3 Main ICO Risks and How to Avoid Them

Image: Unsplash

From January to October 2017 there were more than 200 ICO and startups who managed to attract about $3 billion in total. The reports and news on new ICO records continue to spread. However, despite these successful cases, highlighted in the media, there are many ICO failures, which are less talked about.

Let’s discuss 3 major risks in token sales and find solutions within the Lightcash project.

Legal issues

Despite the ICO madness and its effectiveness in raising capital, it is not always easy to use it in compliance with the different legal regulations. For example, many ICO organizers still prohibit the participation of US citizens.

This is due to the clarifications published by the US Securities and Exchange Commission (SEC). It was ruled that “in some cases” the token placement may be equal to the issue of shares, with appropriate consequences, like the registration of all the participants in the agency. The phrase “in some cases” means that each particular ICO is studied separately by the “Howey test.”

According to this test, the token placed by the company is considered to be a security if it meets three criteria:

1. A fact of investment.
2. The investment is in a common enterprise.
3. The profit is expected to be raised mainly due to other people’s activities.

Most ICOs are unable to pass this test. If the company, at their own risk, decide to allow citizens to place tokens — some problems may arise. For instance, in December 2017, the SEC blocked the ICO of the Munchee restaurant startup. This company planned to raise $15 million by its own token, MUN.

In its report, the regulator highlighted that the company not only planned to raise money for its own development and business, but it also promised the investors in its white paper that the token value would increase — the same thing the buyers of ordinary shares usually expect. As a result, Munchee was forced to finish the ICO and return all the money raised.

Every company needs to complete serious legal work to avoid getting into the same trouble. The amount of work will also increase if they are going to attract American investors. At the moment, Lightcash collaborates with leading American legal firms, assisting us to prepare all the necessary documentation. As a result, SEC compliance is expensive, but it’s the only way to be fully legally protected.

Security

Legal problems are not the only difficulties for ICO organizers. One of the most serious threats is cyber attacks. According to a study recently published by Ernst & Young, more than 10% of all the money raised by ICO was stolen by cybercriminals. Analysts studied 372 ICOs from 2015 to 2017. The monthly losses resulted from hacker attacks at the ICO were $1.5 million. Besides money, hackers often manage to access investors’ personal information: from their addresses and phones, to payment transaction data.

Hackers can attack ICOs in several ways:

• Smart contract bugs: Essentially, it’s just a software, so its code may have bugs. If you fail to discover them — hackers will. Besides, smart contracts themselves stimulate the company to eliminate any bugs before the token sale launch. Otherwise it’s too late.
• Related apps bugs: Beside smart contracts, any ICO may use a lot of other programs and apps. For example, a site where investors buy tokens lacking security, can lead to terrible consequences, even if the smart contract code has been carefully audited.
• People are the weakest link: Phishing and social engineering allow attackers to infiltrate the corporate network despite its protection. Indeed, even if you use the most up-to-date tools of cyber protection, but someone from the team clicks on a link in the letter which containing malicious software sent by the hacker — this will bring trouble.

There are no completely secure systems, but it is at least crucial to minimize the risks of an attack during the ICO. First and foremost, an expert’s help is required for a information security audit and for permanent monitoring of the infrastructure. That’s the only way to minimize errors in software and identify bugs relating to hackers activity. For instance, our ICO partner is a Group-IB company. They dramatically increased the overall level of security in the Lightcash infrastructure.

Protecting investors from speculators

Prices movements is a common case on the cryptocurrency and ICO markets (pump and dump). In some cases, traders can collude and buy a certain cryptocurrency. Then they start a coordinated advertising campaign to promote their coin (for example, via Telegram chats). Some early ICO investors do the same. It helps them to raise the token price and then “reset” it on the secondary market. The centralization of large tokens volumes collapse the price and affects project perspectives. Such actions by malicious traders are another risk in the token sale organization.

There are various ways to deal with such schemes. One of them is a restriction on paid token issuing until the end of the ICO. The company can confirm the transaction with the investor by a special code in his account or otherwise. But the company won’t issue his tokens until the end of placement. Thus, the probability of spontaneous secondary market emergence is minimized to a zero level.

In addition, it’s reasonable to divide the issue of tokens into several stages and stimulate their reservation within the project, instead of their quick sale. For instance, in the case of Lightcash ICO, an additional issue of tokens will be carried out within 24 months at regular intervals after the end of token sale. A total of 30 million new tokens will be issued at each new stage. We’ll also provide token deposits with high interest rates.

Conclusion

According to Ernst & Young, the number of ICOs achieving their financial goals is decreasing. In June of last year, 93% of projects were successful, but in November — only 23%. This is due to an increase in the general number of ICOs and also to the risks of legal problems, hacker attacks, and token instability related to the activities of malicious.

To increase the number of successful token placements, the project teams need to pay more attention to the analysis of risks and management. Only a well-considered approach will has a greater potential to avoid these problems.