I was first intrigued by the Hero token sale due to the social nature of the project and my belief that remittance and banking services in emerging economies is something that will improve the quality of life for millions – and Blockchain has the potential to do that. By empowering people.
This seemed like a solid way for me to participate in a project which has potential social value on a broader scale. My kind of ICO.
But over 200,000 dollars has now gone from the pockets of potential Hero Token investors into the pockets of a scammer, and unfortunately I am one of them who got taken. And I certainly feel unempowered myself.
Somewhat embarrassing yes, particularly as a veteran in the business… I was suckered.
I feel compelled to write about my experience for a few reasons.
One to make sure token sale participants are aware how good these scammers have gotten. Two, to try and make future ICOs organisers aware of how to avoid some of the problems. And three, because the reaction of the community organisers on the project was unprofessional – inferring that those that lost money were stupid and should pay more attention. We are clients, not idiots. We are your community not morons to be fleeced for ETH and ‘tough shit’ if we get burnt.
It’s my opinion that the poorly-architected community design and lack of effective community management are at fault to leaving a gaping hole for the scammers to walk right in and steal people’s hard earned money.
From the start. The whitelist was already a strange experience. Messaging to someone on Slack named David with a half dozen other Davids in the community. Not very clear. Weird. It was not hard for a half dozen scammers to make new David clones accounts and message everyone back with fake ETH addresses. Which happened right away. Obvious. Doh.
For those of us that first signed up for the presale, it was noted on the site and in subsequent emails that September 1, 2017 was the big day. So I jumped in and bought. But it was not postponed and I did not know. I was phished right from Slack by one of the Davids. They community team were not doing a very good job at making sure that scammers were banned from the communities. It appears… and they had a clusterf*ck of their own design on their hands to boot.
Changing that day to an unknown day in the future was simply opening the door wide open for scammers to come in with a new date. And that’s what happened.
Why did Hero choose to change the date? To suck in more presale numbers to drive up sales? Or were they not prepared technologically for the pre-ICO? We will probably never know.
And how about assembling that whitelist somewhere else instead of Slack – therefore blocking the ability for a group a scammers to target known whitelist members and even cull an email list from the Slack group who were de facto on the whitelist by joining the community?
I get it, you wanted to force people to Slack for whitelist to build up your Slack community. But Slack is a veritable playground for phishers and combining your Slack community and a whitelist was not very well thought out.
Slack has public email by default in the profiles. We were ripe for the picking.
So did scores of others who lost, collectively over 200,000 dollars and counting.
Lessons I learned.
- Never use Slack or Telegram for community building in a token sale. And worse, never try to use both. There are other solutions that are better suited like Discord.
- Don’t leave your whitelist open to be copied. Keep it separate from all groups and communities. A smart way for organising a pre-sale whitelist would be to use Blockchain technology and issue a private key to access a predetermined landing page where you could only access with that key. Or even to access a presale or an ICO for that matter. We have the technology folks.
- Use one channel specifically for Token Sale announcements. And stick with it.
- Have a firm date from the beginning. And stick with it. Don’t leave holes where scammers can get in with dates of their own. Changing dates on the fly shows unorganisation or greed. Or both.
- Make sure the community management staff are trained well and are empathetic to those who put their hard earned money into token sales.
Despite the nonchalance of the community team – 200,000 dollars is a lot of money – way too high for an ICO to leak to phishers. That’s almost 700 ETH – about the cost of running an effective ICO campaign in this day and age. If they are this careless with their clients for a presale, I wonder how well they manage as a Blockchain company. Period.
If that many people got ripped off in a token sale I help organise – due to faulty community design, I would have cut those in the community who got taken a deal to keep them onboard. And I would instruct the team to be polite, not belittling.
Discord is an excellent community management option with one click banning of members by moderators and member data private by default (including emails). But really our community needs a bespoke service and rumour has it Mainframe is working towards that in the future.