How Aether United is Securing it’s Crowdsale

Justin Zheng
Jul 21, 2017 · 3 min read
Photo by Ilya Pavlov on Unsplash

In every single recent crowdsale/ICO, there have been scams and scam victims. (Often, the ICO is the scam. But we’re not going to get into that right now…)

A Dirty Scam

This blog will talk about how Aether United plans to secure it’s crowdsale and how YOU can prevent yourself from getting scammed. This won’t be a deep technical dive into the smart contract, that will come later. This is going to focus on social engineering and phishing attacks. Let’s get started!


Wallet Address Verification

$10 Million USD of Ethereum were lost in an attack on the Coindash ICO. This wasn’t a complex smart contract attack, instead, it was a very simple “cosmetic” hack on it’s website. Coindash used Wordpress (full of vulnerabilities. Just look up Wordpress CVE.) and a hacker managed to change the contract address on the site. So, instead of crowdsale participants sending ETH to the Coindash wallet, all their ETH was being sent to the hacker.

So, what are we doing to stop this? We can’t depend on having a secure website. EVERYTHING CAN BE HACKED. We can have the most secure website in the world, with completely static elements, and someone will still eventually figure out a way to get into it.

We need an easy way for our crowdsale participants to verify that the address they are sending to is correct. In order to do this, we will be livestreaming ourselves SAYING the wallet address on the morning of the sale. This will be recorded and reposted on all our channels. Crowdsale participants will be able to check the address on the website against the video to make sure that they are sending ETH to the right address.

In addition, we own the address aetherunited.eth, and crowdsale participants will be able to send to that.


Communication Server Security

What?!? People are still using Slack?!? Photo by Alex Guillaume on Unsplash

Right now, most of our communication takes place on our Discord server. Many of our boosted monkey friends still use Slack, which is worse than brushing your teeth with a toothbrush you found on the sidewalk. You’re going to get infected.

This is obviously the prime target for scammers. People are going to try sending fake urls, fake wallet addresses, fake everything. We’ve set up a bot to automatically delete any links and addresses found on a crowdsourced blacklist. During the crowdsale, ALL links and addresses will be deleted.

The ONLY credible source for links and addresses is our video and a stickied message on Discord. If you’re clicking stuff on social media, that’s your problem. Don’t be a complete idiot and you’ll be fine. If someone from a random Twitter account is telling you to click a link, DON’T CLICK IT. If someone from a credible Twitter account is telling you to click a link, DON’T CLICK IT. The account could be hacked. Do your own research.


3.Education

At least it’s not this complicated. Photo by Roman Mager on Unsplash

We understand that this is a new field, and it’s hard to keep up with all the scams. That’s why we write blogs like this. Here’s another one. Read it.


Come check us out!

Website: AetherUnited.com
Email: AUN@AetherUnited.com
Twitter: @AetherUnited
Facebook: http://Facebook.com/AetherUnited
Discord: http://discord.me/aun

)

 by the author.

Justin Zheng

Written by

Founder of Ardent United

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade