When it comes to an ICO, nothing can compete with quality due diligence.

While nothing can compete with quality due diligence, knowing which red flags to look for in order to steer clear of scams or bad ICOs can be helpful.

Use case does not require blockchain

Not every venture needs a blockchain, and not everything needs to be decentralized. This might seem obvious, but with all the hype around blockchain technology and its disruptive potential, it can be easy to latch on to an idea the moment its whitepaper mentions a large industry the project is purportedly tackling.

Even projects that require cryptocurrencies as payment (e.g. Steemit, which rewards writers on its platforms with a native “digital points system,” Steem) could very well survive with existing cryptocurrencies like Bitcoin and Ether.

When evaluating an ICO, a good first question to ask is: “Do we need a blockchain or a native token for this project?” If the answer is no to both, chances are the ICO project is an example of solutionism — crypto for crypto’s sake — or a scam.

Empty repositories for open-source projects

If an ICO project is proposing open-source code, an empty or nonexistent GitHub is often a red flag.

One of the key traits of many public blockchain projects is the fact that they are open-sourced. This means the code base is often uploaded to repositories like GitHub for all to examine. For those who have blockchain programming experience, looking through the published code can allow them to gauge a project’s validity.

If something seems like a scam, probably is.

One of the most obvious red flags for a scam project is the lack of detail on how the technology works. For nontechnical investors, it can be helpful to simply check if a project has any existing files uploaded to public repositories or if a project has a functioning product.

While Reddit is generally not an advisable source for investment advice, sub-threads dedicated to discussions of specific ICOs or crypto assets often offer a good entry point for the more technical evaluations.

Mining structure disproportionately favors development team

While not always an accurate litmus test for scams on their own, the supply schedule and mining structure of an ICO can be used to cross-reference other data points and validate the intention of the founders.

In simple terms, a premine refers to when a portion of the tokens for a crypto project is made available to a small group prior to being made publicly available. At times, this can be a necessary vehicle to reward developers and early investors. However, if the percentage of total tokens supplied throughout the lifetime of the project reserved for a premine is high, there is reason for concern.

For instance, Paycoin, whose founder was found guilty of operating a $9 million fraud scheme, had the majority of their tokens reserved for developers on the project. Favoring the development team could be an indication that the team’s intent is to maximize their personal financial gain from the appreciation of the token, rather than maintain the viability of the blockchain network over time.

Insufficient information on website/whitepaper

If something seems like a scam, it probably is. When you are unsure whether a project is a scam, it is better to err on the side of caution. While it is possible that the lack of well-designed websites and detailed information for a crypto project is because the project is still in its infancy, it can be hard to determine whether a project is underdeveloped or a scam.

Or maybe you a buzzword salad we just talked about but hoped to find something completely different in the Whitepaper. This can be true, as developers may try to simplify or hype up their product on the announcement or website and detail the actual tech behind it on the whitepaper. However, if the whitepaper is full of these same buzzwords with no clear meaning, no actual tech is discussed and only high-level descriptions are given, then this is definitely a scam.

Whitepapers usually explain how the platform works both on the high-level and specifically. This often includes charts, calculations, simulations, specifications and so forth. If your project claims that it is building some sort of decentralized service or token with new features and actually provides no explanation of how it works specifically, then just close the document and walk away.

In many cases, they can be both. In those cases, interested investors can either wait for more information (such as in the case of Asia-based ICOs, where information is only translated into English later on in the project), or simply avoid ICOs they do not fully understand. 

Another crucial source of information for all ICOs is the whitepaper — the document that outlines the mission, technical details, team and other crucial details behind the venture. While the amateur investor may not have the technical background to fully understand every aspect of a whitepaper, general understanding of blockchain concepts is a must when evaluating whitepapers.

Some more legitimate projects (e.g. Ethereum) offer a high-level whitepaper outlining the key points of the venture, alongside a detailed technical document that explains the technology behind the project.

