Before launching an ICO, usually, the project’s team registers their official accounts across multiple channels, to reach a wider audience and to maintain a close connection with their community. As you don’t need to create a separate account on apps or platforms that you won’t use anyway, this is a very convenient way of getting your information. They will communicate on the platform where you spend the most of your time. But aside from convenience, how safe is it?
Depending on their number of dedicated community managers, a popular ICO raising a large investment prepares their official accounts on the following platforms:
- Official website
- Facebook account
- Twitter account
- Telegram channel
- Slack channel
- Medium blog
- Steemit page
- Dedicated subreddit
And these are just the essential ones. They can have Instagram, Snapchat, and other accounts on channels related with their field of expertise.
What happens if any of their accounts get compromised and starts sending people a wrong participation address?
WARNINGS: DO NOT SEND FUNDS TO ANY ADDRESSES. Certain Enigma accounts are under attack. We are working to resolve this, stay put.
— Enigma Project (@EnigmaMPC) August 21, 2017
More than $500,000 worth of Ether was stolen in a blink of an eye, from people like you and me, who were devoted to the Enigma ICO, after their website, Slack administrator account, and the mailing list was compromised by hackers.
This hack happened when only one month ago CoinDash’s website was compromised and $7 million was stolen from investors.
After these events, the biggest question in the community is:
How can you be sure you’re sending your investment to the right address?
They will never send you the address!
Any funding address shared on any of the channels, received by email or in a direct message is a scam. An ICO will disclose their address only on their official site at the specific date they prior announced. You will be able to see this address only after accessing their website after the opening time and accepting their terms of service (checking those boxes that you never read, but you should!). If a random address just pops in your inbox, it is a sure sign it’s counterfeit, and never send your money to it.
At the crowdsale time, follow multiple channels
Even if you’re following their latest news only in one channel, when the crowdsale begins, make sure to tune with as many official channels you can. The scammers can take over one account, but they can’t claim all of them. Having multiple streams of information means you can spot conflicts immediately or, if something happens, get the team’s announcement right away.
Use common sense
The ultimate advice is to use common sense. Most scammers do a very poor job of trying to sound and look like the project’s team. If you’re following the team closely, they will have their own style of announcing the news. Some are more formal, some try to be funny, but all of them impose their own style on their communication. This is where scammers fail, sticking to a simple message of asking for money and using simple phrases like “Hi Everyone,”,”Thank you!”. Going deep into the details you can easily spot every scam.
Be wary of claims to validate any of your information
Another known tactic of scammers is to claim that a particular ICO website or account was hacked, and will ask you to either verify your investment or account data by clicking on a new link. This has been seen lately in a lot of Slack crypto-investor communities and is a heated source of debate between the Slack administrators and Slack itself. While Slack administrators can ban accounts that are spreading malicious links in their Slack chats, they cannot preemptively exclude them, which means you have to be very wary of any links posted by “official” accounts, but that is NOT on their official channels. And as a rule, do not click on any links that are not from trusted sources, even if the URL might seem legit! There are many ways to “spoof” an URL name to seem as if it is an official URL, however it will lead to a site where hackers can easily steal your data.
Stay focused, stay safe. Good luck on you future investments!