Tokensale Best Practices for Founders
Shoutout to Jorge from Aragon, Jack from GameCredits, Auryn from First Blood and Chris the disillusioned lawyer for sharing their proactive measures. Credit to CFPro for creating the anti-spam SlackBot.
It is recommended to use Discord or Rocket.chat over Slack for the purpose of the crowdsale. There is no way to stop Slack Direct Messages or reminders which notify everyone and come from the Slackbot (making it seem official)
Over the past months, scammers have gotten more sophisticated. Take the proper steps to protect your website, Slack, Reddit and Twitter communication channels against phishers.
- Purchase an ENS domain (https://ens.domains/) and utilize it as your crowdsale address.
- Have one source of truth that you point to (likely your website) and mention this in all of your material. Note that scammers have been using various methods to change the ethereum address on websites, so keep a close eye on it!
- Keep an eye out for people trying to impersonate members of the team on Slack, twitter, facebook, or any other social networks. They will try to direct message unsuspecting participants into giving them money or joining a pump group or VIP group.
- Respond rapidly to reports of phishing by warning the community and banning/blocking the offending account(s).
- Set a constant reminder for your Slackbot that there is no “VIP group” and the team will never ask for bitcoin/ether or set up pump groups (see below for GameCrecdits example): https://get.slack.help/hc/en-us/articles/208423427-Set-a-reminder
- In Slack settings, ensure that email addresses are not displayed.
- Purchase similar sounding domains and create similar twitter handles if possible. Keep an eye out for any fakes.
- Identify the sale start time (or block number) and provide the smart contract code well prior to the sale.
- Provide the address to send tx to at least 12 hours prior to the sale. This prevents website ddos and also minimizes any scam addresses being posted elsewhere.
During the tokensale, the Slack will be a major target as phishers will attempt to trick participants to send money to their own address. Before it starts you should:
- Send out an email a day before the ICO clarifying the details of the tokensale and to be aware of phishing attempts.
- Aim to have someone from the team online 24/7 during the token sale.
- Archive all channels except for one for announcements where only admins can post. Designate admins as support staff for questions and announce that no admin will ever initiate a conversation.
- Provide your cellphone number to trusted members of the Slack to contact you if scammers appear.
- Go to Team settings in the permissions tab and allow only admins to @channel or @here, pin posts, create custom loading messages, enable Slackbot responses and add apps/custom integrations.
- Set up the Aragon bot to catch any fake bitcoin/ethereum addresses (see below).
Aragon's Anti-Spam Bot
Aragon has open sourced a bot that scans for token addresses: https://github.com/aragon/slack-bot
Source from CFPro: https://github.com/CFPro/slack-bot
GameCredit’s Slackbot reminder