The first major cybercrime incident on Ethereum was in June 2016. A bug in “The DAO” smart contract was exploited and $74 million out of $150 million invested was drained by the attacker. This year, $1.6 billion has been invested in ICOs on ethereum but the cyber criminals have also generated more than $150 million in revenues. Meaning, 10% of Ethereum holdings marked for ICO investment lies in the hands of criminals. Chainalysis estimates that there have been approximately 30,000 victims of cybercrime on Ethereum losing on average $7,500 each.

The Rise of ICOs and the Ether Thieves

What is Ethereum? Ethereum is a decentralized computing platform that extends the basic payments in Bitcoin to include a rich programming language that facilitates smart contracting and negotiations. People can purchase its native currency, “Ether”, to make payments or enter complex agreements that mimic real world contracts. One of the most popular forms of contract, today, are tokens that are redeemable for specific types of services ranging from identity verification to distributed storage or even your attention.

Over 800 tokens have been issued on top of the Ethereum platform since its launch in 2015. The issuance of these tokens are referred to as ICOs (Initial Coin Offerings) and they have attracted $1.6 billions of investment. In 28 days, The DAO sold more than a billion DAO tokens, worth $150 million. Two weeks later, someone took advantage of a vulnerability in the DAO and stole $74 million from 11,000 victims.

Being the first big ICO, the DAO exploit impacted more than 40% of all ICO funds on Ethereum (which was $177 million at that time). Since then cybercrime as a percentage of ICO funds raised has decreased to approximately 10% in the past year.

The rise of cybercrime on Ethereum has risen in tandem with the big ICO financing, with total cybercrime revenue rising from $100 million in June to $225 million in August this year.

Bugs are just the bait, watch out for Phishing

The common cybercrimes on Ethereum can be categorized into four categories: exploits, hacks, phishing and ponzi schemes. The highest grossing exploit was the DAO, but another $30 million was stolen from the Parity wallet in June 2017. While some cyber criminals have opted for high profile hacks and exploits, phishing is actually driving the most revenue today. It now makes up more than 50% of all cybercrime revenue generated this year ahead of exploits which sometimes get the most coverage in the press due to their nature.

Table 1 - Type of Cybercrime
Type of cybercrime Definition Taken value ($M) Number of victims
Phishing Phishing involves emails or communications sent from someone disguised as a company in order to gain access to personal information from victims. 115 16,900
Exploit An exploit is taking advantage of a vulnerability in a system to gain information. 103 11,000
Hack Hacking is getting unauthorized access on a computer. 7.4 2,100
Ponzi Schemes Ponzi schemes are financial frauds where users enter the scheme by investing some money and in order to redeem their investment, new users have to enter the scheme. 0.004 260
TOTAL 225.4 30,260

Fortunately, developers’ abilities to write secure smart contracts seem to be improving as large thefts through exploits are decreasing in frequency. However, ICOs are typically time sensitive and access to the sale requires investors to hastily trade their Ether for the alternative digital tokens. Investors that are desperate to get early access to new token offerings have been tricked into providing their credentials to fake websites through targeted email campaigns, twitter posts and slack messages. These credentials are then used to drain accounts. The average financial loss incurred per victim has increased by 20% from $6,700 in June 2016 to $8,000 since the DAO.

Since the DAO of time...

The public nature of the blockchain allows third parties, such as Chainalysis, to observe and analyze trends in the usage of cryptocurrencies and provide solutions to protect the integrity of these assets. As the market grows in size and maturity, solutions to monitor and extract intelligence from these networks have become critical to ensuring their safe and sustainable development.

Some simple security tips when investing

  • Beware of inbound messages from services, try to always bookmark the services that you regularly visit and do not click on advertised google results
  • Beware of direct messages in Social medias and Slack forums as companies in general communicate messages in public
  • Messages from slackbots should be treated carefully as these messages can be easily triggered by an adversary
  • Do a background check e.g. use the list of Ethereum scams in the Ethereum Scam Database

    If you have been affected by any sort of cybercrime or wish to warn your users about cyber security concerns relating to virtual currencies, please contact

DAO DAO is a “Decentralized Autonomous Organization” which allow people to make smart contracts without any central authority controlling the organization. When the organization was created, there was an initial coin offering made (ICO) to help raise funds to have the necessary resources for the organization to grow. “The DAO” is the name of a DAO on Ethereum that dealt with creating a fund to fuel decentralized businesses and projects.
Ethereum Ethereum is a decentralized computing platform that facilitates smart contracting and negotiations. People can purchase its native currency, Ether, and use it to make payments or enter into complex agreements that mimic real world contracts. All Ethereum’s transactions are listed on a public ledger including all payments facilitated by Ether and the tokens that are being issued to support applications built on top of Ethereum.
ICO ICO stands for “initial coin offering”, meaning it is essentially a form of raising money for the development of the cryptocurrency by crowdfunding.
Market Cap Market capitalization is a way of defining the market value. Within currencies it is calculated by the value of one coin multiplied with the total number of coins available.
Slack Slack is an application that is commonly used in startups for team communication but also increasingly used as a community management tool for open communities and sharing information, In open communities, parts of the application can be abused by adversaries that enter the groups.
Smart contract The general objectives of smart contract design are to satisfy common contractual conditions (such as payment terms, liens, confidentiality, and even enforcement), minimize exceptions both malicious and accidental, and minimize the need for trusted intermediaries. Related economic goals include lowering fraud loss, arbitrations and enforcement costs, and other transaction costs.
Token A token represents the medium exchange of a cryptocurrency. With these tokens, people can transfer their payments internationally to other users of the cryptocurrency. Although tokens are more known as being tangible, in the cryptocurrency world these tokens are only digital, being distributed solely throughout the internet.

Complete data set

Chainalysis is the leading provider of investigation and risk management software for virtual currencies. Our products enable organizations from both the public and private sectors to track illicit activity associated with virtual currencies. For more information, please visit us at: or email