Published by Gbaf News
Posted on June 27, 2018
10 min readLast updated: January 21, 2026
Add as preferred source on Google
ICO security company launches Chainwatch, a real time monitoring product for ICOs
Positive.com’s specialist anti-fraud team found an average of five separate vulnerabilities in each project they examined in 2017, revealing the extent of risk for ICO management teams and investors alike. 47% of ICO vulnerabilities uncovered by Positive.com’s anti-fraud team were medium to high severity. Just one vulnerability is enough for attackers to steal investors’ money and do irreparable damage to corporate reputation.
According to various estimates, total investments in ICOs exceeded $5 billion in 2017, with the first quarter of 2018 showing no sign of slowdown.
With large sums of money available, incentives for cybercriminals are high, and in fact, we saw 7% of all funds raised in ICOs last year stolen, to the value of $300 million. Of all the security audits conducted for Positive.com clients active in ICOs and blockchain deployment in the banking industry in 2017, only one did not contain any critical flaws.
Positive.com has today launched the open beta phase of its unique Chainwatch product, which provides real-time monitoring and detection of attacks on ICO smart contracts and wallets. Currently in trial with customers, and the open beta phase making it open to the public, Chainwatch allows timely response to suspicious activity through predefined rules (blockchain metrics), which alert when a threshold is reached and an anomaly detected – such as abnormal money withdrawal. Early alerts to potentially fraudulent activity allow ICO organizers to take evasive action, such as withdrawing funds or warning investors to hold money transfer.
Chainwatch is the only product that can monitor all Ethereum smart contracts in real-time, with automated alerts to owners and investors, meaning ICO organizers can take a proactive approach to security and monitor the load on the service. New checks are being added daily, but Chainwatch already detects key attack types, including Transaction Ordering Dependence (TOD), Reentrancy, Short Address Attacks and anomalous attacks.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive.com said “In an ICO, time is of the essence, and short time frames mean that anticipating attacks well in advance is critical for avoiding financial losses. The latest figures have shown the rapidly increasing rate of crime and fraud on the cryptocurrency market, with cybercriminals recognizing the opportunity presented by the dramatic rise of the cryptocurrency market in recent months. However, none of the ICOs protected by Positive.com fell victim to cyberattacks and all successfully completed their ICOs without incident.”
Positive.com found that 71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO. Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, vulnerabilities in smart contracts occur due to lack of programmer expertise and insufficient source code testing, with high-profile incidents, including the recent BatchOverFlow bug and the Parity Wallet vulnerability in late 2017. And one third of all ICO vulnerabilities detected by Positive.com experts were in smart contracts.
Half of audits revealed vulnerabilities in ICO web applications, a huge risk with unauthorised control of a website and its contents potentially causing multi-million dollar losses in just minutes.
The team found vulnerabilities were divided into five groups;
Galloway continued: “The second a company goes public with an intention to do an ICO, it’s waving a huge flag to cyber criminals that it’s both valuable and also in a very vulnerable phase of its company growth. ICO teams have a responsibility to ensure their security posture is as robust as possible, from the development of the smart contract and web applications, to monitoring load once the ICO has begun and helping investors avoid phishing attacks.”
ICO security company launches Chainwatch, a real time monitoring product for ICOs
Positive.com’s specialist anti-fraud team found an average of five separate vulnerabilities in each project they examined in 2017, revealing the extent of risk for ICO management teams and investors alike. 47% of ICO vulnerabilities uncovered by Positive.com’s anti-fraud team were medium to high severity. Just one vulnerability is enough for attackers to steal investors’ money and do irreparable damage to corporate reputation.
According to various estimates, total investments in ICOs exceeded $5 billion in 2017, with the first quarter of 2018 showing no sign of slowdown.
With large sums of money available, incentives for cybercriminals are high, and in fact, we saw 7% of all funds raised in ICOs last year stolen, to the value of $300 million. Of all the security audits conducted for Positive.com clients active in ICOs and blockchain deployment in the banking industry in 2017, only one did not contain any critical flaws.
Positive.com has today launched the open beta phase of its unique Chainwatch product, which provides real-time monitoring and detection of attacks on ICO smart contracts and wallets. Currently in trial with customers, and the open beta phase making it open to the public, Chainwatch allows timely response to suspicious activity through predefined rules (blockchain metrics), which alert when a threshold is reached and an anomaly detected – such as abnormal money withdrawal. Early alerts to potentially fraudulent activity allow ICO organizers to take evasive action, such as withdrawing funds or warning investors to hold money transfer.
Chainwatch is the only product that can monitor all Ethereum smart contracts in real-time, with automated alerts to owners and investors, meaning ICO organizers can take a proactive approach to security and monitor the load on the service. New checks are being added daily, but Chainwatch already detects key attack types, including Transaction Ordering Dependence (TOD), Reentrancy, Short Address Attacks and anomalous attacks.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive.com said “In an ICO, time is of the essence, and short time frames mean that anticipating attacks well in advance is critical for avoiding financial losses. The latest figures have shown the rapidly increasing rate of crime and fraud on the cryptocurrency market, with cybercriminals recognizing the opportunity presented by the dramatic rise of the cryptocurrency market in recent months. However, none of the ICOs protected by Positive.com fell victim to cyberattacks and all successfully completed their ICOs without incident.”
Positive.com found that 71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO. Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, vulnerabilities in smart contracts occur due to lack of programmer expertise and insufficient source code testing, with high-profile incidents, including the recent BatchOverFlow bug and the Parity Wallet vulnerability in late 2017. And one third of all ICO vulnerabilities detected by Positive.com experts were in smart contracts.
Half of audits revealed vulnerabilities in ICO web applications, a huge risk with unauthorised control of a website and its contents potentially causing multi-million dollar losses in just minutes.
The team found vulnerabilities were divided into five groups;
Galloway continued: “The second a company goes public with an intention to do an ICO, it’s waving a huge flag to cyber criminals that it’s both valuable and also in a very vulnerable phase of its company growth. ICO teams have a responsibility to ensure their security posture is as robust as possible, from the development of the smart contract and web applications, to monitoring load once the ICO has begun and helping investors avoid phishing attacks.”
Explore more articles in the Investing category
