How to not get scammed by phishing attacks when investing in ICO's


Initial Coin Offerings or ICO’s, rose in popularity in 2017 and as the industry continues its rapid growth in 2018, ICO related scams naturally become more and more frequent.

In order to participate in an ICO you need to apply to a process called Whitelisting. After researching an ICO and you are interested to invest then you are required to express that interest by applying to the whitelist. This way the company that is running the ICO knows you are interested and instructs you complete what is known as the KYC process- Know Your Customer- where you submit your identification in order to be reviewed. Once the review process is finished and you are approved, on the day of the sale the company announces the smart contract address you are supposed to send funds and get the tokens, on their website. Usually once you send the money, the smart contract gets triggered and the tokens are sent automatically to you.

High profile ICO’s reach their whitelist limit very soon, therefore investors that get left behind are desperately looking for backdoors. One way to participate in an ICO that you haven’t made the whitelist is by ‘pooling’ which means that you get together with others that are included in the whitelist and invest together. This way though requires that a certain degree of trust to exist between people that are pooling.

When pooling is not an option, this is when scammers take advantage of investors’ eagerness to participate and hatch a scheme to trick them to send their Ether or Bitcoin to a phoney address. The most recent attack came over Slack, in messages delivered via slackbots, indicating an ethereum address to send ether funds to, (supposedly) in return for NuCypher tokens. In its response, NuCypher reminded investors that it would never use Slack to request investment.

So what in ICO can do to protect their investors and frankly to avoid such bad PR situations? Perhaps the most important strategy for issuers is emphasizing only one communication channel where sale news will take place. For example Vice Industry team emphasised where the payment address will only be communicated through.


This is a particularly beneficial approach since if critical information such as wallet addresses are broadcasted via the website, it's much harder for a fraudster to change the website than it is to send a convincing email.


ICO investing is extremely risky in and of its self. Investors should do proper due diligence and to protect themselves from poor investment decisions, ICOs that are a complete scam and now from phishing attacks like the ones described above.

Bogdan Maslea