Biggest ICO scams. And lessons learned

Published : 07 August 2018

Cryptocurrencies and ICOs seem to forge ahead regardless whether the market is bullish or bearish. In fact, in the six months of 2018 ICOs have already broken a record of raised capital. Unfortunately, ICO scams are still prevalent on the scene, and no signs of it slowing or dying down can be seen. In this article, we will focus on some of the biggest ICO scams we’ve seen so far. We will also try to understand what went wrong and could be the lessons learned. We will divide them by type. While reading, you will notice a myriad of red flags we mentioned in our article what to look for in an ICO.

Exit scams
Exist scams work by fraudulently enticing unsuspecting investors to buy a coin during a pre-sale and actual sale. After the ICO however, in a Snagglepussian way, they “exit, stage left” (or right, or any other way they see). So it is the early investors that take the hit here. Below are some of the biggest ICO scams of this type.

Based in Canada, PlexCoin raised around 15 million USD. As with some other scams, some aspects of the company and how it marketed itself should have given investors serious pause. Reading the whitepaper is often a good first step to evaluating the company, and PlexCoin whitepaper should be considered a guidebook for ICO scam red flags. For example, their explanation for why they haven’t released a whitepaper until almost the last moment? “We wanted to avoid a tricky situation: a situation in which people could have read our white paper and develop our concept before we even launch it.”. You can read our article on ICO whitepapers here.

The Canadian authorities warned the company not to go through with an ICO in July 2017. However, the ICO was conducted a month later in August 2017, raising around 15 million USD. This got Lacroix, the head of the company, contempt of court, a personal fine of $10.000 and a fine of $100.000 to be paid by the company, assets frozen in Quebec, and two months in jail. In December same year, SEC joined the crackdown and seized the assets, calling it a “full-fledged cyber scam”. Recently, AMF (Autorité des marchés financiers) in Quebec has ordered the leader to return more than $3 million in Bitcoin in his possession.

We included Benebit not only because of the significant amount of funds that went missing (estimated to be between $2,7 – $4 million) but also as a cautionary tale not to skip any due diligence before investing in an ICO. At first (and second, and third…) glance Benebit looked legit. They had a serious whitepaper promoting a product that made sense. It aimed to combine users’ various loyalty programs and put them on the blockchain. Something that Harvard Business Review thought was a good idea months before the ICO went live. Not only that, but Benebit also offered the possibility to exchange your unused loyalty points for cryptocurrency of your choice. So there was proof that the concept has value in itself, it wasn’t just adding ‘Blockchain’ to your name. The scammers outsourced many functions (primarily related to marketing: promotion, community management, etc.) and have waited for over a year for a community to be developed around the project. Over 9 thousand people joined their ICO’s Telegram channel. Interestingly, it was even given positive reviews by various rating websites. ICO Bench, for example, gave it 4.1 out of 5 stars. Everything seemed to be legit and going well. That is, up until it all went to hell.

As you may know from our article, an important checkpoint is missing from the paragraph above. It was the reason why Benebit was exposed as a scam – team photos have been discovered to be stolen from a British school for boys. Identity information provided turned out to be fake. When the news broke in January 2018, the team quickly shut down their website, pulled documents (whitepaper, etc.) and left social media channels. The community seemed to be shell-shocked.

The Benebit scam shows how crucial it is to make sure that a project checks out across all aspects. The team, up until their exit, was active on social media for over a year and is said to have spent over half a million on marketing. Unfortunately, the current whereabouts of the scammers are unknown.

Block Broker: “Fraud eliminating” ICO exit scams
The reason for adding this exit scam is pure irony, as this is precisely what the company was said to do. The company’s idea was to fight the spread of ICO scams. “Block Broker has set out to provide a 100% safe environment for ICO investors”, read their Whitepaper. How noble, right? However, at the beginning of June, the team disappeared. The website simply stated that the platform “is under maintenance” (website has been taken down soon after the scam was revealed). The message itself is not necessarily a disaster. But Twitter and the subreddit thread went dead as well – telltale signs of a scam.

