Open in app

Sign in

Write

Sign in

Mysterium token sale aftermath

Roberto Vis
Mysterium Network
Published in
4 min readJun 6, 2017

Thanks to your support and participation — Mysterium token sale went quite fast, selling out in 45 minutes.

Protecting project against fraud

We received multiple warnings about possibility of fraud and there are many angles of attack, so let me try to tackle some of them.

We want to share our experience — how all of it happened, looking through our eyes. As token sales are quite common these days — everyone should expect more people coming into this space trying to make a few quick ethers by simply defrauding contributors of these token sales. The most common fraudster approach is to provide people with the wrong address where to send the funds. Goal is one, but there are many strategies how to achieve this goal.

We hope this information might be useful to some of you protecting against that.

We as a team started to prepare and let me focus only on communication taking place on slack in this post without going deep into other points.

I. No address posting in chat channels from team

First we informed everyone that none of the team members will ever post any addresses nowhere in any of chat channels. See the earlier post here.

This allowed us to create a bot — which instantly reacted harshly if anyone would post any ETH addresses in public channels.

II. Slack Channel structure

We set up a different slack channel structure, we renamed #general channel into #announcement and created a separate #general channel. Then created a script — which invited all members into the newly created #general channel.

This allowed us for more control. In the #announcement channel we limited to who can speak in it — only to team members and left #general chat channel open for all kinds of questions and discussions, which grew exponentially the closer time got to the launch of the sale.

Also this allowed us to mute the #general channel anytime, in case someone tried to hack/fraud the channel, which they eventually did, and we had to pull the trigger.

Fun fact: once the channel is “archived” — you can’t change anything in it, but you can still look at it’s history. After we archived #general channel — we saw that there is a pinned message, soliciting an address posted by one of the fraudsters, but the problem was — we couldn’t do anything about it without first restoring the channel. So we had to silently restore the channel, unpin the message and archive the channel again. Transaction took about 8 seconds, no harm done :)

III. What if our team member got hacked?

There’s always a risk that your computer might be hacked into, passwords stolen, accounts overtaken.

We created special communication protocols within a team, allowing us to recognize — if we are still talking to the same person.

Besides that we shared ownership of the slack channels between multiple team members, if any of us would be hacked — other team members had means to quickly disable that account and revert the damage done.

IV. Team communication

During the sale we were physically in different locations, so in order to have a smooth communication — we had a voice chat between team members throughout the preparation and the sale.

This allowed us to coordinate our actions and react quickly to any of the immediate needs, of which there were many. Also it allowed us to hear other team member speak personally, additionally protecting against hacking risk.

V. Lookout people

One of the waves of attack was — creating multiple accounts that looked very much like our team members and using this account to spam (using bots) messages to all slack members. Off course people performing this type of fraud are not stupid — they eliminate us as team members from their recipients list — so we wouldn’t know that this is happening.

For that — we had “lookout people”, who did not associate with the team to everyone else and were reporting to us if this started to happen — so we could deactivate such accounts. There were about 7 accounts we had to deactivate.

No bulletproof protection

We tried our best to protect all of you, but no protection is 100% bulletproof. To my knowledge there are 2 people who got defrauded, and sent up to 10 ETH to the wrong address.

Thanks

We want to thank those who helped us during this intense period while preparing and also helping to to keep our heads straight during the actual dive.

Phabc — our most active non-team member who helped us with channel structure, bot, scripts, etc.. Thank you

To all Anonymous lookout people — thank you, you know who you are and without your help we wouldn’t have protected many participants from many fraud attempts.

Team — for amazing coordination and calm heads during this intense period.

And all of you who watched, discussed, asked, participated and believe in this idea and the team.

Future

Now the team is finalizing essential tasks associated with this token sale (like bounty) and soon we will be regrouping:

  • getting ready to hire new team members,
  • getting ready to open up an office space,
  • getting ready to fulfill our promises.

If this project interests you and you believe you would like to work with us — please contact me on Slack (my handle is @robertas) or if you know anyone who might be fitting and willing to work on such a project — don’t hesitate to get us into contact.

Thank you all, lots will follow as we progress.

Slack
ICO
Mysterium Network
Token Sale

--

--

Roberto Vis
Mysterium Network

Written by Roberto Vis

1.4K Followers
Editor for

Helping build an ecosystem of Empowerment.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams