How to Stay Safe During ICOs and Other Periods
Last updated: October 8th, 2020
Domain Verification
The Problem
There are many website clones of ICOs with fake contribution addresses. Sometimes they use character substitutions in the domain (e.g., an "i" becomes an "l" in the scam site). Sometimes they use IDN domains which are harder to see with your eye (e.g., a "c" becomes a "ƈ").
The Solutions
These are various tools that you can use to protect yourself.
Install Browser Extensions
There are many browser extensions that offer similar functionality to protect you against the fake domains (IDN homograph attack domains, fake project domains, other scam domains).
EtherAddressLookup - Github - Chrome extension
MetaMask - Github - Chrome extension - Firefox extension - Brave extension
Cryptonite - Chrome extension - Firefox extension - Opera extension
Use Bookmarks
You should never rely on links people send you, or results in a search engine. You should always type the address manually and then bookmark it and start using the bookmark every time.
0x Address Verification
The Problem
Once you've sent ETH (or any other crypto or token) and the transaction has been confirmed on the network, it is irreversible. So you need to ensure that you have the correct address when you sign your transactions.
During ICO phases, many communication channels (Slack, Telegram, Discord, Twitter, etc.) are slammed with fake accounts promoting "the contribution address."
The Solution
Confirm the Address
You can confirm the address for an ICO with some simple checks:
- Search the address on block explorers and check for comments.
- Typically, ICO addresses are contract addresses. If the address given to you doesn't have a contract, it's usually a scam.
Alternatively, get your wallet provider to implement the EtherScamDB JS library to show a visual indication: etherscamdb-js-address-validation
Github — NPMJS.
The Problem
Twitter has recently become a prime spot for scammers to pretend to be famous account holders by copying their name and profile picture and announcing giveaways.
An example
The Solution
There are various ways by which you can "ignore" these scammers.
Muting Key Scammer Phrases
You can go into your Twitter settings and mute words/phrases so you won't see them. Here's a bunch of phrases you could ignore:
give-away
give away
giving away
giveaway
Get BTC or ETH for free
Disabling Notifications From Fresh Accounts
This one can be quite aggressive, but Twitter allows you to block notifications from accounts that fit certain criteria. If you go to your Notifications settings, you can select your preference.
We recommend ticking the following:
- Those who haven't confirmed their phone number
- Those who haven't confirmed their email
- Those with a new account
This should prevent you from getting notifications from people tweeting at you regarding scam ICOs, pretending to be an ICO you follow, and other types of phishers / scammers.
Installing EtherSecurityLookup
This browser extension comes with functionality that will highlight similar account handles to those "verified" by the extension and show a "verified" icon next to the handle on your timeline.