As the world becomes increasingly digital, the rise of blockchain technology and web3 security is creating new opportunities for businesses and investors alike.
However, with these opportunities come new risks, especially in the form of scams that can trick investors out of their hard-earned money. One common scam involves scammers copying the website of a new project that is about to launch an initial coin offering (ICO) or initial decentralized offering (IDO). In this blog post, we’ll explain how this scam works and provide some tips on how investors can avoid falling victim to it.
This very scam was attempted on InsurAce in the early stages of 2021 as we were set to launch. The scam copied 95% of our earliest website, barely changing anything, just giving itself a new name.
This site uses static web hosting than dynamic hosting, which means anonymous developers can do web scraping for any site and copy & host themselves.
We identified the threat and performed the following security review on this scam.
The InsurAce team members happen to be on the website because the anonymous developer didn’t remove the names when scraping the earlier design.
When users click through to the ICO page and the end user clicks the “Buy” button, the MetaMask wallet will interact with the following smart contract
From the source code here:
This is a Token ICO smart contract and based on the initial parameters, an SEC token could be spotted.
The deployer of the SEC token:
This token was labelled as deployed by EnterCoin, which is linked to ENTER (ENTRC) – Technological and Financial Inclusion. EnterCoin was created by EnterChain Labs (EnterChain: Blockchain as a Service ). Enterchain Labs list the following three individuals as their team.
Their latest project Flamingo Chain appears to be continuing this trend of copying projects for their own benefit.
They continue to operate these scams based out of Turkey and the Philippines.
How the scam works
The scam typically begins with scammers creating a fake website that looks very similar to the legitimate website of a new project that is about to launch an ICO or IDO. The fake website will often include similar design elements, branding, and language, making it difficult for investors to tell the difference between the real website and the fake one.
Once the fake website is up and running, the scammers will begin reaching out to potential investors, often through social media or email. They will tell investors that they can get in on the ground floor of the project by depositing cryptocurrency into the ICO or IDO.
However, instead of depositing cryptocurrency into the legitimate wallet address of the project, the investors are instructed to deposit their cryptocurrency into a wallet address controlled by the scammers.
Once the investors deposit their cryptocurrency into the scammer’s wallet address, the scammers will take the money and disappear, leaving the investors with nothing. In some cases, the scammers may even go so far as to create fake social media accounts and post fake reviews and endorsements to make the fake website and ICO or IDO appear more legitimate.
How to avoid the scam
There are several steps investors can take to avoid falling victim to this type of scam. Here are some tips to keep in mind:
- Do your research: Before investing in any ICO or IDO, it’s important to do your research on the project and the team behind it. Look for information about the project’s goals, timeline, and leadership team, and be wary of any red flags or inconsistencies.
- Double-check the website: Always double-check the website of the project you’re considering investing in to ensure that it’s a real website and not a fake one. Look for signs that the website is legitimate, such as security certificates, links to social media accounts, and other indicators of trust.
- Verify wallet addresses: Before depositing any cryptocurrency, always verify the wallet address to which you’re sending your funds. Look for the official wallet address of the project, which should be listed on their website and in any official communications. If you’re not sure, reach out to the project team to confirm the wallet address before making any deposits.
- Be wary of unsolicited messages: If you receive an unsolicited message from someone claiming to be affiliated with a new ICO or IDO, be wary. Scammers often use social media and email to reach out to potential victims, so be especially cautious if you didn’t initiate contact.
- Don’t trust endorsements blindly: While endorsements and reviews can be helpful in evaluating a project, be careful not to blindly trust them without doing your own research. Look for credible sources and consider whether the endorsements seem too good to be true.
Investing in blockchain technology and web3 security can be an exciting and potentially lucrative opportunity, but it’s important to be aware of the risks of scams. Scammers who create fake websites and ICO or IDO offerings can be particularly tricky, but by doing your research, double-checking the website, verifying wallet addresses, being wary of unsolicited messages, and not trusting endorsements blindly, you can protect yourself from falling victim to these scams. Remember to always stay vigilant and do your due
InsurAce is a leading decentralised insurance protocol, providing reliable, robust and secure insurance services to DeFi users, allowing them to secure their investment funds against various risks. Being the 1st in the industry to offer cross-chain portfolio-based covers, InsurAce enables users to get unbeatable low premiums.
InsurAce has been live since April 2021 and has built a full-spectrum cross-chain insurance product line, covering Smart Contract Vulnerabilities, Stablecoin De-Peg events, IDO risks, and Custodian Risks… protecting over $350m of assets of 5000+ customers!
Join the InsurAce community:
Read More about InsurAce: https://www.insurace.io/blog