The research, published by Moscow-based cyber security firm Group-IB on Wednesday, was based on an analysis of 450 attacks on ICOs since the beginning of 2017. Attempts by hackers to steal money from ICO projects increased tenfold over the period.
Group-IB also took part in a study published this week by Ernst & Young which showed that roughly $400 million of the $3.7 billion raised via ICOs to date had been stolen.
The findings come amid a cryptocurrency investing craze, with young companies raising hundreds of millions of dollars online to fund projects, with often little more than a handful of employees and an outline business plan.
There is also growing scrutiny from regulators and investors, some of whom say they have been misled or defrauded via ICO schemes.
Group-IB said ICOs and cryptocurrency investors were particularly at risk from so-called phishing attacks - when hackers spoof emails and websites to steal passwords and personal information - with some groups who previously targeted banks now stealing as much as $1.5 million a month this way.
In some cases, hackers have also attacked and doctored ICO project websites, changing the information so would-be investors send their money to the wrong digital “wallets” used for storing cryptocurrencies.
“Most attacks use traditional and well-proven techniques, which are also very effective for stealing cryptocurrencies,” said Ruslan Yusufov, director of private client services at Group-IB. “Lots of projects underestimate cybersecurity risks, which leads to an avalanche of threats and successful thefts.”
More about: #cybersecurity