
More than 10 percent of $3.7B raised in ICOs has been stolen - rbanffy
https://www.reuters.com/article/us-ico-ernst-young/more-than-10-percent-of-3-7-billion-raised-in-icos-has-been-stolen-ernst-young-idUSKBN1FB1MZ?utm_campaign=trueAnthem:+Trending+Content&utm_content=5a65f0ba04d30141f040eb38&utm_medium=trueAnthem&utm_source=twitter
======
cjlars
Since it's on a block chain, and there is therefore a specific coin that can
be traced back to the fraudulent transaction. Can the transactions then be
rolled back?

Edit: Assuming the underlying ICO transaction happened in Bitcoin or similar.
If the funds were wired in say, USD, it would not be able to be rolled back
after 3 days or so.

~~~
wyldfire
> Can the transactions then be rolled back?

No -- well, kinda. This is unintentionally hilarious because, of course,
Ethereum has done just that once before. By creating a new network that picked
up from just before the "fradulent" activity.

The part that might be confusing to some folks is that in order to operate a
truly trustless and decentralized cryptocoin ecosystem, we have no way of
distinguishing between "fraudulent transactions" and legitimate ones. They're
all legitimate otherwise they'd have been rejected by the network.

~~~
cortesoft
So there IS a way - if it was rejected by the network, it was fraudulent.

~~~
wyldfire
Necessary but not sufficient....

I can't quite tell whether you're trying to underscore a point about
cryptocoins' benefits or if you're misunderstanding the conversation.

Just in case it's the latter -- I was probably a bit too fast n loose with the
quotes around "fraudulent" so I will explain in more detail.

From the article:

> Phishing was the most widely used hacking technique for ICOs, with hackers
> stealing up to $1.5 million in ICO proceeds per month, according to the
> report.

This is a kind of "fraud" which cryptocoins are not designed to thwart. If you
steal someone's keys and take their money, it can't be returned to them unless
the thief decides to return it. This is very much like cash.

The problem comes from decentralization. In the Real World, we usually defer
to authorities when it comes to crime and restitution. The authorities come to
a determination and publish their decree. This is very much centralized.
Cryptocoins are decentralized and are simple automata. There's no authority
that we can appeal to in order to reverse a transaction that was executed in
bad faith. Part of the problem is that there's no way for the automaton to
trust this authority without destabilizing the entire system.

------
anovikov
The word 'stolen' doesn't have its usual meaning in the ICO world. Isn't all
or most money made on ICOs, effectively stolen? Everyone knows that ICOs are a
scam.

~~~
charlesdm
Not really. There are plenty of ICOs with legit projects. Have they gotten too
much capital? Probably. But that doesn't make it a scam necessarily.

~~~
SurrealSoul
Plenty of pyramid schemes lay on the back of some sort of product, knives or
energy drinks or what have you. The existence of a product doesn't mean it
isn't a scam

~~~
cortesoft
I mean, I hate MLMs as much as the next guy, and would never participate, but
they are slightly different than a pure pyramid scheme.

~~~
vkou
No, they are not pyramid schemes per se - they are more of an inverse funnel.

~~~
Y_Y
I would have called it a shady trapezoid.

------
CaliforniaKarl
If I understand the article correctly, it is saying that the proceeds of the
ICO were stolen.

The impression I got from the headline was that "More than 10 percent of the
$3.7B raised in ICOs came from stolen funds".

------
Blackthorn
The only surprise here is that it's so little. I wonder how much higher that
number will go.

------
tlrobinson
Does that include the 513,774.16 ETH (currently about $500M) lost due to the
Parity Wallet bug?

~~~
kss238
Why would it? What does the parity wallet have to do with ico's?

~~~
tlrobinson
Parity Wallet was used by several large ICOs [https://www.coindesk.com/ico-
funds-among-millions-frozen-par...](https://www.coindesk.com/ico-funds-among-
millions-frozen-parity-wallets/)

~~~
kss238
And? The parity wallet was not hacked, just is unable to be withdrawn from.