Buzzword salad

“Our decentralized blockchain-based platform will disrupt the landscape of cryptocurrency investment while building a trustless network of pseudonymous users that leverage swarm intelligence technology to provide real world financial services in a tokenized ecosystem.”

Sounds great, right? (Not really) Well, maybe I’m not as good as some scam artists are but that’s the gist of it. Buzzword salads look good but when you actually sit down to digest them, they taste like vague claims and empty promises. If you read through a paragraph and have learnt nothing new by the end, then there is probably nothing to learn.

Some people may have a tendency to use buzzwords as a means to turn a boring text or announcement into something exciting. However, these will have a certain amount of information on it, even if you have to filter out some of the nonsense. Still, if a project needs to do this, then the project is likely to be as boring as watching paint dry.

No clear roadmap

Typically, ICO projects list their funding and development goals on a clear timeline for investors to see. The lack of a clear roadmap could indicate that the developing team has no long-term plan for the project, and as such is likely to be motivated solely by short-term financial gain. Paired with a large premine reserved for the developing team, this could be a strong indicator that an ICO project is not to be trusted with your money.

Often, ICO projects will have dedicated Slack or Telegram channels that the public can join. Through periodic updates distributed on these channels, potential investors can get a sense of how the project is developing.

However, malicious scammers can easily create a timeline out of thin air or provide fake updates on chat apps. While the lack of a timeline is certainly a red flag, the existence of one is not a wholly sufficient condition to indicate the legitimacy of an ICO project.

Unrealistic goals

Scam projects will often make bold claims about their product even though said project offers nothing new or disruptive. It’s not likely that a certain blockchain platform or cryptocurrency will end poverty, fix global warming or replace the internet. This can also be truth for how they expect the community or markets to respond to the product. If someone claims their cryptocurrency will replace Bitcoin, get a disproportionate amount of users, or increase by 100x in the price charts, you can add that project to the scam list.

If the project does have that potential, professional developers will never make such promises. They will let you know about the potential of their project and that’s it. No serious team will ever make a price prediction about their token or claim it can fix the world.

No Code Repository

This is what matters. Like someone said before “Code is law”. Even if the project announcement and whitepaper are complete trash, you can always count on Github or Sourceforge to put an end to all doubts. If the project provides no link to the code at all or if the project is nothing more than a clone with a few changed lines of code, then it’s not worth your time nor money.

Anonymous team or team with weak experience

Understanding who is on the team behind a blockchain project is perhaps the most important step in your due diligence. Even if the premise of the venture and the addressable market seem attractive, one of the biggest determinants of a venture’s success is the makeup of the team behind it.

It is often a red flag if the team behind an ICO does not have any named full-time developers. Additional caution should be taken if none of the leadership team has any domain knowledge in the specific vertical.

When looking at a team and verifying their experience, platforms like Twitter and LinkedIn are useful. However, it’s important to note that they are not infallible, as profiles can be faked. If members of the team claim prior association with universities or companies, double-checking with reputable third-party sources (e.g. a university newspaper or the company website) can provide the facts.

ICOs often list their advisors on their websites. You should also verify whether the advisors are legitimate.

This is very important. Who is behind the project? Is the team made up of well-known members of the cryptocurrency community? Are they known in other areas? Have they been involved in previous projects? If the answer is yes, then this may be an interesting opportunity. Just remember to check if the person is actually aware of the project as scammers may use famous names just to get people interested even though these are not part of the team.

Anonymous developers will also raise some flags but this doesn’t mean the project is a scam. Being anonymous is not the same thing as being unknown. Great projects have come from anonymous devs. Nxt and SuperNet are a good example of this. However, an anonymous developer with no previous history in the Bitcoin community (no posts on reddit, bitcointalk, and so on), then stay away.

