The recent hack of CoinDash’s website during an initial coin offering was a big blow to the red-hot fundraising trend. But Can Kisagun, the cofounder and chief product officer of cryptocurrency startup Enigma, told Business Insider his firm has a simple solution that could prevent similar attacks from happening in the future.
ICOs have raised $US1.2 billion this year, according to Autonomous NEXT, a financial technology analytics firm. It is a trend that has sparked excitement across Wall Street.
The way an initial coin offering works is not as complicated as it may seem. A firm initiating an ICO has a smart contract on the Ethereum blockchain network. Interested investors send ether to that smart contract’s address and then in return they receive an ether token to participate in the protocol.
The CoinDash hack didn’t occur because the blockchain system itself was compromised, but rather because the website on which the smart contract address was being advertised was compromised.
“Hackers got into the backend of the site and changed the address,” Kisagun said.
Thus, investors sent their money to the wrong Ethereum address.
“Whether it’s on a website, or through social media, providing a funding address in a single location isn’t sufficiently secure,” Guy Zyskind, CEO of Enigma wrote in a recent blog post. “Therefore, we need a more secure kind of proof of address.”
Enigma’s solution is to hard wire the address of the token sale contract into the Ethereum or bitcoin blockchains when it’s created. Since information on the Ethereum or bitcoin blockchains can’t be tampered with, hackers wouldn’t be able to alter the address.
Of course, the people behind ICO could be scammers themselves. Therefore, to assure they’re not just faceless crypto-scammers, Enigma is proposing to store two other pieces of information into a multi-sig contract to serve as further proof of address:
- A picture of the team initiating the ICO holding a piece of paper with the smart contract address on it.
- Social proof that trusted parties approved the address. This can be done by having the parties disclose their public keys on their Twitter feed.
According to Kisagun, Enigma is looking at ways to employ similar strategies for its upcoming token sale.