8 Ways to Spot an ICO Scam

Guest Contributor: On Yavin, Founder and CEO at Cointelligence

Modern technology has opened the doors to the advent of digital assets such as cryptocurrencies and security tokens. The financial sector got an upgrade, with most of the processes and exchanges getting their own digital equivalents. A few examples of the technological upgrades as found in the financial technology industry are cryptocurrencies, which are the digital answer to fiat currencies, and Initial Coin Offerings (ICOs), the equivalent of Initial Public Offerings (IPOs).

An ICO is considered to be a modern fundraising tool. It allows the general public to buy into and support a company or product, allowing investors to benefit from the value created by the ICO. There are currently over 10 ICOs being launched daily and over the course of the past 2 years, thousands of ICOs have entered the market.

Determining the Legitimacy of ICOs

ICOs have different characteristics as outlined in their whitepaper and each one of them has a goal or purpose in development, but unfortunately not all of them are legitimate. Fraudulent ICOs have made their way into the digital trading ecosystem to the point that some people just assume that an ICO is a sure way to get scammed, even though that’s not always the case.

The key to avoiding scam ICOs is to do your research. Take note of the red flags, connect the dots, consider what the risks might be, and then decide if it’s worth investing. Being an informed investor can go a long way into improving your portfolio and gaining long-term results.

8 Red Flags of Scam ICOs

There are legitimate ICO rating websites out there, which can help you with your research. The problem is that not every rating website is trustworthy or reliable. Some sites, even prominent and well-known ICO lists, have experts who are willing to take a bribe for a higher rating. That’s why there’s nothing better than being knowledgeable about the information you need to identify a scam, rather than relying on someone else’s rating. Here are some of the ways to spot a fraudulent ICO:

1. Dysfunctional, Poorly Made, or Copied Website

A website is basically the brochure or catalogue of a company running an ICO, but some fraudsters don’t invest in them. The laziest scam ICO’s website is usually just a basic template with minimal changes, like in the case of ETHBAY. Another known ICO scam, Referpay, used an app image that came with the template on its website, and that same default image has been used by multiple other scams. Although the website is not a 100% reliable indicator of a scam, most scammers are too cheap or lazy to pay a developer or designer to improve their site so the web page is the first place they cut corners.

2. Fraudulent Team Profiles

It’s important to know who the people behind the project are; and it’s of greater significance to know if these are actually real people. One ICO, Veio, used stock images to pass off as their team members.

Some ICOs simply list a bunch of people on their team who don’t exist, and that’s all the effort they put into it. However, there are a few other ways a scam ICO can be deceitful about their team:

  • Make fake profiles for the fake members of their team
  • Have real people on their team, but lie about their experience and where they have worked in the past
  • Claim that people are on their team who actually have no affiliation with the project
  • Have a completely anonymous team (that probably doesn’t exist or isn’t qualified)

If you can’t find the member of an ICO’s team on social media, can’t verify that they actually worked the high-profile jobs they claim to have previously held, or they don’t have the project listed on LinkedIn, you have found another red flag.

3. Questionable or Unoriginal Whitepaper

The whitepaper is known as the project’s profile. It is a summary of all the information that a person needs in order to decide if the ICO is worth supporting. More than originality and grammar composition, the whitepaper should contain the authentic information needed to make sound investment choices. Warning signs for a whitepaper include plagiarized material, outrageous claims with nothing to back them up, and a lack of details about how the project plans to actually achieve what it promises.

4. Unclear Objectives of the Company

Every project or ICO has a goal, and the goals should be realistic, time-bound, and feasible. If the company has goals that are “too good to be true”, you should double-check to make sure that they have the technology and capability to back up their claims.

5. Unmaintained Code Repository

Since blockchain technology is the key to some of these ICOs, the key to knowing its legitimacy is checking the projects GitHub repository or other code repository. If a certain ICO declares itself to be an open-source ICO then the code repository should speak for itself, with code updates at least once every two weeks.

6. No Pre-ICO Stage

It’s important to note that not all ICOs go through a pre-ICO stage; but one should also note that most ICOs have more than one round or sale stage. Not all ICOs with pre-ICO stages are legitimate as well, and it’s important to compare the number of tokens that they’re planning to sell during the ICO itself.

7. Unrealistic Use of Proceeds

The ICO’s whitepaper should be transparent on how the funds are going to be used. There should also be a part which says the project owners are not allowed to sell their coins for a fair length of time, to prevent cashing out or exit scamming.

The distribution of the funds should also be clear. The majority of the project’s income should not be going directly into the pockets of the founders! It should be invested in the project and its success by paying for development, marketing, and other business expenses.

