A new report from accountancy firm Ernst & Young suggests that 10% of all funds raised by ICOs have been stolen, amounting to nearly four hundred million dollars.

ICOs allow companies to raise money without having to relinquish control. Instead of selling part of themselves to investors, they raise money for specific projects by selling digital coins which come with certain rights, such as the use of that future project.

The risks to investors have been well reported. The company may never deliver on its promises, leaving the investor with nothing but a worthless digital coin. Until the Ernst & Young report, less well known was that much of the invested funds does not even reach the companies. Fully 10% of all invested funds are being diverted to hackers.

The report details that $1.5 million is stolen each month, and that “phishing is the most common form of funds theft”. Phishing occurs when a user voluntarily gives up personal information or money to a legitimate-seeming but fake request. In the case of ICOs, hackers create fake web pages which resemble real ICO projects and trick investors into “investing” in them.

Ernst & Young also point out that cryptocurrency users are particularly vulnerable to having their personal details compromised as many exchanges are simply not keeping their users’ data sufficiently safe. “Most exchanges do not disclose policies and controls over personal data storage and use” they said. These data provide “great value on the black market and chances of its misuse are high even without a breach”.

New standards will be needed to help increase protection. Grey Cudahy of Ernst & Young argues that any new standards would have to result in “improved transparency, fraud prevention, and legitimacy” for investor protection to have a “greater chance of success.”

Image From Shutterstock