Almost 10% of all the money invested in initial coin offerings (ICOs) this year using cryptocurrency Ethereum has fallen into the hands of thieves.
Of the roughly $US1.6 billion (£1.25 billion) invested in Ethereum ICOs this year, cyber criminals stole $US150 million (£116.8 million), according to an analysis by Chainalysis, an investigatory and risk management firm specializing in virtual currencies. From June to August this year, the total lost to cyber crime in the crypto space jumped from $US100 million (£77.9 million) to $US225 million (£175.3 million).
Ethereum was launched in 2015 as a payment platform and cryptocurrency, similar to Bitcoin. It allows people to draw up smart contracts, make payments in its native currency, Ether, and enter into complex agreements that mimic real world contracts. But Chainalysis’ findings suggest people should be wary of investing and careful not to make themselves vulnerable if they do.
The analysis splits cybercrime into four types: exploits, hacks, phishing and ponzi schemes. Although high-profile hacks and exploits tend to get more media coverage, more than half the stolen funds to date have been acquired through phishing, where communications are sent from someone pretending to be a company in order to gain access to victims’ personal information.
The first major theft on Ethereum, in June 2016, saw $US74 million (£57.6 million) stolen from 11,000 victims. At the time, the platform’s total ICO funds were worth $US177 million (£137.9 million), meaning the thieves were holding more than 40%.
As developers have improved the security of smart contracts, the number of high-value thefts through exploits, (when thieves take advantage of a vulnerability in a system, as with the June 2016 theft) have decreased. But since May, the number of phishing victims has skyrocketed:
A total of 11,000 victims lost an average of $US6,700 (£5,220) each in 2016, but this has jumped to an average loss of $US8,000 (£6,233) across 19,000 victims in 2017. In June, $US30 million (£23.3 million) was stolen from coding company Parity, while August witnessed the first successful Ethereum hack, in which $US7.3 million (£5.7 million) was stolen from trading platform CoinDash.
Chainalysis has warned investors to beware of messages sent to them from services, social media, and slackbots, and to keep abreast of known scams. The Ethereum Scam Database currently lists 2,140 scams, 83 of which are active.
Ethereum was up against the dollar 0.98% as of 11:44 BST (06:44 EST) on Thursday morning:
Business Insider Emails & Alerts
Site highlights each day to your inbox.