$400 million raised in ICOs has been stolen, finds EY report

More than 10% of funds raised when new digital currencies are distributed to buyers is lost, research by EY suggests

A computer screen displays a site featuring cryptocurrency token sales and ICO (Initial Coin Offering) lists in Berlin on November 26, 2017.
Bypassing oversight of any kind, Initial Coin Offerings (ICOs) have sprung from nowhere to become a hugely popular way for start-ups to raise funds online, offering self-created digital "tokens" or coins to any willing buyer. / AFP PHOTO / John MACDOUGALL
Powered by automated translation

More than 10 per cent of funds raised through initial coin offerings (ICO) are lost or stolen in hacker attacks, according to new research by EY that delves into the risks of investing in cryptocurrency projects online.

The professional services company analysed more than 372 ICOs, in which new digital currencies are distributed to buyers, and found that roughly $400 million of the total $3.7 billion funds raised to date had been stolen, according to research published on Monday.

Phishing was the most widely used hacking technique for ICOs, with hackers stealing up to $1.5m in ICO proceeds per month, according to the report.

The research also noted that the volume of ICOs has been slowing since late last year. Less than 25 per cent of ICOs reached their target in November, compared with 90 per cent in June.

The study comes amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund their projects, with often little more than a handful of employees and a business plan outlined in a so-called "white paper".

The challenges faced by more recent ICOs in reaching their targets are partly attributable to the lower quality of projects, as well as issues that have emerged around earlier projects, said Paul Brody, global innovation leader for blockchain technology at EY.

“The volume just exploded, people raised their fundraising goals and the quality just dropped,” Mr Brody said.

“We were shocked by the quality of some of the white papers, we see clear coding errors and we see conflicts of interest between the companies issuing tokens and the community of token holders.”

In ICOs companies typically raise money to build new technology platforms or to fund businesses that use cryptocurrencies, also called tokens, and blockchain, the software that underpins them. Yet for many of these projects the need for blockchain and cryptocurrencies is often unjustified, according to EY.

It also noted valuations of ICO tokens are often driven by "fear of missing out" – Fomo – and have no connection to market fundamentals such as project development. EY said this has led investors to pour money into ICOs at record speeds, with the 10 shortest lasting ICOs attracting $300,000 per second on average.

The study also found several instances in which the underlying software code of a project contained hidden investment terms that had not been disclosed, or contradicted previous disclosures. For example, a white paper might state that there will be no further issuance of a cryptocurrency, while the code might leave that option open.