Cryptocurrency Investors on Edge after Two Ethereum ICO Breaches in a Week
Initial Coin Offerings (ICOs) powered by the Ethereum blockchain platform are the hottest thing going right now, but are they secure? On July 24, 2017, the second Ethereum ICO hack in a week hit the news, as digital wallet firm Veritaseum disclosed to Bleeping Computer that a hacker stole approximately $8.4 million from its Ethereum ICO.
Ethereum has had a rough month. A week before the Veritaseum hack, cryptocurrency trading startup CoinDash had $7 million stolen from its Ethereum ICO within minutes of the offering being launched. A few days later, smart contract coding company Parity issued a security alert regarding a vulnerability in its wallet software that had led to approximately $30 million worth of Ether cryptocurrency being stolen. In early July, an unidentified hacker or group breached and took control of the web domain belonging to Classic Ether Wallet, redirecting the domain to their own server and transactions to their own account.
What is an Ethereum ICO?
An ICO is similar to an IPO (Initial Public Offering). Investors use regular, or fiat, currency to invest in the ICO, but instead of receiving units of stock in return, they get units of cryptocurrency, called “tokens.” The investors can either hold the tokens until the issuing company decides to buy them back or sell them to other users in exchange for units of cryptocurrency. Any unit of cryptocurrency can be used; in ICOs powered by the Ethereum blockchain, the cryptocurrency used is called Ether. If all goes well, the cryptocurrency will increase in value, and the investors will profit off their tokens.
Unlike IPOs, initial coin offerings are completely unregulated. This has made them very attractive to disruptive tech startups that wish to bypass the highly regulated IPO process required by banks and venture capitalists. Ethereum ICOs have become extremely popular due to the power of the Ethereum blockchain platform they run on. Unlike competitor Bitcoin, Ethereum is far more than just a cryptocurrency platform; it was designed to be a virtual machine that uses what are called “smart contracts,” or decentralized, self-executing agreements coded into the blockchain itself. Smart contracts are a disruptive technology with enormous potential to replace all manner of traditional financial, social, and legal agreements, from options contracts to bonds, which is one reason why Ethereum is quickly becoming the ICO platform of choice.
Are Ethereum and ICOs Safe?
Because they are unregulated, ICOs are risky. There is no requirement for companies to provide the voluminous investor disclosures that they would have to for an IPO. There are fears that ICOs could be used for money laundering purposes or that the issuers themselves could “hack” their own ICOs and steal tokens. These problems have not escaped the attention of the SEC, which is reportedly eyeing the ICO market warily in preparation for future regulations. Update: After this article went to press, the SEC, NFA finally weighed in on ICOs, declaring them “securities” and paving the way for regulation.
As to the inherent cybersecurity of Ethereum, Ether wallets, and ICOs launched on the Ethereum platform, it is important to note that, as in the SWIFT Network attacks that rocked the international banking world last summer, the Ethereum blockchain itself was not breached during any of these attacks. Instead, in each case, hackers took advantage of website vulnerabilities or coding errors in third-party tools built to make use of the Ethereum blockchain, such as Ether wallets. The blockchain, in and of itself, is very, very secure – it would take massive amounts of computing power to even attempt to hack it – but the applications used to access it, including those used to buy, sell, and store tokens and cryptocurrency, may not be. The Parity breach, for example, was traced back to a single missing word in a line of code for its Ether wallet. The CoinDash and Classic Ether Wallet breaches were the fault of security holes in the issuers’ company websites.
Although cryptocurrency investors are concerned about the recent spate of Ethereum ICO attacks, only time will tell whether they’re rattled enough for permanent damage to be done to the ICO craze. Certainly, anyone who is considering investing in an ICO, regardless of which platform it is being run on, should tread carefully. The lesson all enterprises can take from these hacks is the importance of website security, secure software development, and proactive cybersecurity and GRC practices in a digital world where most money, including fiat currency, is moved and stored electronically.
After all, just one missing word in a software program resulted in a $30 million loss.
The cybersecurity experts at Lazarus Alliance have deep knowledge of the cybersecurity field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.
Lazarus Alliance is proactive cybersecurity®. Call 1-888-896-7580 to discuss your organization’s cybersecurity needs and find out how we can help your organization adhere to cybersecurity regulations, maintain compliance, and secure your systems.
What Is Autonomous Malware?
We’re reaching the end of 2025, and looking ahead to 2026, most experts are discussing the latest threats that will shape the year ahead. This year, we’re seeing a new, but not unexpected, shift to autonomous threats driven by state-sponsored actors and AI. With that in mind, a new generation of threats, broadly known as...Continue reading→
What CISA’s Emergency Directive 26-01 Means for Everyone
In mid-October 2025, the CISA issued one of its most urgent orders yet: Emergency Directive 26-01. The directive calls on all Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate vulnerabilities in devices from F5 Networks following a state-sponsored breach of F5’s systems and access to portions of BIG-IP source code and vulnerability data. The event...Continue reading→
Cybersecurity and Vetting AI-Powered Tools
A recent exploit involving a new AI-focused browser shone a light on a critical problem–namely, that browser security is a constant issue, and AI is just making that threat more pronounced. Attackers discovered a way to use that browser’s memory features to implant hidden instructions inside an AI assistant. Once stored, those instructions triggered unwanted...Continue reading→
Shutdown Security And Cyber Vulnerability
When the federal government shuts down, the public sees closed monuments, unpaid workers, and halted programs. What they do not see is the silent surge of cyberattacks targeting agencies already operating on fumes. During the most recent shutdown, attacks against U.S. government systems spiked by nearly 85%. Cybersecurity failures during government disruptions rarely start with...Continue reading→
Identity and the Shift from Malware
The world of cyber threats is rapidly evolving, and while we can see these changes more generally, it’s always crucial to understand them concretely. As the 2025 CrowdStrike Global Threat Report shows us, the landscape of our industry is changing. We’re digging into this report to discuss a challenging trend: the move of hackers foregoing...Continue reading→
Maintaining Compliance Against Prompt Injection Attacks
The increasing adoption of AI by businesses introduces security risks that current cybersecurity frameworks are not prepared to address. A particularly complex emerging threat is prompt injection attacks. These attacks manipulate the integrity of large language models and other AI systems, potentially compromising security protocols and legal compliance. Organizations adopting AI must have a plan...Continue reading→
Are We Already Talking About CMMC 3.0?
The ink has barely dried on the CMMC final rule, and already the defense contracting community is buzzing with speculation about what comes next. Just when contractors thought they had a moment to catch their breath after years of regulatory limbo, whispers of CMMC 3.0 have begun circulating through the industry. But is this just...Continue reading→
Centralizing Identity-Based Risk
As the traditional network boundary dissolves and remote work becomes standard practice, identities are the major frontier for security. Whether we’re talking about human users, service accounts, or machine identities, these have emerged as both the primary access mechanism and the most targeted attack vector. It has become imperative for providers to centralize identity management...Continue reading→
Deviation and Significant Change Requests in FedRAMP: A Comprehensive Guide
FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. While the program’s rigorous baseline requirements ensure consistent security, the reality is that this consistency calls for a little flexibility. This is where deviation requests and significant change requests come into play. These two...Continue reading→
The Costs of Compliance and Data Breaches
Data is possibly one of the most valuable assets any organization holds. Customer information, employee records, and proprietary business intelligence present challenges because the data flowing through modern enterprises represents both significant opportunities and serious risks. Businesses face a challenging balance: investing in compliance measures to protect sensitive information while also preparing for the real...Continue reading→
Related Posts