It's hard not to be taken aback by the amount of money consumers have been throwing at initial coin offerings (ICOs) lately.
The new fundraising model allows developers to sell digital 'tokens' to raise money for decentralized projects. Two recent events highlight why there may be cause for concern.
Earlier this month, web browser startup Brave made $35m in seconds selling its basic attention token (BAT). And, soon after, a relative unknown called Bancor pulled in $150m in hours – the largest ICO in history – despite claims about possibly sketchy code underlying the project.
Like the majority of recent ICOs, these projects were both built on the ethereum blockchain, and they were both selling ERC-20 tokens. ERC-20 is a standard that allows a variety of tokens to interface with wallets, exchanges and other smart contracts in a common way.
Yet, while standards exist for good reason, some believe, when combined with a lack of regulation in the space, ERC-20 may be making it too easy for unscrupulous projects to get into the game.
ICOs are nothing new.
The first was completed in July 2013 when Mastercoin (now Omni) raised over $600,000 in bitcoin to fund an effort to build a protocol layer on top of the bitcoin blockchain.
The next big ICO was in April 2014, when the ethereum project was announced. At that time, ethereum sold 50 million ether (its native currency) to raise $18m in bitcoin. Ethereum went live in July the following year.
Once ethereum was off and running, its developers came up with a way for those building decentralized apps on the network to create 'custom' tokens to fund their projects. Investors could then buy these tokens with ether and later trade them on exchanges.
One of the more infamous crowdsales to come out of that was The DAO (short for decentralized autonomous organization). The project, which launched in April 2016, quickly sold $150m-worth of tokens. Two months later, due to a weakness in its smart contract code, the DAO was hacked to the tune of $50m. As a result, the network was forked and the money was eventually returned to the original investors.
Despite that bump in the road, ethereum recovered. And since then, ICO activity has gained steam. So far in 2017, blockchain entrepreneurs have raised $327m through ICO offerings (not including the $150m from Bancor), far exceeding traditional VC funding in the space over the same period. The huge spike in ICO activity coincides with the introduction of ERC-20.
The question is, however, are these ERC-20 tokens really custom tokens at all?
Introduced in November 2015, ERC-20 spells out a set of rules that allow tokens to behave in a common and predictable way.
Put simply, that means any ERC-20 token will work with ethereum wallets off the bat. And because exchanges already know how these tokens operate, they can easily integrate them. This means, depending on any restrictions put on the tokens by the ICO, in many cases, those tokens can be traded immediately.
Yet, while ERC-20 spells out the rules for how a token should operate, it does not include the code. Even so, that can easily be found in a public Github repository such as Open Zeppelin.
By copying and pasting that code, anyone with a modicum of programming experience can produce an ERC-20 token in minutes. Shlomi Zeltsinger, a blockchain consultant and ethereum coder, who spoke to CoinDesk, demonstrates how it's done in his YouTube tutorials.
Zeltsinger feels most people do not realize how easy these tokens are to generate. Many ICO projects simply re-use this generic code, he said, while inputting variables, like the token name, the token symbol, how many tokens 1 ETC will buy, total supply, and so on.
The rest is simple, too. When an investor wants to buy tokens during an ICO, they send ether from any ethereum wallet to the token's contract address. Those tokens can then be traded on any third-party exchange that agrees to support them.
What about the app?
But the problem is, while many of the ICO projects built on ethereum have professional developer teams behind them, the vast majority do not, Zeltsinger alleged.
He claimed many projects are putting on a song and dance, giving investors the impression that the token they are selling is an integral part of a working, or almost working, smart contract. But this is often far from the truth, he said.
And what buyers do not realize is, in most cases, what they are buying is nothing more than a number on a spreadsheet managed by that token's smart contract. In fact, after researching ICOs on TokenMarket, a website that tracks ICOs, Zeltsinger found the code underlying a substantial number of those contained nothing more than that spreadsheet.
Arguing projects should be more upfront about what they offering, he said:
"Every ICO that uses a simple ERC-20 base code to raise funds needs to say out loud, 'Listen, we are just raising money. Those tokens will not be used in the application – maybe in the future we will find a way to make something cool with them but they are not for the application right now.'"
Likely, though, the situation will not change until more regulations and oversight kicks in. At least, that is how Emin Gün Sirer, a Cornell associate professor and researcher in cryptocurrencies and smart contracts, sees it.
And, while Sirer agrees some projects are "clear scams," he feels that others are "honest attempts to tokenize or integrate or market some new function." To him, there is no one entity to blame. The ethereum network and ERC-20 are simply tools, much like the internet.
But if things continue in the direction they are going, it may be the market is headed for a massive correction. Or, as ethereum founder Vitalik Buterin tweeted:
"There's no 'cure' for bubbles except to let them run their course and pop, unfortunately."
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Brave.
Children's bicycle image via Shutterstock