The consensus in the crypto community is that there are a lot of scammy ICOs out there. The obvious ones who make fun of the market aren’t the problem. Those who deliberately try and cheat people of their money are.

The fear of missing out is strong, but people need to start waking up because most of these teams will never be able to deliver upon their great promises.

Last week’s guidelines from the SEC will hopefully be a first step in making life harder for dishonest teams. However, these are some of the red flags you should still look out for before investing:

  • Much fluff, little wow. The project’s flashy website will be filled with buzzwords but little actual content. Chances are you will be met by a big BUY NOW sign. Often the site will be built on a free CMS template, which in many cases will mean less than optimal site security, when considering that the goal is to have millions of dollars flowing through it.
  • The team is small with little relevant experience. They have no proof of concept or prototype and there isn’t a lot of code to review in their GitHub. When asked critical questions the devs are non-responsive and when googling the project, you will find negativity among the community and in social media.
  • Their business proposition is vague. If there is a sound business model to be found, it will be facing strong incumbent competitors. Identifying a real use case for their token and what is going to make it rise in value proves difficult. The team may be keeping most of the tokens for themselves, a token which only will get traded on one small exchange, meaning the valuation will probably be way off and allowing for price manipulation.

If you spot any of these signs, hold on to your ETH for dear life.

We need to talk about hacks

Over the past few weeks, we have seen several cases of alleged hacks against ICOs. Some of these were definitely legit hacks that lead to theft of ICO funds, like the attack against the Parity wallet software (that’s right, the Ethereum protocol wasn’t hacked, a dapp sitting on top of it was). The attack exploited a bug which allowed the thief to first obtain ownership of other people’s multisig wallets and then move its funds.

The Parity team has confirmed the bug and are taking steps to prevent any other critical errors from making it through to release. Most importantly, an explanation was given to the public, including data and technical details of what happened. No reason to suspect any of the involved parties of shady dealings here.

Other “hacks” seem less obvious. A couple of recent cases have seen the ICO teams reporting the theft of donated funds, followed by less than satisfactory explanations as to how the hack took place. The information given has been vague, some would even say indistinguishable from an exit scam.

If you really were hacked, why would you not want to disclose the full details as to how it went down? And if your loss of funds was a result of human stupidity, say so, don't leave people guessing and creating conspiracy theories about greed and inside jobs. An opaque process will only hurt your project and the community,

Disappointingly, there was no questioning of the veracity of the stories. This at a time when we should demand proof and hard data, not just accept some vague dismissal from the team about having reported the hackers and refusing to share further details. Just because the ICO market has been labeled “the New Wild West of Investing” doesn't mean we should let people get away with anything.

Spreading fear, uncertainty and doubt

Simply blaming these incidents on immature technology and demanding that security is improved, before you understand the project in question and how the alleged hack took place, is not good enough. That only contributes to spreading fear, uncertainty and doubt.

How about this for a business model: 1. Do ICO, (1b. Short your own token,) 2. Get “hacked,” 3. Profit (thanks to Reddit user Dmitriyy).

Because really, what is to stop the founders of a dishonest project from staging their own hack? For some of these teams, there is a thin line between raising funds and plain greed.

Thus, it is important to challenge the business models of the ICO projects and scrutinize the teams. There are probably more scammers out there right now than there are hackers.

Even though ICOs, primarily the Ethereum ones, are getting a lot of heat at the moment, the chances are good that some of these projects are going to be the ones that eventually bring Blockchain technology and crypto across the chasm. Investors and media need to up their game a little to make sure the scammy ones get what they deserve.

- By Trond Vidar Bjorøy

Trond Vidar Bjorøy is a corporate travel tech geek, crypto enthusiast, and blogger. He owns ETH, REP, GNT, and MIOTA.