and delete SCAM posts. Run a bounty program. Don’t use Slack Rate Limiting & Throttling on ICO Token Sales page (use www.peakprotect..com or other queue service) Audit of ALL your smart-contract by specialist (zeppelin , ValidityLabs, ELCA ….) Hardening and securing all your token sales system (registration, contract address management, users …) Move funds accross cold-storage and use multi-signature waller with strong access control and governance Test and validate ALL your smart-contracts before usage (avoid mistake like Blocktix end date) KYC/AML compliance check in pre-registration ICO process
- 17. ©copyright 2017 ICOand Cyber Security - ICOChain 2 - 01.11.17 17
- 18. Mr Nagib Aouini Headof Cyber Security Nagib.aouini@elca.ch Tel : 021 613 2136 Confidential do not distribute 18