~~~
tlrobinson
The headline is a bit clickbaity, the article itself says "lost or stolen". I
think it's unlikely that ETH will be able to be withdrawn without a hard fork,
so "lost" is accurate.

------
microtherion
To paraphrase the old saying
([https://quoteinvestigator.com/2010/05/19/gambling-
women/#mor...](https://quoteinvestigator.com/2010/05/19/gambling-
women/#more-332)):

"10% was stolen. The rest was spent foolishly."

------
CPLX
The other 90% apparently will be stolen at some point in the future.

------
ajsharp
10% is awful. ICOs desperately need sensible oversight and regulation.

~~~
grouseway
Credit card companies steal 3-4% on every transaction and consumers don't even
blink.

~~~
dmitrygr
If that is your definition of "steal", then bitcoin easily steals more (for
small transactions)

------
noja
So block it- isn't that the point of having One True Ledger?

~~~
olympus
Once the coins are converted to USD, JPY, EUR, etc, it's gone.

------
jedberg
All the libertarians are now learning the downside to a fully unregulated
market.

On the flip side, basically this means that if you're willing to accept a 10%
risk of total loss, ICOs are not a bad investment -- knowing that going in.

~~~
Thriptic
You can have third party risk management solutions in this environment. Why
such solutions haven't emerged is a mystery to me.

One solution I've been kicking around is something like an escrow +
shareholder voting. It would play out as follows:

1\. Devs come up with an idea, decide they want to ICO to fund it.

2\. Devs come up with game plan including set of milestones with timelines.

3\. Devs reach out to escrow who arranges an ICO. ICO occurs, all ether
besides a starting amount is held by the third party.

4\. When devs hit first milestone, they show work to holders of ICO coin who
then vote on whether the milestone has been achieved. Devs have to report any
coins they previously mined or held so that they can't vote for themselves and
agree to not purchase any further coins in a contract with the escrow. They
also have to identify their relationships with any early coin buyers for the
same reason. If they get approval from their shareholders, the next batch of
money is released so that the work for the next milestone can be complete. If
not, no money is released or the coins are voided and all monies are returned
to the investors.

The third party company would take a management fee, purchase insurance to
protect against theft of the assets, and be a registered US corporation so
legal action could be taken if they committed fraud.

An added benefit is that if you are early to market you could help SEC shape
ICO policy (assuming it's not too late) potentially becoming a mandated gold
standard.

~~~
otoburb
Vitalik Buterin[1] last week brainstormed a proposed development, fundraising
and stewardship structure combining elements of a DAO[2] and ICO called a
DAICO[3]. People are still debating and considering whether this is a true
improvement. The structure outlined in the parent comment is similar to the
DAICO model proposed by Vitalik.

[1]
[https://en.wikipedia.org/wiki/Vitalik_Buterin](https://en.wikipedia.org/wiki/Vitalik_Buterin)

[2]
[https://en.wikipedia.org/wiki/Decentralized_autonomous_organ...](https://en.wikipedia.org/wiki/Decentralized_autonomous_organization)

[3] [https://ethresear.ch/t/explanation-of-
daicos/465](https://ethresear.ch/t/explanation-of-daicos/465)

~~~
makomk
The difference seems to be that rather than using third-party escrow, his idea
uses code running on the Ethereum network to allow investors to vote on the
release of funds (because we know that complex smart contract code of this
kind worked _perfectly_ in the past and certainly didn't have bugs so severe
the entire Ethereum protocol was forked to undo them).

------
staunch
We've never seen a new internet technology this big before, and no
organization is powerful enough to put the ICO genie back in the bottle.

What we need is a framework for users so that they can make informed decisions
about what to invest in. And we need laws that make it completely legal.

Wall Street is the 1%'s point of control over the 99% and it's going down
hard. Their power seemed strong in the old world but is absolutely meaningless
in the face of a large scale citizen uprising.

Trying to fight this new technology will do nothing but accelerate the
process, as it did on a smaller scale with P2P file sharing.

