Over 10 percent of worldwide ICO proceeds — more than $370 million so far — has been swiped, according to new research from UK accounting firm EY and the cybersecurity firm Group-IB
- “Fear of Missing Out” (FOMO) drives token valuations without any connection to market fundamentals
- Investor demand for initial coin offering (ICO) projects remains high, but the ability to reach fundraising goals has been declining since mid-2017; down to 25% of projects in November from 90% in June
- Speed and size of market draw hackers’ attention with 10% of ICO funds lost or stolen
A lack of fundamental valuation and the due diligence process by potential investors is leading to extreme volatility of the initial coin offering (ICO) market, according to new research published by EY. The research also found that in some cases ICO investors are contributing capital at an average rate of over US$300,000 per second.
The EY research, which studied 372 ICOs around the world, also found that the offerings raised US$3.7b1 in funds, twice the volume of VC investments in blockchain projects. Furthermore, the US is leading the race with the highest volume of ICOs originating from the country (over US$1b). Russia and China follow, with each over US$300m.
EY Global Innovation Blockchain Leader
One of the key findings from the EY research is that there may be no business need for many of the utility tokens being offered. Utility tokens are essentially a form of application-specific currency that blend the technology features of blockchains with a speculative component for investors where the tokens’ value will rise as usage increases.
In most cases, however, there is no need for an application-specific exchange token. Indeed, for companies that record their revenues and expenses in dollars or euros, settling intercompany liabilities with a volatile specialized currency adds complexity and risk without significant benefits. The core technologies and benefits of blockchain technologies can be applied to business operations without having to use proprietary digital currencies.
Valuations based on FOMO
Unlike initial public offerings (IPO) in the stock market, ICOs are sold into the market before a business around the solution exists. While some very promising companies have managed to IPO prior to having profits, they almost always have revenues and customers on which it is possible to build valuation models.
The typical ICO has no customers, no revenue and in most cases, no working product. Often the only foundation for the ICO is a white paper that describes the planned technology and a small piece of software that governs how the tokens are issued and managed. Valuations based solely on a white paper are always going to be risky and extremely speculative.
The research also analyzed more than 110 ICOs that have raised 87% of all funds so far. More than 70% were on the Ethereum platform, a public blockchain. It is not only the main platform for ICO, it also hosts a myriad of other distributed applications including the popular Cyrptokitties marketplace.
The result has been network congestion as traders and business operations compete for limited transaction slots. In the long-run, the Ethereum road map builds out a greater capacity for trading and transactions, according to the EY research. In the near-term, network congestion could pose an additional risk to investors.
Security and regulation
Investors face two other significant risks the research finds. The first is regulatory: different countries have varying levels of regulatory strictness for ICOs, leaving vulnerabilities in the market. As a result, those looking to conduct illegal activity with an offering could move to jurisdictions where regulators take a light touch approach toward ICOs.
The second risk is theft from hacking: more than 10% of ICO funds are lost or stolen in hacker attacks (almost US$400m). Hackers benefit from the hype, irreversibility of blockchain-based transactions and basic coding errors that, had the ICO been carefully reviewed by experienced developers and cybersecurity analysts, could have been avoided.
Funds are misappropriated via substituting project wallet addresses (phishing, site hacking), accessing private keys and stealing funds from wallets, or hacking stock exchanges and wallets; all on top of indirect losses caused by high reputational risks for project founders.
EY Global Technology, Media & Entertainment and Telecommunications Leader