Security Tips for Wannabe Investors: How to Identify ICO Scams
The author, David Balaban, is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation.
In the current cryptocurrency climate heated up by the skyrocketing value of Bitcoin, people with financial resources on their hands treat startups in this domain as a promising opportunity to get the bang for their buck. ICO (Initial Coin Offering) is what bridges the gap between enthusiasts who plan to launch a new cryptocurrency venture, on the one hand, and potential sponsors of such projects, on the other.
In a nutshell, the gist of an ICO is as follows: a certain percentage of the would-be cryptocurrency also referred to as virtual tokens, is sold to early investors for fiat money or another existing type of digital cash. If the project turns out successful, the value of these purchased coins grows over time, and the backers get a substantial return on investment. In case the startup doesn’t raise a sufficient amount of funds to go live, the investors may get their money back.
Notorious ICO scams
Any new initiatives, where money circulates back and forth, are a classic lure for scammers, Initial Coin Offering being no exception. Retrospectively, con artists have announced ICO campaigns for rogue projects, got money raised and vanished. This is why it’s imperative for early backers to be on the lookout for red flags when considering an investment option of that sort. Some of the most defiant incidents described below might give you an idea of what the typical ICO scam looks like.
The fraudulent Opair ICO took root in 2016. The ne’er-do-wells behind it were able to raise $1 million for their fake startup, promising backers decentralized debit cards in return for their donations. Unfortunately, the fact that the Opair crew acted quite suspiciously from the beginning didn’t discourage interested parties.
Specifically, the rogue players had set up LinkedIn profiles that were clearly sockpuppets crammed up with phony personal details and photos. Furthermore, the purported startup reps were allegedly so concerned about their privacy that they rejected all offers to attend cryptocurrency-related events or even have video calls with potential backers.
In the upshot, shortly after the Opair coins made it to exchanges, the crooks dumped them and their website was knocked offline. The fundraisers, obviously, lost it all.
This ICO was a bit more controversial than the outrageous Opair scam. It’s still unclear whether it was a fraud from the start or an unsuccessful attempt to create something the proprietors failed to cope with. One way or another, people lost a great deal of money over it.
BitCad was purportedly intended to be a replacement for numerous areas of business activity, trading and even government functioning. In particular, it was supposed to accommodate biometric verification, a decentralized trade engine, and a smart contract constructor, to name a few. Meanwhile, the mechanism of implementing these sophisticated features was a mystery for the most part. Nevertheless, the Initial Coin Offering raised $5 million.
Things started to smell fishy when some members of the large BitCad crew abandoned the project shortly after launch. At about the same time, the team stopped posting new announcements. Despite the apparent signs that something went terribly wrong, some early backers are still anticipating good news from BitCad architects in the near future.
Authorship was marketed as an ERC20 (Ethereum token standard) project. Its alleged goal was to become a decentralized means for authors, publishers, reporters, and translators to get rewarded for their intellectual work via ATS tokens. This ICO raised some $1 million.
Some discrepancy between Authorship proprietors’ story and real life should have become an early wakeup call for wannabe investors, but it didn’t. The light-fingered individuals claimed to be motivated by their experience running a bookstore. However, visiting the store’s website unearths its primitive nature from the get-go as it offers nothing but pencils, paper memo pads, and vinyl computer decals. To add insult to injury, Authorship makers indicated a fictitious address of their headquarters.
At the end of the day, a lot of backers never got their ATS tokens. Some did, but their price turned out much lower than promised. Therefore, even the ‘lucky’ investors lost up to 80% of their money over Authorship.
How to invest in an ICO safely
Just like any investment undertaking, Initial Coin Offering implies risk. This is why the rule of thumb is to treat these cryptocurrency startups with a reasonable degree of paranoia and weigh up the pros and cons before ever considering participation. Whereas there is no universal criterion for vetting the validity of an ICO, it makes sense to scrutinize a few things.
- Peruse the whitepaper
An ICO’s whitepaper gives insights into the project team, goals, development roadmap, token implementation, the timeframe for listing the tokens on cryptocurrency exchanges, and similar technicalities that might be of interest to a potential backer.
So, take your time, read it (including the fine print), and make sure you can explain the gist of the startup in detail to somebody else. Keep in mind, though, that a fraudulent ICO may include a whitepaper, so this hallmark alone isn’t ultimately informative regarding its legitimacy.
- Examine the website and social accounts
This tip is a no-brainer, but it speaks volumes about likely red flags. While the website of an ICO doesn’t have to be top-notch to the bone, it should use a valid SSL certificate (the URL starts with HTTPS). Furthermore, a trustworthy startup should have a social media manager who spreads the word about the ICO and interacts with the online community. Get in touch with that person, ask a few questions and see how responsive and professional they appear.
- Look for endorsements
If someone reputable in the blockchain domain supports an ICO, such feedback is definitely on the plus side of the project. It doesn’t mean, though, that all startups that cannot boast well-known aficionados are scams.
- Verify code auditing
Ascertain whether the code of the project has been thoroughly audited for bugs, malware, security loopholes, and other weaknesses. Make sure code auditing was done by renowned security researchers. Such an insight may give you important clues on how serious the ICO authors are about their startup.
Long story short, exercise prudence, do some reconnaissance on your own and follow your intuition before making up your mind regarding the investment. Refrain from purchasing an ICO’s virtual tokens unless you get all the questions on your checklist answered and you’re okay with those answers. And again, some extra paranoia will play into your hands when it comes to joining a new cryptocurrency venture.