Challenge

“More than 10% of ICO funds are lost or stolen in hacker attacks. Hackers benefit from the hype, irreversibility of blockchain-based transactions and basic coding errors that, had the ICO been carefully reviewed by experienced developers and cybersecurity analysts, could have been avoided.

Funds are misappropriated via substituting project wallet addresses (phishing, site hacking), accessing private keys and stealing funds from wallets, or hacking stock exchanges and wallets; all on top of indirect losses caused by high reputational risks for project founders.”

-Ernst & Young ICO Market Report, January 17 2018.

A silicon valley based startup has been weeks into preparation for their Initial Coin Offering, and they were ready to go fully public. Their product was a decentralized data exchange between social media, recruitment, and professional services with an A-team backing the project as well as seasoned venture capitalist enterprises. Because of their high profile venture and positive feedback from the community and investors, the project was going to draw a lot of interest within cyber criminal enterprises.

The startup was expecting a full brunt of cyber attacks targeting the core team, advisors, partners, investors, community, server infrastructure, crypto accounts, their cryptocurrency, and their decentralized application built on top of ethereum. In other words, they were expecting more than a 2M Dollar loss according to industry averages considering that they were on the spotlight.

Sentry was brought into the project team to implement and lead the defense.

Solution

We have been tasked with the full responsibility of protecting the organization’s assets, people, community during the ICO launch and token distribution. In order to better protect the organization, we’ve developed a comprehensive ICO Cyber Killchain based on previous cases and threat intelligence research in order to set up defenses for all vectors of attack.

The main focus of our defense was around the people involved. Because of the elaborate attacks that were going to be focused at individuals (and humans are your weakest link!) we’ve had a multitude of staff awareness sessions & training for all the different roles within the company. We’ve worked on integrating a security mindset in the PR team as they’re the bridge between the outside and internal networks of the organization. We’ve worked on communications plans for the company in case of crisis and panic in order to ensure order and not startle the community. The executive team has been thoroughly trained on spotting social engineering campaigns by us actually launching such attack campaigns against them. This unconventional way of training has proved highly successful as members were actively looking out for threats.

On the infrastructure side, we have performed a multitude of penetration tests according to the researched vectors of attack. This helped the company understand the types of attacks that we would be having but it also helped testing out the security controls already placed in. This was a purple team approach as opposed to more traditional ways of testing. Monitoring infrastructure was established for threat intelligence and scam campaigns, as well as fraudulent ads in multiple ad networks.In addition to community moderators, we have developed our own telegram moderation bot for chat and scammer monitoring as well as integrated it with our chat honeypots that we have deployed.

The following are all of the services performed:

• ICO Cyber Killchain Development
• Staff Awareness Training & Social
• Engineering Tests
• Penetration Testing on Infrastructure & Application
• Consultations on Defensive Techniques and Implementations
• Integrating a Security Mindset in Public Relations Teams
• Developing a communications plan for the PR team in case of crisis
• Incident Response Plan Development
• Threat Intelligence & Scam Monitoring
• Program (With help of Etherscan)
• Ad Network Monitoring for Fraudulent Ads
• DMCA Takedown Notice Preparation
• Established relationship with Google and
• Metamask for fast takedowns.
• Forceful takedowns on cases of non-compliance
• Wallet Security Best Practices
• Developed Telegram Moderation Bot for ICO
  Smart Contract Auditing

Success

The ICO has been successfully funded in the first hour of its crowdsale launch. With 10.5k investors and another 20k KYC verified.
Stats on security:

• 0 data breaches
• 1,500+ banned impersonators in Telegram
• 30+ cloned websites taken down with the help of Metamask and Google
• 8 ETH addresses flagged with real-time help of the Etherscan team
• 10+ email phishing campaigns neutralized

“The goal with our public sale was to create an inclusive process, while mitigating as much loss as possible to scammers. The longer a sale runs the more opportunity there is for scammers to take advantage of community members, and I’m incredibly proud of how well our team did with the help of an amazing security team, Sentry.

After thorough analysis we found our token sale was one of the largest targets for scammers in ICO history. We managed to limit community members losses to 0.7% when the industry average is 10%, which is an incredible achievement considering the amount of attacks we encountered. “ – Nick Macario, CEO Remote.com