Initial Coin Offerings are some kind of honeypot for scammers and black hat hackers. They are trying so many techniques to cheat on investors and crack founders. So we decided to develop our own ICO security check-lists: for investors and for founders, which will help to avoid common pitfalls before and during an ICO.
Founders security checklist:
- Email investors on any action: login, address change, profile change
- Force 2FA by emailing codes for every login and important changes
- Write logs on any action, do not forget to include IP, user-agent, etc.
- Check if some of your investors have the same address for tokens output, those who invest via web-site not smart contract
Investors security checklist:
- Do not reuse passwords
- DO NOT REUSE PASSWORDS!!! Otherwise your account will be cracked in 1–5 attempts
- Turn on 2FA whenever possible, prefer Google Authenticator over SMS
- Do not follow any links from public Slack or Telegram, always use official blogs and websites
- Always check your wallet address for tokens twice
- Do not send money to smart contract without inspecting it’s code, find a developer who will check it for you
- Do not pay to smart contract from exchange, use standalone wallet
- Always check website host and certificate if working with money
