Positive.com has today launched to protect companies undergoing an Initial Coin Offering (ICO) against cyber attacks which can siphon off funds and hold companies to ransom during a critical period in their growth. The service is the first of its kind to provide cyber security protection for all points of risk in the ICO process. This includes making sure Blockchain smart contracts are free from vulnerabilities and logic flaws, the code used in web applications, servers, mobile applications is secure in advance, employees are trained to stop insider threats and threat monitoring is maintained throughout.
With $150bn in capital already raised by ICOs this year, they are increasingly under the microscope of cyber criminals, who have stolen at least $150m in digital capital alone this year. Attacks exploiting vulnerabilities in the DAO and Parity offerings, for example, saw over $100m of tokens illicitly redirected. CoinDash lost $8m when attackers exploited vulnerabilities in the company’s web applications.
The experts at Positive.com help companies secure their offering in two stages. First, they help companies prepare in advance. This is done by analysing the source code used in the smart contracts issued to investors in exchange for tokens, removing technical vulnerabilities and logic flaws and checking the fixed code in a private Blockchain. This phase also includes a vulnerability analysis of web and mobile applications, OS and network infrastructure, denying attackers points of entry, as well as training employees to avoid social engineering attacks.
The second stage of protection is designed to safeguard the ICO whilst live, ensuring attackers cannot cause reputational issues at a critical time by bringing down connected infrastructure, defacing websites or infiltrating networks. The company issuing the ICO has a cloud-based enterprise grade web application firewall and SIEM deployed, backed-up with 24-hour round the clock monitoring from a Security Operations Centre.
The offering has been spun out of international cyber security company Positive Technologies as a dedicated offering and draws on years of deep insight. The team has specialist source code analysis and vulnerability experience in a range of sectors, including financial services, as well as helping some of the largest companies in the world prevent against and remediate after breaches.
“Recent events have shown that ICOs are a ripe target for cyber attacks. A highly valuable financial event, which is open to the public and relies utterly on technology from start to finish is like a red rag to a bull for hackers,” said Leigh-Anne Galloway, Cyber Resilience Lead at Positive.com.
“When your code potentially has direct control of millions of dollars of assets, there is no room for error. Any vulnerabilities in the smart contract, applications, or connected infrastructure provide a potential point of weakness which could have extreme consequences. Investors could either lose money or faith in the company trying to raise funds. Either way, something which is supposed to be the engine of growth for young companies, ends up becoming a disaster.”
“We are trying to help address this balance. With our service, we’re aiming to help organisations make their ICO more secure so that they, and their investors, can reap the benefits of this next step in the evolution of funding.”
Find out more at https://ico.positive.com/