Safeonline Emerging Technology Risks Series
Initial Coin Offerings
To kick off our new monthly Safeonline Emerging Technology Risks Series we will be analysing the risks associated with Initial Coin Offerings which have recently become a hugely popular way of crowdfunding via cryptocurrency but have seen a range of hacking attacks and regulatory issues.
What is an Initial Coin Offering?
An Initial Coin Offering (ICO) is a way for cryptocurrency start-ups to raise money by offering new digital tokens in return for Bitcoin or Ether. Investors purchase these digital tokens in anticipation of the increasing demand for companies using these tokens on blockchain technology therefore creating economic value. Tokens are then traded and the exchange of value will be dependent on how well the company is performing or expected to perform. Many companies have turned to raising money through ICOs compared to using Venture Capital as it is far easier and quicker to fund projects. By easier I mean that some companies haven’t even provided formal business plans or financial projections and are still managing to raise millions of dollars. Without certain controls, protection and regulation this has meant that a number of ICOs have been fraught with scandals and criminal activity.
The new gold rush?
The Ethereum Project has become the most popular platform for ICOs so far launching itself through an ICO in 2014 by raising approx. $18.5 million in Bitcoins. Since then ICOs have really taken off with almost $1.3 billion having been raised this year alone according to a new report from Autonomous, the financial research provider. Let’s have a look at some examples.
• InsureX ICO raised $7 million worth of ether in early July describing themselves as a marketplace for insurers, reinsurers and brokers to trade insurance products on a blockchain platform.
• The Bancor Foundation raised $153 million worth of ether over three hours on 12 June 2017. The business says it will use smart contracts coded into the tokens to match buyers and sellers of cryptocurrency.
• Tezos ICO raised a whopping $232 million worth of bitcoin and ether making it the largest to date. Tezos has created a new form of blockchain by creating smart contracts on a self-amending cryptoledger boosting security.
SEC issues a stark warning
The SEC have recently issued a warning to the crypto community by ruling that some of the tokens for sale are actually securities and are therefore subject to SEC regulation. The ruling was based on reviewing the DAO (Decentralised Autonomous Organisation) that raised $150 million in ICO last year and the SEC have stated that ICO tokens are simply new forms of shares and therefore selling them without a license violates federal securities laws. Whilst this ruling is specific to the DAO, this is a stark warning to companies looking to ICOs for a quick way to raise funding and the last thing a company founder will want is to be made an example by the SEC.
One of the greatest risks that has come to light with ICOs has been wallet vulnerabilities or coding errors in third party tools build on Ethereum. I like the analogy that the blockchain is like a vault and a cryptocurrency wallet is more like a bank and its easier to steal from a bank than from a vault. An example of this can be seen with the Parity Wallet breach whereby 153,000 ethers were stolen from client’s wallets because of a critical vulnerability in the multi-sig contract. The gold rush has resulted in increasing hackers piggybacking ICOs in the hope of stealing cryptocurrency by taking advantage of poor wallet coding and lack of cyber security. A startup project called Coindash was victim of a hacking attack whereby a fake address was used to solicit funds resulting in ether being transferred to another source. Veritaseum was also victim of a hack with its own token called VERI stolen and then exchanged on EltherDelta into ether making nearly $8 million consequently causing the value of VERI to drop.
Insurance for ICOs?
ICOs have been impressive this year with the amount of money that has been raised however if this becomes more mature then startups will have to focus on proper risk management and procedures so they do not face potential class actions from investors. Measures such as introducing tighter cyber security against hacking and other types of cybercrime will ensure that investors are better protected against ICO hacks. From an insurance perspective, the ICO market is still very nascent and many insurers are still getting their heads around cryptocurrency let alone an ICO. However as with all innovation insurers need to embrace these emerging technology risks and start dipping their toes in by partnering with a startup performing an ICO. For example, the potential insurance product could cover a whole range of risks such as Cyber, E&O, Crime and Prospectus Liability for the ICO. Overall, I believe this is an exciting time for the cryptocurrency and blockchain space and I look forward to seeing how these startups develop over the next couple of years.
If you would like to discuss please get in contact at Cyber@Safeonline.com