Scammers are smelling all the money flooding into the ICO market and they want their share. They want their share of YOUR money.
Investors are so afraid of missing out on an ICO, that they will send their money to the first Ether address they see without questioning the validity of the advertised address. The only thing that matter is, how quick can I get in.
You do a search, you find some links, you don’t take the time to read the website address. Is it address.io, add_ress.com or address.co.com. You’re in a hurry, no time to waste on details. Who cares, the text is blue, it’s a hyperlink It must be legit! Right? And … You click on the bait.
Ah finally, you arrive at the beautiful web page (just like the real one) with the big Ether Contract Address right there conveniently placed for everyone to see. 0x7Send4Me6Your0Money$123Now!4321401458.
Scammers are clever and talented. They know you want in badly. So, they setup an amazing copy of the real web site and a twitter account to go with it.
Before sending your money to an (ICO), a simple Ether address verification could save you a lot of pain.
This is a screen shot I took when the insurex twitter account was being hacked the day before the real scheduled ICO.
A tweet appeared at the top of the page, in the real @insurextech twitter account, with good news for the impatient investor. “we are starting the sale early!” with the FAKE Ether address.
I was trying to warn people that it was a scam but someone or something kept deleting my comments.
How to verify if the Ether address is for a valid Ether contract?
- Copy the Ether address 0x.. you were given to contribute for the ICO.
- Go to: https://etherscan.io/
- Paste the Ether address in the box in the upper right corner and click “Go”.
- In this case, the real address for insurex was:0x98ee18d7a1f7510b78b36f5a16471c7cd0c1c531
- On the page, you should see a “Contract Source” tab. If there is no contract, don't trust it.
If you want to dig more, click “Transactions”, click “View All” and at the bottom of the last page, you will find the “Contract Creation” entry.
The FAKE insurex address was: 0x06932bc0460810a9360b6a55b45b22723a00b79f
The scammer managed to steel 1100 ETH.
The real twitter : @insurextech and the real website: insurex.co
The fake twitter: @insurex_tech and the fake website: insurex.tech
Insurex confirmed that they were the target of an attack and told investors that they will be compensated.
Has I was writing this article, another hacked ICO appeared in ZeroHedge.com. $7 Millions Stolen.
The coindash website was hacked. Token Sale page was hacked and the sending address was changed to a fake address.
The hacker stole 43438 Ether from the CoinDash investors.
Usually during an ICO, you have to go through a basic screening regarding your citizenship and you have to accept the terms and condition of the ICO BEFORE the Ether address is revealed to you.
The real insurex ICO went like this:
Verification Step 1, citizenship
Verification step 2, terms and conditions.
In this particular case they also asked for your email address.
Select "Show payment address".
Only after all these steps you can see the address where you can send your Ether.
In this case, the address was: 0x98ee18d7a1f7510b78b36f5a16471c7cd0c1c531
