trade.io get their ICO off to a smart start

The team over at trade.io launched their “Trade Token” ICO on Ethereum on 7th December. Business has been brisk, with early investors taking advantage of the lower prices for these ERC-20 compliant tokens. Further price increases are scheduled before the ICO closes on 4th January 2018.Thankfully, trade.io took the sensible precaution of getting their smart contract carefully vetted before they went live. They asked our expert ICO security team to audit their Trade Token contracts to uncover any vulnerabilities, logical flaws or other code errors that might put their platform, funds and investors at risk.A high quality contractOur team performed detailed source code analysis of two Trade Token smart contracts, TIOToken and TIOCrowdsale, along with simulations of a real-world attacks to test their security provisions.We didn’t find any vulnerabilities and our recommendations covered just a few points of best-practice. You can get the full details below.This clean bill of health is great news for the trade.io team as well as their investors. Once again highlighting the importance of making smart contract security a top priority for every ICO.The detailed lowdown on Trade.ioHere’s the fine print on our analysis: The audited contracts are held in the trade-io/Tradeio-TokenSale-Contract Github repository. The version used for...
Read more

Security learnings from a $30,000,000 token sale

Those who follow ICOs closely will know that Blackmoon recently held a successful token sale which generated $30,000,000. Being an investment platform based on Blockchain, Blackmoon knew the token sale would raise capital, but also awareness and the overall value of their company. But it was that second part — raising awareness — that made them wary, and led them to Positive.com.Having seen some of the attacks that have taken place in recent times, with a lot of value making its way into hackers’ pockets, Blackmoon was keen to avoid becoming a target. The level of potential exposure they faced from an ICO was far from their usual experience in the investment world. And, of course, they knew that any cyber-attack would deal a severe blow to investor trust, with dire consequences for the success of their token sale.What Positive.com brought to BlackmoonBlackmoon had done their homework and were already very aware that too many poorly protected wallets, websites and other technical infrastructure had caused significant problems for organizations undergoing previous ICOs. Our Positive.com team were able to extend that knowledge by demonstrating the very real dangers from vulnerabilities in smart contracts themselves. The last thing Blackmoon wanted was wallet information being...
Read more

UTRUST Smart Contract Audit

Given all the attention ICOs are getting right now, and the vast potential for losses if security mistakes are made, it’s hardly surprising that new launches continue to fall victim. But the team here at Positive.com are really encouraged to see some organizations are taking a more serious approach to security well before they go live.Take the guys at UTRUST, for example. In advance of their 2nd November launch date, UTRUST asked our security consultants to simulate a real-world attack on their system. The aim was to identify any weaknesses, and provide reassurance to their potential investors on the quality of the UTRUST platform.Our team performed detailed analysis of the UTRUST smart contract, a vulnerability assessment of the company’s resources and conducted open-source intelligence gathering. The smart contract proved to be of excellent quality. Our team found no vulnerabilities and recommendations were limited to a few points of best-practice.Overall, UTRUST’s exposure is very limited and no critical issues were identified. We did find credentials from some UTRUST members on lists of previously-leaked passwords. In some cases, these accounts were still in use, but were not verified as being directly associated with UTRUST assets.This is great news for UTRUST’s...
Read more

Getting Your ICO Right: A Five-Step Guide to Avoiding Security Nightmares

There’s so much buzz around initial coin offerings (ICO) right now, but there’s also a lot of fear. With regular headlines about funds being cleared-out by hackers attacking smart contracts and cryptocurrency wallets, it’s no wonder investors are nervous. Some estimates suggest as much as $225 million has already been lost to cybercriminals in under a year.But ICOs don’t have to fall victim, and there is plenty that offering companies can do to reassure their investors that this fledgling industry isn’t dead before it’s even started.Between them, our experts have decades of experience in enterprise-level application security and vulnerability management. That’s how we know that hackers CAN be stopped. If you know the weaknesses these attackers exploit, you can find them and fix them before they become a threat.Now, we are bringing that experience to the unique worlds of ICOs and Token Generation Events (TGEs). Here’s our five-step plan to beefing-up your security levels without slowing-down your launch schedule.Ready? Secure? Launch!Don’t even think about going live with your ICO website until you’ve followed these first four steps to secure both the site and the infrastructure that supports it: servers, smart contracts, mobile applications, etc. All this infrastructure can be vulnerable, so...
Read more