ICOs have already raised 4.4 billion USD in 2018 (Source), and we are yet to complete half of the year. The traditional VC funding model has been disrupted and you need not fly half way around the world to pitch investors in close door meetings in Silicon Valley to raise funds. Let us see, how you can accept bitcoin for your ICO

BTC — ETH Smart Contract

On ETH with ERC20 tokens, you can automatically send tokens to sender address using a sale contract. However, in case of BTC this is not possible. To do this automatically; complex smart contracts have been proposed, including a federated multisig peg suggested by Vitalik.

These solutions are far from production ready and it would not be wise to trust your millions of dollars on oversmart contracts that could get easily hacked. The most safe way right now is to use the Trust Method

People will send BTC to your account and they will need to trust to that you will take each sender and give them their ERC20 tokens

This has also been documented by Legolas Exchange ICO. This makes sense because there is an inherent trust implied when you are buying an ICO token. The fact that you are spending your money means that you trust the company to work on project and bet on increase the token value. A company that implements a perfect ETH sale contract can tomorrow not do anything on the project driving the token price to zero, in which case the smart contract isn’t smart enough to send you your ETH back!

Funds Online— Don’t be a sitting duck

Keeping your BTC online — Don’t be this !

So you decide to accept bitcoins and spawn a bitcoin node to receive funds / use a payment processor that forward funds. Keeping private keys online (even temporarily) is an invitation to be a sitting duck for hackers. I know, you are different, have a few security researchers on your team and have multiple firewalls in place ! But feel free to see the history on this:

MtGox — 750,000 BTC

BitFloor — 24, 000 BTC

Poloneix — 97 BTC

Bitstamp — 19,000 BTC

Bitfinex — 120,000 BTC

History of Big Bitcoin hacks — Source: Coinsutra

Disconnect your Wealth

The safest way to keep your ICO funds is offline. Keep your private keys in cold storage not connected to the internet.

Paper Wallet: This is undoubtedly the most secure way, unless quantum cryptography catches up/Superman wants to hack your ICO! You can simply create a wallet through offline bitaddress and forward funds from online server to paper wallet regularly. This is still a very risky proposition, the hacker could wait for a large amount to arrive and then steal the keys. A better way is to create an offline HD wallet using Ian Coleman’s tool and keep the seed words list on paper in several distributed locations. The customer’s bitcoin addresses can be easily derived from the public xpub

Hardware Wallet: There are several hardware wallet like trezor, ledger, keepkey. Private keys are kept on hardware and transactions have to be manually signed on the device. There have been no major hacks reported on any of the top hardware wallets, other than man in middle attacks that require temporary possession of the device [1] [2]