Security researchers from Positive found on average five vulnerabilities in each ICO, held last year. This is reported Bleeping Computer.
According to researchers, only one ICO project didn't contain bugs.
The study found that 71% of the projects contained vulnerabilities in smart contracts. Among the common problems, analysts pointed out the inconsistency with the ERC-20 standard, the incorrect generation of random numbers and other significant shortcomings.
Experts said that such vulnerabilities appear due to lack of proper qualification of programmers and insufficient testing of source code.
Most of the security breaches analysts found in ICO-projects of mobile applications development. Among the common vulnerabilities were named: unsafe data transmission, unreliable storage of user data in phone backups and disclosure of the session identifier.
Some vulnerabilities in web applications were aimed at attacking investor funds. For example, because of a lack of proper security, hackers could register a domain similar to ICO, create phishing sites, thereby deceiving investors.
According to the research, every third project contained vulnerabilities that allow hackers to access data and savings of companies-organizers. Analysts also noted that many initiators of ICO did not use two-factor authentication for important accounts.