8. Legal Entity and Company Registration

Behind every ICO there is a company. Make sure their company name and company registration number are available or visible, either on their website or on their whitepaper.

Preferably the company should be registered in a jurisdiction where the regulations and guidelines are favorable for ICOs, like Gibraltar, Malta, or Switzerland.

Almost every country has a public database where you can cross-check and see if the company is actually registered.


A lot of financial technology institutions are dedicating themselves to protecting consumers and clients from fraudulent ICOs, however there are thousands of ICOs out there and going through every single one of them is going to take a lot of time. As an informed investor, you can take these tips and symptoms as lessons on what you can do to prevent yourself from falling prey to a scam.

About the Author

On Yavin is the Founder and CEO at Cointelligence, the data layer for the crypto economy. He has extensive experience as a serial entrepreneur and an angel investor, as well as more than 20 years of experience in the tech industry.  On uses his deep hands-on experience and knowledge of online marketing to create winning strategies for ICOs, crypto, and blockchain companies. Having earned the reputation of a crypto expert, On continues to contribute to this industry in ways that advance cryptocurrencies and blockchain technologies. On has a law degree (LLB) and is also a certified Advocate by the Israeli Bar Association.

CZ Explains How Binance Dealt With Aftermath of $40 Million Theft

On Sunday (May 19), Changpeng Zhao (aka "CZ"), the Co-Founder and CEO of digital asset exchange Binance, told the crypto community what he and his team had been up to since the May 7 security breach that resulted in a theft of over 7,000 BTC from their Bitcoin hot wallet. 

What Happened on May 7?

According to CZ, the hackers involved in the security breach somehow managed to get control over a number of user accounts and structured large withdrawals from these accounts in such a way thay managed not to be detected/noticed by Binance's "pre-withdrawal risk management checks." Their "post-withdrawal risk monitoring system" only noticed something was wrong after the hackers had moved the stolen BTC off of the exchange via a single transaction, at which time it immediately suspended all "subsequent withdrawals." 

At first, the Binance team was not exactly sure what had happened, and so they decided that the safest course of action was for CZ to send out a tweet to say that the "withdrawal servers" were in "unscheduled maintenance mode" while the team was investigating the incident. 

Communication With the Crypto Community

Once the team had confirmed that the exchange had been hacked, information about the security incident was broadcast to the outside world via all of Binance's communication channels (such as Telegram, Twitter, and Medium). 

Since the team could not be sure which user accounts the hackers had access to, it was decided that it would be too risky to allow further withdrawals to be made until the team had the chance to make "significant changes" to the platform (to make it more secure). Binance's announcement on May 8 estimated that the exchange needed to do "a thorough security review" and estimated that this would take about "ONE WEEK," and that during this period, "deposits and withdrawals" would need to "REMAIN SUSPENDED."

By being fully transparent in their communication with Binance users, they were able to receive "tremendous support" from them.

CZ's Periscope AMA Session on May 8

Seeing CZ live put much of the Binance community "at ease." Unfortunately, because CZ had been up all night, he was not in an ideal mental state when he did the AMA. Just before the AMA, his team told him that a Bitcoin Core developer had suggested that it would be technically possible to roll back the single Bitcoin transaction carried out by the hackers by "hugely incentivizing the miners." CZ made the unfortunate mistake of mentioning this "reorg" idea (which he now realizes is a "taboo topic") during the AMA, for which he took a heavy beating (especially from hardcore Bitcoin maximalists) on Twitter (and elsewhere). 

CZ's Mental State Right After Being Told About the Bitcoin Theft

Although he was in a "F***, F***, F***” state" for around 10 seconds, a few moments later, he "began to come to terms with it," and a quick mental calculation told him that the theft of around 7000 BTC (equivalent of around $40 million at the time) could be fully covered by their SAFU fund. Meanwhile, his team had already gone into "War Mode", and their professionalism and support cheered up CZ. 

Support From the Crypto Community

Binance received support from many sources: people defending him and Binance on social media platforms, and helping to answer questions; the Binance Angels (who are all volunteers) "addressing questions" and "reassuring" users on "multiple communities"; analytics firms helping with the tracking of the stolen funds; exchanges and wallet services offering to help by blocking "any deposits associated with the hacker addresses"; and "numerous offers for help from law enforcement agencies around the world."

A Blessing in Disguise?

"Speaking with various team members, and as correctly analyzed by community members, such as Gautam Chhugani, this incident may actually be a good thing for us in the long run. Security is a never-ending practice. There are always more things to do in security, and we have implemented many of them in this last week and will continue to implement more in the future. Given this incident, Binance has actually become far more secure than before, not just in the affected areas, but as a whole."