How to stay safe during ICOs and other periods
Last updated: 2019-07-08
There are many website clones of ICOs with fake contribution addresses. Sometimes they use character substitutions in the domain (e.g., an "i" becomes an "l" in the scam site). Sometimes they use IDN domains which are harder to see with your eye (e.g., a "c" becomes a "ƈ").
These are various tools that you can use to protect yourself.
Install browser extensions
There are many browser extensions that offer similar functionality to protect you against the fake domains (IDN homograph attack domains, fake project domains, other scam domains).
You should never rely on links people send you, or results in a search engine. You should always type the address manually and then bookmark it and start using the bookmark every time.
0x address verification
Once you've sent ETH (or any other crypto or token) and the transaction has been confirmed on the network, it is irreversible. So you need to ensure that you have the correct address when you sign your transactions.
During ICO phases, many communication channels (Slack, Telegram, Discord, Twitter, etc.) are slammed with fake accounts promoting "the contribution address."
Confirm the address
You can confirm the address for an ICO with some simple checks:
- Search the address on block explorers and check for comments.
- Typically, ICO addresses are contract addresses. If the address given to you doesn't have a contract, it's usually a scam.
Twitter has recently become a prime spot for scammers to pretend to be famous account holders by copying their name and profile picture and announcing giveaways.
There are various ways by which you can "ignore" these scammers.
Muting key scammer phrases
You can go into your Twitter settings and mute words/phrases so you won't see them. Here's a bunch of phrases you could ignore:
give-away give away giving away giveaway Get BTC or ETH for free
Disabling notifications from fresh accounts
This one can be quite aggressive, but Twitter allows you to block notifications from accounts that fit certain criteria. If you go to your Notifications settings, you can select your preference.
We recommend ticking the following:
- Those who haven't confirmed their phone number
- Those who haven't confirmed their email
- Those with a new account
This should prevent you from getting notifications from people tweeting at you regarding scam ICOs, pretending to be an ICO you follow, and other types of phishers / scammers.
This browser extension comes with functionality that will highlight similar account handles to those "verified" by the extension and show a "verified" icon next to the handle on your timeline.