Different red flags appear as cryptocurrency scammers get savvier
The changing nature of ICO scams means looking for different red flags.
One of the double-edged indicators in the cryptocurrency space is the constantly increasing quality of ICO scams. On the one hand, it shows that consumers are getting better educated and that the obvious scams of previous years don't really fly anymore. On the other hand, the scams are that much more sophisticated and harder to spot.
With Operation Cryptosweep, the largest investigatory ICO sweep by authorities (the NASAA) to date, in full swing and the SEC working hard to educate consumers about ICO risks, some of the more obvious ICO scammers might be feeling nervous right now, while the more careful might still be feeling quite confident.
After a slew of incidents involving fake team members and fake photos, most good scammers now know to use unique photos to avoid getting caught out. And with the well-known collapse of various alleged Ponzi schemes like BitConnect, high-quality scammers are getting more careful with their promises and prioritising the appearance of legitimacy over making hysterical marketing promises.
As the overall quality of scams increases, the red flags start shifting and the old indicators get blurrier.
With scammers getting more careful, some of the more useful flags might not be quite as obvious anymore, says Yo Kwon, co-founder of Hosho blockchain security firm. Plus, there's an awful lot of overlap between the actions taken by legitimate projects and scams – for example, both will hungrily seek publicity. This means simply looking for these things is never a bulletproof way of telling them apart.
Also, the least-legitimate projects are the ones in most dire need of more reputability, and so will often take steps in that direction where a genuinely legitimate project wouldn't bother.
"In many instances, it can be difficult to discern a scam from a legitimate ICO because so many of the steps they take are similar," Kwon says. "A bad actor will grasp onto whatever legitimacy they can, whether that is from advisors or partnerships, and leverage that to increase their reputation, which is awfully similar to what a legitimate entity may also do. With the NASAA organizing a task force to investigate and take enforcement action against potentially fraudulent projects, hopefully more companies will put a greater level of effort toward doing things the right way, separating themselves from the bad actors, and fewer investors will be scammed."
The new red flags
Some projects which went on to be an exit scam (take the money and run after the ICO) actually spent hundreds of thousands of dollars on marketing before doing so, apparently judging it to be a decent return on investment. It's safe to say that far fewer invested the same amount in security or tech audits.
"Actions from projects that signal long-term vision are often good signs. Someone that has an exit scam in mind doesn't care about the long-term health of their token or project and isn't going to be pushing for — for example, strong security measures," Kwon says. "In fact, part of their scam may rely on poor security in order to obfuscate who is at fault when something happens.
"When investigating projects, one factor the NASAA could hone in on is what kind of security measures are put in place. The responses and attitude from those leading the project can be very telling of the motivations behind the project. A legitimate company will want processes to be as secure as possible to protect their reputation and capital and would be aligned with making opportunities for bad actors more difficult."
So what does this look like for a speculator on the ground? It might be as simple as checking whether a project has been audited by a credible security vendor, is doing penetration tests, has active bug bounties and is generally taking security seriously.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, BTC and NANO.