Over 70% ICOs Have Smart Contracts Vulnerabilities

As researchers report, only one ICO held in 2017 did not contain any critical flaws
26 June 2018   452

Security researchers from Positive found on average five vulnerabilities in each ICO, held last year. This is reported Bleeping Computer.

According to researchers, only one ICO project didn't contain bugs.

The study found that 71% of the projects contained vulnerabilities in smart contracts. Among the common problems, analysts pointed out the inconsistency with the ERC-20 standard, the incorrect generation of random numbers and other significant shortcomings.

Experts said that such vulnerabilities appear due to lack of proper qualification of programmers and insufficient testing of source code.

Most of the security breaches analysts found in ICO-projects of mobile applications development. Among the common vulnerabilities were named: unsafe data transmission, unreliable storage of user data in phone backups and disclosure of the session identifier.

Some vulnerabilities in web applications were aimed at attacking investor funds. For example, because of a lack of proper security, hackers could register a domain similar to ICO, create phishing sites, thereby deceiving investors.

According to the research, every third project contained vulnerabilities that allow hackers to access data and savings of companies-organizers. Analysts also noted that many initiators of ICO did not use two-factor authentication for important accounts.

Сould you please attach your email address for us to send you the most interesting ICO's rating and reviews. No spam.

SEC to Slap ICO Founder With $30K Fine

Additionally, David Laurance, founder of Tomahawk Exploration LLC got 2 lifetime bans
15 August 2018   119

The US Securities and Exchange Commission (SEC) on Tuesday reported that it has issued two new bans directed against David Laurence, the founder of Tomahawk Exploration LLC. Tomahawk allegedly stands behind fraudulent ICO, writes CoinDesk.

Laurence, according to the SEC, raised funds through the sale of Tomahawkcoin tokens, in the process of using misleading advertising materials and fraudulent statements that it is a tenant of drilling sites.

Moreover, the sale of Tomahawkcoin tokens, according to the SEC, was accompanied by a false promise that "the holders of tokens will be able to exchange Tomahawkcoin for shares and receive a potential profit from oil production and secondary tokens trading."

According to the SEC, Lawrence neither acknowledged nor denied the charges, but he and his company agreed to these bans, as well as a fine of $ 30,000.

...Tomahawk issued tokens as part of the Bounty Program to generate interest in the ICO, which benefited Tomahawk. Distribution of tokens that are securities in exchange for promotional services to advance the issuer's economic objectives or create a public market for the securities constitute sales for purposes of Section 5 of the Securities Act and Section 10(b) of the Exchange Act and Rule 10b-5 thereunder.
 

SEC

The first prohibition of the SEC is a ban on the director's work in public companies, and the second does not allow Lawrence to own and trade in so-called "penny" shares. Both prohibitions, according to the announcement of the SEC, are lifelong.