Month: February 2019

Security Token Offerings (STO's)

Security Token Offerings (STOs): Upping the Game

27 Feb 2019

We’ve come a long way since the Dutch issued the first initial public offerings (IPOs) in the seventeenth century. With the advent of crypto-currency, companies and corporations have new channels to access capital from markets and investors. Crowd-funding, for instance, is now a viable option for companies seeking capital across sectors.

Crypto-currency in itself has evolved and given birth to initial coin offerings (ICOs), a new spin on the legal concept of the IPO which is essentially a subset of investment contracts. As a digital version of investment contracts, ICOs enable the promoter/entrepreneur to offer a digital token of ownership for use in a future platform still in development. In return, the promoter/entrepreneur gets access to liquid finances to develop a platform where ICOs can be traded. It is for this reason that the investment community refers to ICOs as ‘token offerings’ powered by blockchain technology.

While ICOs have emerged out of the IPO concept, there remain notable differences between them. ICOs are thought to have function and utility embedded within the platforms and protocols an entrepreneur/promoter uses them to finance. They address two basic needs in capital markets—first, the need to circumvent restrictive policy controls and second, the need to disaggregate risks in financial markets by distributing the risks from capital investments among the masses. Unfortunately, however, ICOs have dismal survival rates due to the uncertainty built into the design of the offering. Murky trading practices and unregulated exchanges make it vulnerable to fraud and malpractice.

From ICOs to STOs: Getting Security Right

With the arrival of security token offerings (STOs), security is not nearly as much of an issue as before. This is partly because of the use of blockchain technology towards building and maintaining STO offerings and platforms. Blockchain social ledgers and distributed computing applications introduce resiliency and transparency to any form of social or business transactions by making them tamper-proof and available to all stakeholders in the space. The same principles apply for STOs, only that they are a more targeted application of blockchain and addresses security concerns that went hand in hand with ICOs.

Clearly, security token offerings (STOs) differ from preceding solutions in the crypto-currency investment domain for not only being a ‘programmable investment asset’ generated by blockchain technology but also for having significant compliance and oversight measures incorporated within it. This makes security token offerings (STOs) at par with stocks being traded on listed stock exchanges.

STOs do in fact need to be listed with the Securities and Exchanges Commission (SEC). Despite the use of blockchain technology, they have to be SEC compliant and have KYC features built into them and the exchanges where they are traded. The SEC regulates STOs across two different parameters—the eligibility of investors based on income and wealth ownership and restriction on the amount of finance an entity can raise from the market in a term. Ultimately, however, the beauty of security token offerings (STOs) is that they bridge companies and liquidity-seeking investors, forcing them to mature and deliver stability and consistency to the digital capital offerings market.

The Path Forward: Weighing Out the Options

At the end of the day, both ICO and STO instruments have their share of pros and cons. ICOs offer variability of use, quick liquidity and massive gains in value over short stretches of time, whereas security token offerings (STOs) provide stability and a reasonable level of protection for the investor. While there are low barriers of entry for ICOs in capital markets, the same is not true for STOs. The latter requires specific skills and processes for SEC compliance and legal management in trading and transfer. Thus, STOs might not be as easy to implement for small firms and startups and can lock out outliers from capital markets.

MagicBlockchainQA can bring unique value to entrepreneurs and promoters in the STO space by leveraging its extensive blockchain experience. MagicBlockchainQA endeavors to strengthen the STO ecosystem making it easier for companies to launch their security token offerings (STOs) by aggressively partnering with major STO platform organizations. MagicBlockchainQA can provide development, blockchain testing, security auditing, legal and advisory services.

Anuraj Soni

As a President of MagicBlockchainQA, Anuraj is building Financial Services business grounds-up based on new-age technologies like AI & Blockchain.


How Cryptography is Essential Feature in BlockChain

06 Feb 2019

In blockchain technology, cryptography is primarily used for two purposes:

  1. To secure the identity of the sender for any transactions.
  2. To ensure the past/historical records cannot be tampered with.

Blockchain technology widely uses cryptography as a means of protecting the identities of users, ensuring transactions are done safely and securing all information and storages of value. This gives anyone using blockchain the complete confidence that once something is recorded on a blockchain, it is done so legitimately and in a manner that preserves its security.

Despite being founded upon a similar framework, the type of cryptography used in blockchain, namely public-key cryptography, is considerably better suited to the functions associated with the technology than symmetric-key cryptography.

PKC – ( public key cryptography) Rather than using a single key for encryption and decryption, as is the case with symmetric key cryptography, separate keys (a public key and a private key) are used.

Although in public-key cryptography a digital signature is produced, this secures the integrity of the data shown. Via a mathematical algorithm, it combines a user’s’ private key with the data that they wish to sign. 

Since the actual data is a part of the digital signature, the network doesn’t recognize it as valid if any part of it is tampered. Editing even the slightest aspect of the data reshapes the whole signature, thus making it false and obsolete. This makes blockchain technology capable of guaranteeing that any data being recorded onto it is true, accurate and untampered with.

Digital signatures are the key feature in Blockchain where the data recorded its immutability. 

How to test:

The basic question that arises is how we test cryptography within blockchain. There are various techniques and methodologies used by our team:

SHA-256: To test the digest, SHA-256 generates unique 256 bits i.e 32 bytes signature for a text.  1st it can be verified that it’s creating 32 bytes output. Secondly link the hash message to the original, the receipt can be re-hash and compared to the original hash. If they match, it indicates that the message is unchanged and there is no data loss in transmission.

Similarly there are SHA-512, SHA-1, and SHA-3 etc.

Merkle tree testing in ethereum platform can be accomplished by verifying the hashes of a block and state root for each level. One need to be careful to see that child level is actually making its 1 level up parent. Other factor that needs to be taken care is the Orphan child level should be a valid one. Traversing to and fro the hash tree should be feasible and not broken

Penetration testing in ethereum platform:  There are lots of tools available in market both open source and customized versions. One such tool which needs a mention is “SlowHTTPTest” that simulates application layer denial of service attacks. One needs to test both Header and Body of the HTTP requests through exposed API endpoints. Based on the response time, it can be verified that the concurrent requests are being processed or there is a denial of service. This way we can confirm how vulnerable the app to slow http attacks in their default configurations.

There are lots many features and ways to ensure that security is not jeopardized for any applications and is hacker free almost.  We at MagicBlockchainQA, with thorough knowledge and vast industry experience ensure testing satisfies the following areas

  • Confidentiality − It protects any disclosure of information to unintended recipients.
  • Integrity It allows accurate and correct desired information get transferred from senders to its intended receivers.
  • Authentication − the identity of the user is verified and confirmed.
  • Authorization − It specifies access rights and permissions to the users and resources.
  • Availability − It enables the readiness of the information on requirement.
  • Non-repudiation It ensures that there is no denial from the sender or the receiver for having sent or received any particular message.

To know more about BlockChain testing and our services please contact us at

Drop in your comments or queries, at

Thanks for reading.



Official Integration Partners

	MythX Logo- Magic BlockchainQA

Security Testing

Securitize, Magic BlockchainQA Integration Partner

Platform Partner