If you missed our AMA with Koii network and the KYC Alliance last week, don't worry, we've got you covered! In this blog post, we'll recap everything that was discussed during the AMA which featured our very own Product Manager, Dan, as well as our CMO Andrew. During the AMA, we discussed everything that has to do about identifying reliable crypto projects, scammers, DeFi security, and our upcoming Discord bot, Bouncer.
Koii, represented by Eric, provides node-to-node communications channels that use signed data bundles to provide large sets of proofs or other data on-demand, when requested. We were also joined by Chris from Know Your Crook Alliance (KYC Alliance) which, as the name suggests, helps people to understand how to identify red flags in the crypto space and how to do your own research (DYOR). We were delighted to share the same space with them and discuss how cyber security should be moving forward in the DeFi space.
What makes a reliable crypto project?
In order to identify what makes a legitimate project, Chris noted that there are three main things he wants to identify: the developers, the details of the project, and the community across all social media platforms.
“A project’s fundamentals, tokenomics, if it had seed round funding and an unlocking schedule,” are all things one needs to keep an eye out for.
It could be a good sign when the dev team puts their names out in the open, Chris noted. This is as they wouldn’t be afraid to reveal their identity as they believe in the project. But it doesn’t always guarantee that it is secure. “Having a dev team be doxed is fantastic but it's not always a guarantee of security in the project because doxing can be fake.”
Sometimes, it could be the case that teams would be doxxed, but they would be pump and dump schemes. Such cases could also include highly exposed figures promoting them. However, knowing who the team is, their experience and their past record can serve as a very good indicator of a legitimate project.
The way token fundamentals are set up is also important. “You see a lot of projects out there that say 2% of all transactions go to charity, which is fantastic, and there's been a ton of charitable giving based on that kind of tax structure. But it's important to know if the 2% is going to a dedicated charity wallet that can be easily tracked for transparency reasons or if it's just dumping into the general dev wallet,” Chris said.
“If it's dumping into the general dev wallet and it's not kept separate, you are trusting the team to actually use the tokens for what they are supposed to be used for and not misappropriating them for other uses or just lining their own pockets.”
This kind of research should also apply to how tokens might be distributed, such as if it is going for marketing, liquidity provision, and so forth. “All of those ideally would go into their own individual wallets as opposed to all going into the dev wallet,” Chris pointed out.
In a perfect scenario, Chris remarked, crypto projects should “explicitly” list in the White Paper – or under some form of documentation – clear indicators for where the funds are going, along with their dedicated wallet addresses and percentages.
“That way anybody could go in there and see exactly how much is in each bucket, how they have been used and when and all that. Unfortunately, that level of transparency is rare, and so in lieu of that it's replaced with having to trust the team,” he remarked. This is why having a team with a good track record is important; so that you would know that they wouldn’t be misappropriating funds and make smart moves with them.
For his part, Dan remarked that this is actually a good opportunity for Web 3 to do better with fund allocation. “There are tons of organizations out there that say ‘Oh, we give 2% of our proceeds to charity’ and it's like weasel words, right?”
This is as “2% of your proceeds might actually end up being $0.00, even though the company stays in business. Other businesses just say 1% of their revenue, which is actually a much, much bigger number, even though it sounds smaller. So this would be a cool way for Web 3 to do better and be very transparent,” he said.
The fact that blockchain is inherently transparent can most definitely help in this case.
Scammers and FOMO
Dan noted that one of the things that scammers try to do is create a sense of fear of missing out (FOMO) in order to get you to act on the scam they are trying to promote. "One of the things scammers do is immediately create a sense of urgency and it's characteristic. [...] It's like, 'Oh, do it right now because we're going to lambo real soon', 'you're about to lose everything', 'click here to not get charged a bunch of money', or 'click here not to lose everything'. That's kind of what's very common," he said.
He remarked that it is not just with cryptocurrency, but also with digital tokens which are not related to crypto. Such an example is Discord Nitro scams, something which we discussed in a previous article. "Nitro is obviously kind of like money on Discord and that's one of the most common scams that I've seen just anecdotally. It's something that you are familiar with; these scams [seem] to give away free Nitro, whether free virtual currencies, [... or] free virtual goodies".
Dan also elaborated on our own inclination towards clicking on malicious links. Unfortunately, there are cases where hackers and scammers take over your account and users end up the victim of theft, whether identity, currency, or cryptocurrency. This is very apparent in phishing links such as those sent on Discord. However, that is why we are working on Bouncer, our Discord bot powered by Visual-AI, to prevent these hacks and scams from happening.
"When you click on the [malicious] link and you see what looks exactly like the Discord login [so] you put in your credentials, [but] then somebody takes over your account. So that's what Bouncer exists, to mitigate [these cases]," Dan said.
Andrew also remarked that one of the ways not to fall for the scam and phishing trap is to use a password manager. "Password managers will only prompt you if it is the proper domain and the legit domain. So just something super simple you can add to your own security stack."
Our upcoming Discord bot was also discussed. Dan explained how Bouncer will work to remove any malicious links and keep your crypto community as stainless as possible when it comes to scammers.
"Basically what it'll do is whenever anyone posts a link [...] Bouncer will check the URL with our database. [...] If it's known, [and] malicious, Bouncer will delete the message and post a read-only version. So you can't just click on it by accident."
"If the URL is brand new [and] unknown, Bouncer will scan it to see if the URL is a phishing site or not, and then we'll react appropriately," he said. "There's something about a link that makes you want to click it. Probably because all of us are used to doing that about 1,000 times a day. And when you combine that with just a little bit of social engineering, it's even easier for even the savviest person to accidentally click on a malicious link."
Dan also noted that it is worryingly easy to scam people through social engineering. It was shown by one of our own Community Managers, who displayed just how effortless it is to imitate someone else in the space. In effect, Bouncer will be there to afford Discord users and moderators some peace of mind so that they are much more likely to avoid these scams.
"We had a new moderator on our Discord [who showed us] how easy it is to [imitate] people. He just changed his name to our CEO's name in Discord, as well as replicated his avatar picture – the CEO's picture – and posted a link. I almost clicked on it. It's such a simple thing to do, but our unconscious brain is just so used to being lazy [...] that's why you need these automated solutions."
Bouncer release date
Andrew remarked that Bouncer is increasingly moving towards its release date, something which we are all excited about at Interlock. "Right now we're testing it internally and within the next two weeks or so, it will be available for beta testers."
He also noted that if some crypto projects would want to test it out on their Disord server, they can contact our team directly through our various communication channels.
If you would like to hear the full conversation, follow this link.