Roughly a month before, a user on a Reddit thread noticed that the founder bears a suspiciously striking resemblance to a Ukrainian photographer. Later comments also point to CEO’s LinkedIn profile. “He had ZERO real jobs. Not even at McDonald’s”, writes one user. The whitepaper is quite short, with mostly pictures, and lacking in in-depth content. There is little technical detail, and while the team, distribution, etc., are mentioned, they do not really go in-depth. The scammers may have gotten away with as much as 3 million USD, but the amount is hard to confirm.

Miroskii: I’ve seen that graphic designer before….
In March this year, Miroskii, another “bank without any bankers”, promptly went quiet after making implausible claims, such as “Miroskii coin is [sic] been tested, approved and accepted by most of the industry giants who has [sic] already started using the MRC (Miroskii Coin) in their closed B2B sector”, as well as the fact that Visa, MasterCard, Maestro Card, and American Express are issuing their pre-paid card.

Although not out of the question, stating that such an unknown startup has partnered up with that many major credit card services and is already being used by unknown “giants” is as crazy as listing Ryan Gosling as an employee. Oh, wait…

Soon, a Reddit thread started, while a developer Claus Wahlers made a whole post on Github Gist revealing real identities of the team. None of them were real.

The company has claimed to have raised over $830,000 from over 380 investors, but both numbers are hard to prove. Miroskii claimed to have been hacked, but the company has raised many other red flags: companies cited in the team’s experience are fake, whitepaper hasn’t been released until very late, and very low social media following. However much money they managed to get away with, it’s still too much for the shoddy work they did, even as a scam.

While arguably hacks do not belong under the category “scam”, we wanted to focus in this article on what we can learn from the insane amount that has been lost. And security breaches fit here just fine.

Summer seems to be prime time for ICO hacks. June 2016 suffered the most severe ICO hack to date when $50 million was diverted from the DAO. A year later, in July 2017, CoinDash had to halt its ICO due to a hack that resulted in a loss of around $7 million. Minutes after the ICO started, the hackers managed to send investments into their faked address. In the summer of 2018, KickICO has released a statement that a hack occurred on the 26th of July, with an estimated loss of $7.7 million.

Makes you wonder what might happen next summer…

Jokes, PR stunts
We want to mention a few examples of ICO events that brought a smile (and occasional tear) to the community. These are ICO examples that make people more confused than angry, although if you asked people who actually felt cheated by them their answer may be different. We chose those that could best deliver some of the points made throughout this article.

Is this is a scam? Yes, it is. Ok, let me give you money
One of the most facepalming examples of scam ICOs are those project that have the actual word “Ponzi” in the name. One would be already too much, but up to date, there have been three (!) such projects.

First one, called PonziCoin, appeared in 2014. Described as a gambling game, where players make deposits along minimum and maximum investment lines. As the number of players increases, older ones are rewarded at 120%. Naturally, as deposits slow down, so do the payouts. The game had 6 successful rounds, but before the 7th the rules were changed, and after the round, the creator, calling himself Vortuarackne, got away with roughly $7.000. And while you may think that’s nothing, the people who invested definitely disagree. Also, this was back in 2014, when cryptos were a niche hobby. Sometime after, the creator made a post saying that the site was compromised. And apparently, all the funds were returned.

Another PonziCoin appeared in January this year. The project didn’t even pretend to be anything else than what the name said. Rishab Hedge, a San Francisco developer, created the coin calling it “world’s first legitimate Ponzi scheme”. The investors could get their investments out at 20% of the current rate, so in order to make a profit, one would have to wait until the coin’s price at least tripled. The FAQ section included the following statement, which could not be clearer: “It’s a literal pyramid scheme. You are fairly likely to be one of the last people to buy PonziCoins, so another 100 tokens probably will not be sold, and the price may not ever double again, in which case you could lose up to 75% of your investment. There’s also a chance the contract runs out of money or gets hacked in which case you could lose all of your investment.” Its whitepaper even included a link to this SEC warning against Ponzi schemes within the virtual currency environment. Shortly after it launched, the creator decided to shut it down, stunned at the popularity of the coin, which reached $250.000.

