Hackers are stealing millions in cryptocurrency during ICOs

Ernst & Young researchers say hackers are taking up to $1.5 million per month.

A new report from Ernst & Young details just how big of a problem security is when it comes to cryptocurrencies. Researchers collected data on 372 initial coin offerings (ICOs) that took place between 2015 and 2017 and found that over 10 percent of ICO proceeds are stolen by hackers, a percentage that amounts to the theft of up to $1.5 million per month. And in addition to monetary theft, hackers are also gaining access to personal information like addresses, phone numbers, bank details and credit card numbers.

Cryptocurrencies like bitcoin have become incredibly popular of late and everyone from Ghostface Killah to KFC is jumping on the bandwagon. But digital currencies have largely functioned without regulation and without safety nets for most of their existence. And that combined with a lack of proper safeguards has opened up cryptocurrencies and exchanges to hackers and widespread theft.

Ernst & Young says phishing is the most popular tool used by hackers. "Hackers are attracted by the rush, absence of a centralized authority, blockchain transaction irreversibility and information chaos," they write. And they say that the frequency of attacks is increasing.

Ernst & Young's report also points out that along with poor security, problems like lack of regulation and poor standards for ICO valuations also plague the crypto world. The researchers said that instead of important aspects like project development forecasts and the nature of the token, ICO tokens are often valued based on hype and FOMO -- fear of missing out.

But the tides may be turning for cryptocurrencies, both in regards to regulation and popularity. Fewer projects are meeting their fundraising goals, with around 93 percent doing so last June compared to just 23 percent successfully hitting their targets in November. And a number of countries are either instituting or considering regulation. Both China and South Korea have issued bans and many countries including the US, Japan, Canada and Australia are regulating ICOs with applicable standing laws. In the US, the Securities and Exchange Commission launched a Cyber Unit last September dedicated to investigating digital financial fraud and has already filed multiple charges against alleged fraudsters.

Ernst & Young's report suggests that going forward founders, investors and regulators need to be more transparent, more diligent and need to collaborate on how to regulate these currencies. "Once new standards are in place that are accepted by all participants -- allowing for improved transparency, fraud prevention and legitimacy -- the protection of investors and users alike has a greater chance of success," Greg Cudahy, Ernst & Young's global technology, media and entertainment and telecommunications leader told CNET.