ICO NewsSecurity

List of ICO Scam Techniques by Hackers

ICO Hacks and Scams

I participated in the Nimiq ICO and it was shocking how many people got scammed by a variety of techniques. I'm not even talking about the scam ICOs themselves, which is a completely different subject. Let's just assume the ICO you're investing in is legit.

The fact is that the moment an ICO is announced, hackers and scammers around the world start working on various plans of how to steal money from the participants. So I'm trying to write out a list of as many of these ways as I can to help people avoid losing their money.

Substitute Characters in URL Trick

The way this work is that the hacker makes a copy of the website. In this case, www.nimiq.com was duplicated to be something like www.nímíq.com The entire site looked identical, except for the smart contract had a different send to address.

So then what the scammers do is that they start promoting Nimiq on forums, especially ones where Nimiq's team hadn't actually posted anything. They answer people's questions, everywhere, and keep providing the wrong URL to people. A few people fell for it and send money to the wrong place.

Solution: Make sure you go to the original website to use the smart contract.

Other Alternative Site Copies

Thieves duplicated the Nimiq site in other ways too, just like the above trick. Both www.nimiq.su and www.nimiq-tokensale.com were online, with the scammers promoting them. When they posted on Nimiq's telegram and slack, they got banned and deleted, so they returned and then started sending out personal messages to people who were asking questions, offering to help them with the token sale. Quite a few people got scammed, as shown here: https://etherscan.io/address/0x944a3F5641d6FAf7a6AbDE4ec31e40d0929955eD Some pour soul sent 14 Ether to these guys! In total, over 41 ETH was stolen this way, which was over $12,000!

Solution: Make sure you go to the original website to use the smart contract.

Clipboard Trojan

There are now Trojan malware that are able to track when you COPY a Bitcoin or Ether address, and it will change it on the fly, so when you PASTE it again, you'll be inserting the thief's address instead. Since addresses are strings of random characters, many people won't notice. There are some cryptocurrencies working on eliminating addresses that use random characters and instead using "human-readable" addresses, which will help with this problem.

Solution: It's very important that you manually check the SENTO address before hitting that SEND button!

Email Phishing

In this one, hackers send out emails to ICO participants, telling them they can get a special pre-sale discount, or similar nonsense, and give them a link to their own smart contract. In their greed, a few people fall for it and send money to the thieves. They can get the emails many ways, such as hacking the founders' email list, spoofing their URL, or creating their own list from other sources.

Solution: ICOs are very unlikely to change plans last moment. If something seems too good to be true, it probably is, so check carefully.

Hack the Slack

In the recent Enigma Hack, the perpetrators got into the Slack Acct, locked out the other admins, and posted links to a special pre-sale. Even though Enigma had made it very clear they wouldn't have a pre-sale, a lot of people fell for it anyway and the hackers netted almost half a million dollars!

Hacked Website

In the CoinDash Hack, the hackers infiltrated the website and changed the sendto address in the smart contract, so $7+ million was sent to the wrong account. It was difficult to detect because the hack was done in such a way so that the address change was intermittent, so the founders still saw deposits going into their wallet, only at a slower rate.

Solution: It's difficult for an ordinary person to take steps against this one, because it's up to the ICO founders to watch their website carefully and make sure nothing is awry.

Lists of Other Crypto Hacks

https://storeofvalue.github.io/posts/cryptocurrency-hacks-so-far-august-24th/
https://www.cryptocoinsnews.com/ripple-tfpartialpayment-causes-gox-style-hack-justcoin-exchange - Justcoin Hack

Cryptomorrow - Cryptocurrency, Bitcoin, Ethereum