Our absolute favourite is PonzICO.

Josh Cincinnati’s recap of PonzICO’s first-day recap is a joy to read. As is the 12-page whitepaper of the project.

Annnnnd…it’s gone. Or not?
This year on April 18th, the hearts of Savedroid’s investors stopped. Savedroid has raised $50 million in their ICO. The project has been developing for three years, and the CEO had business experience. Nothing would suggest a scam. Until it did.

Suddenly, on the 18th of April, the company website featured only this South Park meme, the social media such as Telegram went quiet, the office was emptied. All telltale signs of a scam. And just to make everything absolutely clear, the CEO, Yassin Hankir posted the following tweet:

Panic has been unleashed. Adam Selene, a journalist from Crypto Briefing, has decided to track the perpetrator down, utilising and encouraging the community to share any information they may have regarding the CEOs location. Pretty soon the area has been narrowed down to Egypt, possibly even one resort in particular. The next day, however, brought a surprise.

In a surprise move, the next day Savedroid tweeted “SAVEDROID WAS HERE, IS HERE AND WILL BE HERE! After crazy 24h you for sure have many questions. We do owe you an explanation! Therefore our CEO @YassinHankir has recorded a personal message to resolve the situation.” The video explains and apologises for the “drastic campaign”. Apparently, it was done not as a prank, but rather to convey a warning message about ICO scams.

In a May interview with Crypto Briefing, Yassin explains the experience during the ICO that led the team to take such drastic action. He described the difficulty of keeping an ICO safe under constant attacks from scammers. Frauds were constantly trying to duplicate the website, post fake Google ads, change addresses so that people buy counterfeit tokens, and create phoney admin profiles on their Telegram channel, etc. Finally, the team snapped and quite spontaneously decided to fake exit.

The company tried to make a point warning against scammy ICOs which makes the market unsustainable, should the current lack of regulation continue to run rampant. The statement is objectively true, which doesn’t mean that the PR stunt worked as it was supposed to. The team has been visited by the police the next day, and an adverse reaction from the community is prevalent. Every Savedroid communication channel includes comments ranging from negative to downright hateful. Some say that the CEO should resign, others that no matter what the firm does, they want nothing to do with it. It’s difficult to pin down financial consequences, as the Savedroid token will be available on chosen exchanges starting August 10th. If you click around, you can also easily find articles citing Savedroid as a scam next to other fraudulent projects, such as Pincoin, and Arisebank. So while the financial consequences may be harder to pin down, the company definitely took a massive blow to its reputation.

Scams always happen. But why are there so many within ICOs?
So how did these scammers manage to swindle millions? There are several possible answers.

The could have been brilliant scams that even experts couldn’t distinguish from the real deal. But were they? While some scams have been hard to spot, and only done after they absconded with the money, many of the ICO that have raised millions were laughable. Let’s take PlexCoin, mentioned at the beginning. They had so many red flags and yet managed to get away with millions.

Perhaps technology is to blame. Compared to existing solutions, blockchain is very complicated. A vital part of a project is security, which is also one of the hardest aspects to understand. In fact, you can never be safe from a hack. Security is one of the key issues for the technology to grapple with as it develops. This, however, affects the whole industry, not only ICOs. The complexity of the technology may contribute to the confusion of many investors, but cannot be blamed for the proliferation of scammers in this area.

Is it the market then? Is it simply too easy to make irresponsible decisions within this environment? Judgement errors, which may cost unsuspecting investor all their savings? We have shown in another article that ICO is a brilliant and easy way of raising funds. And we’ve seen many successful companies take off after an ICO (NEO and Ethereum are first that come to mind). So ICOs themselves should not be sole issue.

