When the initial coin offering (ICO) sector first came to prominence in 2017, it was largely startups related to blockchain technology that were using this funding method. They realised that they could raise significant funds for their operations without having to go down the venture capital route.
This allowed them to retain more independence over the course of their projects and they were able to hold onto valuable equity stakes. As time went on and large sums were continually being invested in the sector, this led to more established companies starting to use ICO to fund their operations.
The likes of Kodak and Kik have successfully raised tens of millions through their own token sales. The most successful ICO to date is that of the popular messaging app Telegram, which raised nearly $2 billion through a variety of private sales. However, there is some concern in the crypto sector that the underlying technology of this group is flawed and could be vulnerable to attack.
What are the details about this potential vulnerability?
After the successful ICO, Telegram has released their initial feature that is friendly to crypto users. However, a lot of people in the security field are somewhat sceptical about this. The new feature is called Passport and it is an app of identity verification.
It was a US-based security firm called Virgil Security that found a number of weaknesses in this new feature. They were able to do so thanks to Telegram having the API of the app open sourced. Two key issues were found, related to the way in which data is encrypted and how stored data is protected.
It is believed that a lot of the issues come down to how the passwords are encrypted. There has been a lot of information released so far from Telegram about how their new system operates and it is a concern for many that it utilises SHA-512 technology when hashing passwords.
Virgil do make the admission that for a brute force attack to be successful, any would be attackers would have to penetrate Telegram itself first. There are a number of different ways in which this can occur. It is not the first time either that Telegram has received criticism as a result of their cryptography and overall security standards, but there have been no recorded breaches of their security to date.