With the increased proliferation of scam ICOs, vanishing projects, dubious token names, and scammers on Twitter pretending to be legitimate Crypto personalities (Litecoin’s Charlie Lee, Ethereum’s Vitalik, Binance’s CEO, etc.) or Token & Coin official accounts, it is time we have a guide on how to protect ourselves and our investment from these attacks. In this article we’ll go over how to enhance the security of your wallets both privately held (offline) and those at public exchanges, as well as how to go about scammy ICOs, Pump & Dump groups and thieves doubling as legitimate accounts on Twitter.
Protecting your Wallets (Exchanges)
2FA, which stands for Two-Factor Authentication, is a live authentication method where you basically have to identify yourself using a secondary input that only you have access to (such as an alternate email, a confirmation SMS text sent your personal phone number or an authentication app installed on your mobile device). The very first thing you must do after registering with any Exchange is enabling 2FA.
If said Exchange does not offer 2FA, it is in your best interest to take your cash and crypto elsewhere.
Protecting your Wallets (Private/Offline)
Whenever you setup a private or offline wallet (that is, inside your personal computer) you end up with what is called a private key, either manually entered by words of your choosing or an auto-generated string of words. This key is the ONLY access method you will ever have to that wallet and inherently the funds held within that wallet. Losing this key means you lose access to those coins/tokens for good, but leaving it around for anyone to grab also means it is prone to being accessed and emptied (possibly leaving you feeling blue for years to come). To protect yourself against these kind of accidents, it is best you:
- WRITE it down in a piece of paper.
- Save such paper in a lock box or a safe.
- If you are gifted with an Elephant’s memory, save it in your brain instead.
- Purchase a Hardware Wallet (add wallet links) like a TREZOR, Ledger Nano S or a Keepkey.
- Save it in a text file and leave it inside your PC (if your hard drive crashes and you have no backups, it is gone for good).
- Save it in text file and subsequently on a Cloud drive (OneDrive, Google Drive, Dropbox, etc.) as these can also get hacked.
- Send it to your self via email, your email is also prone to hacking.
Identifying ICO Scams
Oh this is a big one.
In a recently released report dubbed “The State of the Token Market” by Fabric Ventures (with data acquired from the TokenData ICO Tracking Platform) the year 2017 saw an insane $5.6b raised by ICO projects. Nearly half of those ICOs have already failed. Some ran out of funds, some have not updated their road maps for months, others have simply vanished. An example of that was the Prodeum “project” which left a blank page on their website with the word penis in it. luckily that scammer didn’t manage to raise enough to even pay for the domain yearly cost, as he disappeared with only $11.
Not only are ICOs an extremely speculative gamble (though some might end up providing a good utility or service in the future) they are also illegal in some countries due to laws in place by their regulative bodies (the SEC in the case of us Americans).
Here’s a list of what to look for when screening ICOs:
- Make sure the ICO is Distributed Ledger-based. Simply put, this is also defined as Blockchain-based.
- Go over the “Team Bio” 10 times, get their names and drop them into a Google search, Facebook, LinkedIn, Twitter. Also, look at their mugshots, some of them are dumb enough to grab pictures of recognized movie stars.
- If you’ve already read through the entire White Paper and you are convinced this is your next investment, grab a short sentence from said White Paper, copy it and paste on Google search and see what pops out. Check the source links, you never know, but chances are the White Paper is a straight copy of a completely different project.
TechCrunch has a really good and extensive article on how to stay away from scam ICOs. I suggest you give that a read.
Beware of Fake Twitter Accounts
Humans, for the love of all that is dear, if you see someone in Twitter (whether it’s Ethereum’s Vitalik or Ripple’s Garlinghouse) offering you 10 ETH for 0.5 of your ETH, it is a SCAM! We all need to be very vigilant and use common sense. The twitter scams are silly at best but unfortunately a lot of people are still falling for them.
If you are in the business of following the Digital Assets Market (namely Cryptos) on Twitter, you must, I repeat, you must exercise caution on who you follow, what advice you take and from whom, and who do you send your cryptocurrencies to (the answer to that last one is: no one).
Spotting a Fake Crypto Giveaway
Here’s how to spot all the Twitter scams requesting Cyrptocurrency for Cryptocurrency in return (makes no sense I know):
- First, nobody is going to asks for 0.5 of your ETH and give you back 1 or 4 or 10 ETH. It’s irrational to even consider this.
- If your greedy mind betrays you and you find yourself attracted by the idea, look at the account of the person or entity that is trying to offer you such unbelievable deal. Look at it again, but this time pay attention to their name AND their account name (the account name is the one that starts with an @ sign). You will notice that scammers try to impersonate a legitimate account by using their display name (see example below) but they cannot duplicate the actual twitter account. That is how you differentiate between the real person/entity in twitter and the scammer.
- Pay attention to Twitter’s Verified Seal. If it does not have their verified blue check mark seal it is probably not a good idea to even follow. Note however, that not everyone is allowed the verified seal and some legitimate accounts might still be unverified.
I’ll make sure to update this article as new security issues arise in the Digital Assets Market.
Stay safe and do your research!