+383 (0) 49 949 166 [email protected]

use case

ICO Protection & Security

TI, IR, and Smart Contract Auditing.

Challenge

“More than 10% of ICO funds are lost or stolen in hacker attacks. Hackers benefit from the hype, irreversibility of blockchain-based transactions and basic coding errors that, had the ICO been carefully reviewed by experienced developers and cybersecurity analysts, could have been avoided.

Funds are misappropriated via substituting project wallet addresses (phishing, site hacking), accessing private keys and stealing funds from wallets, or hacking stock exchanges and wallets; all on top of indirect losses caused by high reputational risks for project founders.”

-Ernst & Young ICO Market Report, January 17 2018.

A silicon valley based startup has been weeks into preparation for their Initial Coin Offering, and they were ready to go fully public. Their product was a decentralized data exchange between social media, recruitment, and professional services with an A-team backing the project as well as seasoned venture capitalist enterprises. Because of their high profile venture and positive feedback from the community and investors, the project was going to draw a lot of interest within cyber criminal enterprises.

The startup was expecting a full brunt of cyber attacks targeting the core team, advisors, partners, investors, community, server infrastructure, crypto accounts, their cryptocurrency, and their decentralized application built on top of ethereum. In other words, they were expecting more than a 2M Dollar loss according to industry averages considering that they were on the spotlight.

Sentry was brought into the project team to implement and lead the defense.

 

Solution

We have been tasked with the full responsibility of protecting the organization’s assets, people, community during the ICO launch and token distribution. In order to better protect the organization, we’ve developed a comprehensive ICO Cyber Killchain based on previous cases and threat intelligence research in order to set up defenses for all vectors of attack.

The main focus of our defense was around the people involved. Because of the elaborate attacks that were going to be focused at individuals (and humans are your weakest link!) we’ve had a multitude of staff awareness sessions & training for all the different roles within the company. We’ve worked on integrating a security mindset in the PR team as they’re the bridge between the outside and internal networks of the organization. We’ve worked on communications plans for the company in case of crisis and panic in order to ensure order and not startle the community. The executive team has been thoroughly trained on spotting social engineering campaigns by us actually launching such attack campaigns against them. This unconventional way of training has proved highly successful as members were actively looking out for threats.

On the infrastructure side, we have performed a multitude of penetration tests according to the researched vectors of attack. This helped the company understand the types of attacks that we would be having but it also helped testing out the security controls already placed in. This was a purple team approach as opposed to more traditional ways of testing. Monitoring infrastructure was established for threat intelligence and scam campaigns, as well as fraudulent ads in multiple ad networks.In addition to community moderators, we have developed our own telegram moderation bot for chat and scammer monitoring as well as integrated it with our chat honeypots that we have deployed.

The following are all of the services performed:

  • ICO Cyber Killchain Development
  • Staff Awareness Training & Social
  • Engineering Tests
  • Penetration Testing on Infrastructure & Application
  • Consultations on Defensive Techniques and Implementations
  • Integrating a Security Mindset in Public Relations Teams
  • Developing a communications plan for the PR team in case of crisis
  • Incident Response Plan Development
  • Threat Intelligence & Scam Monitoring
  • Program (With help of Etherscan)
  • Ad Network Monitoring for Fraudulent Ads
  • DMCA Takedown Notice Preparation
  • Established relationship with Google and
  • Metamask for fast takedowns.
  • Forceful takedowns on cases of non-compliance
  • Wallet Security Best Practices
  • Developed Telegram Moderation Bot for ICO
    Smart Contract Auditing

Success

The ICO has been successfully funded in the first hour of its crowdsale launch. With 10.5k investors and another 20k KYC verified.
Stats on security:

  • 0 data breaches
  • 1,500+ banned impersonators in Telegram
  • 30+ cloned websites taken down with the help of Metamask and Google
  • 8 ETH addresses flagged with real-time help of the Etherscan team
  • 10+ email phishing campaigns neutralized

“The goal with our public sale was to create an inclusive process, while mitigating as much loss as possible to scammers. The longer a sale runs the more opportunity there is for scammers to take advantage of community members, and I’m incredibly proud of how well our team did with the help of an amazing security team, Sentry.

After thorough analysis we found our token sale was one of the largest targets for scammers in ICO history. We managed to limit community members losses to 0.7% when the industry average is 10%, which is an incredible achievement considering the amount of attacks we encountered. “ – Nick Macario, CEO Remote.com

 

USAID, Nethope, CIIP and Sentry

Our representatives Robert Shala and Drinor Selmanaj have become part of a regional project supported by USAID to perform a rapid needs assessment on behalf of Nethope and Civil Initiative for Internet Policy in several countries across Europe and Asia for key...

Raiffeisen Bank and Sentry

Sentry has established close collaboration with Raiffeisen Bank in Bosnia and Herzegovina to custom build and implement new bleeding-edge security solutions developed by the Sentry engineering team. Raiffeisen expects the new implementations to bring expanded...

Gemini and Sentry

The world of digital assets and cryptocurrencies is under constant pressure from cyber attacks - not too different from its traditional finance counterparts. During a business trip in New York, our Executive Director - Robert Shala and Chief Technology Officer -...

New York Stock Exchange and Sentry

Sentry representatives had the pleasure of visiting the trading floor of the legendary NYSE and observe the launch of a brand new IPO. While the times of a busy trading floor with lots of shouting, pushing, sweating are memorialized forever in Hollywood movies, the...

ICE and Sentry

Sentry representatives Robert Shala and Drinor Selmanaj have met with George Tull, the Head of Post/Pre Sales for ICE Data Services to discuss market manipulations in crypto exchanges stemming from cybersecurity attacks and cybersecurity-related incidents. AI...

Credit Suisse and Sentry

Sentry Executive Director - Robert Shala, has participated in the highly prestigious CFC conference held at St. Moritz alongside the former Secretary of Interior, Ryan Zinke. The conference brings together some of the sharpest minds in the governmental, financial, and...

CFC St. Moritz and Sentry

Sentry Executive Director - Robert Shala, has participated in the highly prestigious CFC conference held at St. Moritz alongside the former Secretary of Interior, Ryan Zinke. The conference brings together some of the sharpest minds in the governmental, financial, and...

Cyber Academy and Sentry

Sentry is excited to announce that three Cyber Academy students and two alumni have been invited to participate in a recent Penetration Engagement as technical consultants to the Sentry main offensive security force. Cyber Academy and Sentry will follow their close...

Cyberlance and Sentry

Sentry Engineers have been working in close collaboration with the Cyber Academy staff to build the most sophisticated cyber ranges tailor-made for educational institutions across the world. The cyberlance ranges have been built with the technical specifications...

Municipality of Sarajevo and Sentry

Sentry is thrilled to announce its collaboration with the Municipality of Sarajevo in implementing custom-built security solutions aimed at protecting critical citizen data and government network infrastructure. The Balkans is a particular crossroad for cyber-related...

Copyright 2019 Sentry
All Rights Reserved.

Website and Visuals crafted by Mayune.
Contact
+383 49 123123
[email protected]