Often times, team members are neither anonymous nor well-known. While most serious projects often have at least one known face in their team, not being a famous crypto community member does not mean the team member is part of a conspiracy. In this case, you’ll need to vet the team members carefully. Are they known in other areas? Can you find anything about them that is not related to the project? If not, then you may want to stay away from this one.

A quote from a steemit post by moonjelly called “How To Create An ICO Scam in 5 Simple Steps” illustrates this perfectly:

“You need to show the faces of the people behind this world changing project. So get some at uifaces.com, come up with some common names (so they are very hard to google) and add the most ridiculous resume you can think of.”

To better vet team members, remember to check all social profiles. Do they look real? Anyone can create a social media account to get credibility, so you need to check when the account was created, the activity it has so forth.

You can also easily check if they are a real member of the Bitcoin community through a very handy feature on Bitcointalk, the most popular cryptocurrency forum out there where this projects are usually announced. Bitcointalk keeps a log of users that have recently changed password or resetted his account. To check this, you can see the common log here or you can check the user’s Trust page. A reset will be shown for 30 days, while a password change will be shown for 3 days.

This feature makes it easier to determine whether an account has been compromised or if has been sold. Scam artists will often buy a Bitcointalk account with decent activity to gain trust, so beware. It is also possible that an account is purchased so that the team can post images. However, if the team does not announce this themselves, they may have something to hide.

Compromised Escrow

This one is extremely important. Escrow is basically a service that holds coins for their customers until a certain deal is completed. For example, I sell you a book for x bitcoins. If I send you the book first, you may never send me my btc and if you send the btc first, I may never send the book. An Escrow service fixes this situation by holding the btc until the book is received. If the book is received, the escrow can release the payment. If not, the coins are returned to the buyer.

ICOs will usually have an escrow to hold user’s funds during the ICO and after. These escrows are usually multisig wallets in which the multisig key owners are two or more trusted members of the community and one project team membe. In a scenario where a project member has one key and two community members have two keys of a 2-out-of-3 multisig wallet, the team member requires permission from the one of the other key holders in order to move the funds. This is why it’s important that at least two of the escrow members are known community members and have confirmed their intent to be an escrow.

The aforementioned DeClouds scam was able to swindle “investors” by having an escrow with one community member, one project team member and a third key holder which was a supposed neutral company. This company was nothing more then the same scammer in disguised. Since he had 2 of the 3 required keys, he was able to move the funds.

You also want to check the type of escrow that is being used. Like -Greed- said in his "How to spot an ICO SCAM" post on bitcointalk:

“Of course it's more complicated. Like escrow releasing 100% funds towards devs on token distribution is bad escrow. Good release conditions is when parts of funds get released on development progress: 20% on tokens distribution, 50% on beta release, etc.”

So keep an eye out for the Escrow participants and the escrow conditions. This may save you some money.

Fake pictures?!

This is unusual. Very unusual. Scammers will rarely try to fake pictures for one simple reason. It’s completely crazy. Photoshopped images are very easy to tell apart from the real thing and even if you have a professional doing the editing, there is software (free and paid) that will easily detect a forgery.

As you can see, the world of cryptocurrency can be hard to navigate but if you’re careful and vet project effectively, you should be fine. Unfortunantly, there will always be naive investors. The example we used on this post, DeClouds got around 300 BTC from this scam, which is pretty sad. So, stay aware and keep clear of scammy projects.

So if this is unusual why are we talking about it? Because someone actually had the nerve to do it! We just couldn’t bear the thought of not including this on our guide.

DeClouds proposed something along the lines of using the ICO funds to buy precious metals with which to back their tokens with. This is not new. However, they claimed to have a partnership with the UBS Bank, where they would store these precious metals. There obviously was not partnership whatsoever and the scam artist managed to put an end to all doubts by taking this claim too far. In order to “prove” this partnership, the scammer photoshopped (or paid someone to) himself (or someone that was portraying him - it’s still not clear) onto two existing images with members of the bank. This was quickly picked up by users who posted the original pictures, thus proving DeClouds to be a scam.