Can you trust ICO review sites? The Benebit ICO problem suggests not
ICO review sites were left eating their positive words after a "legitimate" ICO disappeared with US$3 million.
After pulling in an estimated $2.7 million to $4 million, the Benebit ICO has disappeared with the money, reports Bitcoin.com.
Benebit described itself as "a disruptive network for the cashback and loyalty market based on blockchain technology". It had been active on social media for over a year, and its ICO was well hyped. The project had also been given the green light and marked as safe by a range of ICO review sites, such as ICO Syndicate which it apparently fooled with a fake passport.
If Benebit was a scam, it was apparently a well-orchestrated and well-funded one, spending about half a million dollars on marketing.
ICO Syndicate says that it verified the identity of the Benebit CEO with a passport check, but after the news of Benebit's disappearance broke, it conceded that the passport was a fake.
The alleged scam only broke down when people recognised the Benebit team photos as being taken from the staff photos of a British boys' school. This happened in the pre-ICO stage, suggesting that Benebit would have gone further if it could.
Stealing the team photos from another website is a fairly obvious flaw and a surprising risk for Benebit to take after so much investment in the scheme.
This might also be a concern for people who depend on ICO review sites to sift through the evidence on their behalf.
In the case of ICO Syndicate, it did its due diligence by requesting a passport to verify identity, but apparently didn't thoroughly check the rest of the project or take any concrete steps to verify the authenticity of the passport.
This raises the following issues:
- Having set rules makes things easier for scammers. If the rules call for a passport, then scammers can make sure they have a fake passport ready to go. There's also a difference between simply requesting a passport and actually verifying a passport.
- ICO review sites depending on each other for information. ICO Syndicate was just one site among many that gave Benebit the green light, and others might have taken that as good enough. It's possible that a fraudulent ICO could be rated as legitimate across multiple sites by fooling just one.
It seems likely that the only reason Benebit managed to raise so much money was by getting listed as legitimate on ICO review sites. In the future, scams might emerge with the specific goal of getting the green light from ICO review sites as Benebit apparently did.
ICO Syndicate's business model, whereby it negotiates bulk discounts on token sales for "high-quality" ICOs per month, means that almost anything can make a lot of money simply by getting listed there.
And as these events suggest, all you need is a fake passport.
It's also likely that ICO scams will get more sophisticated over time as it becomes more apparent how much money can be made. The cost of the fake passports which snuck Benebit past the reviewers was probably negligible next to the half a million dollars it spent on marketing.
Fake passports have existed as long as real passports have, and scammers learn from each other. If word gets around that a fake passport is all it takes to get on ICO Syndicate, scammers are going to start using them a lot more widely and start targeting ICO Syndicate in particular.
Benebit might be a one-off right now, but unless ICO Syndicate makes some changes, it will most likely just be the first among many. The safest path right now might be to do the following:
- To think twice before taking ICO reviews at face value
- To always do your own research
- To consciously balance the risks and benefits of getting in early with pre-ICOs
- To be aware of how little it actually means when someone claims to verify identification by requesting documentation
- To look for a statement from ICO Syndicate on how it plans to update its screening measures to prevent this from happening again, and to take your money elsewhere if it doesn't make any changes
- Ethereum Constantinople delayed after re-entrancy vulnerability found
- A subtle new strain of cryptocurrency malware has been discovered
- Cryptopia hacked: Losses estimated at US$3.5 – $11 million
- It’s not smooth sailing for Ethereum in the countdown to Constantinople
- 0x cryptocurrency now paying market makers up to $15,000