A Different Approach to Fighting Investment Scams
We asked this crucial question from Sentinel Protocol, which is a company trying to solve this specific problem. As they are security specialists, we wanted to get the solution according to their expert opinion. Here it is!
Though the rate of ICO fundraising has slowed down lately, ICOs are still an important matter in the area of cryptocurrency investments. In 2018, the project funding rate and the size of the average funding round were the highest till now.
ICOs are considered identical to hype and danger. When ICO happens, usually the project is at the very initial stage.
At this point, it is just trying to validate its promising team and consultants, tokenomics, and the reason why they even need the blockchain technology.
From the investment point of view, it is difficult to differentiate between a great and a good project, and a good and bad project. The bad projects may also be called as scams by the ones getting hit by the shabby returns.
However, the scam that we are referring to in this post is of a very different category. It is regarding the inspection of the validity of the information that is exchanged between the investor and ICO project.
Why people become easy scam targets
In a centralized setup, people have security institutions to protect them against frauds, where they can complain about fraudulent activities to the police.
However, in decentralized setups, this responsibility falls upon the individuals themselves to look out for themselves.
In the real world, if your credit card gets stolen, you can always call and block it and restrain any misuse of your card. But this is not the case in the crypto world. Once your crypto is stolen, it is out in the open beyond your control.
The main problem that causes all this scam is that most of the crypto individuals do not validate the authenticity of the transaction data. Secure online behavior is a skill that is learned over time. This cautious behavior is learned through repeated practice or specific education.
Those who have never been a victim of any malicious activity are less likely to check whether the website they are dealing with is a phishing site or not, or that the wallet address is secured or not.
The other main issue is that usually, the crypto individuals do not do a proper security check due to their lack of experience in this regard.
For a well-designed scam that is cautiously and carefully designed by the malicious actors, these average crypto individuals do not have the capability to check them on their own. Like, if there are tips roaming about in the community to check for the SSL certificate of every website.
This can be done by most of the crypto individuals. But if it requires some specific code or checking for spoofed emails, most of the people do not have knowledge and capability to do such deep security checks by themselves.
ICO Projects a Major Target for Scammers
Though it is not revealed very openly, ICO projects are no exception to scamming targets. We also witnessed various scams when we got our ICO for Sentinel Protocol
And these are not just simple scams where a careless ICO participant might go for the wrong wallet address, fall for a giveaway scam on Twitter or visit a phishing site.
It is a part of the ICO lifecycle to get personal messages from the consultant on Telegram, and emails from the sites with ICO review and listings. Therefore, it is easy to impersonate telegrams and emails from similar domains.
Some malicious groups try to disrupt the sales or fake KYC submissions. As we are a security company with in-house security experts who are doing digital forensic and risk researches all the time, so, we were able to block these efforts successfully.
But what about those who do not have the resources to hire a full-time security expert team. Those who do not have individuals to discriminate between the malicious data and legitimate information, then go through the same experience what would they do.
The ICO projects are constantly receiving queries from their investors about such impersonator scams who pretend to be the ICO project official.
In such a situation, the team members also need to be very careful as these scams can also target the project team. No doubt, most of these security breaching attempts occur from the inside, so the crypto companies should also be careful.
Simple Solution but Tough Implementation
Because of the critical nature of these threats, it is necessary that an approach must be adopted that integrates contribution from various parties, offering their perspectives and expertise.
However, this complicated solution must not make the individual users confused by its advanced sophistication.
This solution in itself is very complicated for the following reasons:
1. It has to be a realistic, practical and direct solution for the scam problems detected most often.
2. It requires the basic root knowledge of these scams and also about how they can be solved.
3. The experience of users should be easy and fluent for everyone to adapt, especially the new ICO investors.
Accessible and Comprehensive Threat Database
These scams and malicious attempts are going on everywhere in the world constantly. To get a complete collection of comprehensive threat data it is necessary that we use collective intelligence.
As we are a team of cybersecurity experts that have extensive industry knowledge, we have understood that to build a decentralized threat database by using this collective intelligence, is not going to be possible without the help of blockchain technology.
These ideas made the backbone of Threat Reputation Database (TRDB) that is developed to collect as much information and data about these scams and malicious activities as possible.
The system counts on the “The Sentinels”, the network of security experts, which are dispersed globally and are incentivized to use their expertise for the token economy.
To enhance our team and kickstart the procedure of populating the database, we still require the pre-existing knowledge and expertise.
The purpose of hiring “Pre-Sentinels”, after interviewing them and verifying their security expertise, is to lay a the foundation of these threats upon which the others can build a token economy.
Together they are building a list of authentic ICO data, as well as of malicious ICO data. This will be used to display what authentic information can be safely accessed by the ICO participants.
To make sure that individuals are able to distinguish between scams without getting hit by them, it is extremely important to establish an easy-to-use solution that can be used as the golden standard while dealing with crypto scams out there.
Therefore, the first iteration of our product was chosen to be a chrome extension. The extension double checks that the site being visited is authentic and the wallet address is correct or not. Tapping into this extension reduces the chances of sending the contribution to a wrong address.
Reducing Security Threats Globally
To invest in an ICO project takes a lot of research to find a great project. So it is important to make sure that the resources one is putting into it are used legitimately without the risk of any kind of scam in the process.
A security program like TRDB makes sure that the knowledge by the expert crowd is applied to the general public to help them access the authentic platform and data.
With the advancement in blockchain applications comes the advancement in scamming and fraudulent threats. The provided solution should be so friendly user that every common person can get benefit from it.
Today, cybersecurity is becoming more and more rampant with the increase in cyber-terrorism. To fight against these cyber-attacks, we have to make sure that we work together and protect each other from these mischievous actors.
Sentinel Protocol is the first ever crowd-sourced threat intelligence platform that is built on the blockchain base.
It gathers and evaluates the information from original hacks, frauds, and scams to develop and improve the security of crypto assets.
Using a decentralized Threat Reputation DataBase (TRDB), this intelligence is shared with crypto exchanges, payment services and wallets.