Is it the regulators? Have they allowed fraud to thrive? Regulations aren’t coming in, and one of the main reasons why is simply the fact that is it very difficult to do so. As you may know, ICOs, contrary to IPOs, are global. And even if you ban them in your country (looking at you, China), companies still find ways around the ban, via for example airdrops or Initial Mining Offerings. Also, the ‘purists’ of the community despise regulation and argue against it, as it goes against the core principles of Blockchain and Bitcoin.

So we come to the final suspects of why ICO scams are so successful – people. Lack of due diligence by investors is staggering at times. There is an insane amount of people who are willing to invest an unprecedented amount of money based on nothing – promises of quick, guaranteed returns. That’s just not how it works. But one of ICOs main advantages, access to the market by every individual investor, also means access to the market by every. individual. investor. Which means that some people, especially those who know nothing about money, cryptocurrencies, or trading, also have access to this environment. And some more desperate, greedy, or naive may invest significant amounts on empty promises. And then they lose money because it turns out that 1000% monthly returns turned out to be a lie. You can joke that people would still invest even if told that it’s a scam. Except we don’t have to joke. That actually happened with PonziCoin. What can be done when people invest without thinking? Is there something to be done?

There is money to be made here, but it should be ruled by the value of the team, product, and the project as a whole, not by hype. And until people learn to recognise red flags and invest responsibly, exit scams will continue to happen.

Lessons learned
Here are a few insights to keep in mind next time you’re researching an ICO.

Don’t fully trust communities
While checking whether a community exists is a very good step in evaluating and ICO. A big, active community signals that the project may go up in value. However, it is important to know that just because a lot of people believe that a given project is awesome, does not mean that is not a scam. Many ICOs, or rather companies/teams behind them, hire outside firms for various aspects, for example, marketing. As such, these companies may do a great job marketing the project without knowing it’s a scam. This has happened for instance with Benebit. It is explained on Telegram by ICO Syndicate Team who promoted the project, “It looks like most or all of the companies involved with Benebit were scammed by them as well. This includes the company who was managing their Telegram and doing content marketing for them and more, the technology company who did their website, dashboard and created their white papers. Even some advisors had no idea that Benebit is not a legitimate project. The actors in their MVP video were probably unaware as well. This a tough lesson for the all of us”.

Check the team
First thing, reverse search photos of the team. You can use for example TinEye, or choose any other from a wide variety of websites and extensions. It is so easy and quick! And if you see Ryan Gosling on the team and still invest, you kinda deserve to lose money.

Additionally, make sure that companies listed in experience are real. If there aren’t any companies, just a very general “[Name] has broad experience with Blockchain. He worked on a number of successful projects, including an ICO”, then it’s a red flag.

Look into the value offering
Let’s take the Benebit example. Loyalty programs on the blockchain? Sounds great, as many sources would tell you. But just because a technology could do something, does not mean that human actors will allow it. Think of the loyalty points more in-depth. Exchanging points is great for consumers, but the whole idea behind loyalty points, is, you guessed, loyalty. A free exchange of the points would have diluted consumers commitment, and more importantly for the companies, profits from them. Firms are simply not willing to share, they may form partnerships across industries (e.g. fly points and hotels), but usually, a loyalty reward scheme works only for one company because that’s how it’s usually the most profitable for the issuer.

Lessons learned:

  • Evaluate everything on the ICO checklist (whitepaper, value offering, monetary policy, security, team). Look here for inspiration
  • Reverse search team photos. You can use Google or TinEye.
  • Don’t fully trust ICO scanners and reviews
  • Don’t fully trust communities
  • Just because some red flags can be easily spotted in some projects, it doesn’t mean that the ICO you’re eyeing is legit. Perhaps it’s just made by skilled and patient scammers


  • Related
  • Latest
  • Popular