Buy a licensed company 
VASPs live data and insights 
Learn about crypto safety 
Read the latest research 
How to Identify ICO Scams
Initial Coin Offerings (ICOs) exploded in popularity during the 2017 bull run, raising billions in weeks through token sales that often had no oversight or working product. The hype faded after a wave of enforcement actions from the SEC and mounting investor losses, but ICOs never fully disappeared. In 2025, they’ve resurfaced, rebranded through launchpads, private sales, and new jurisdictions, drawing in a fresh wave of investors hoping to catch the next Ethereum.
Despite tighter global regulations, scams still thrive by exploiting investor FOMO, anonymity, and weak enforcement across borders. Some are elaborate whitepaper-driven frauds; others simply vanish after raising funds. Spotting red flags before committing funds is essential. If you’re considering participating in a token sale today, understanding how ICO scams work is the first step to not becoming another cautionary tale.
What Is an ICO and WHy It Attracts Scams
An Initial Coin Offering, or ICO, is a way for crypto projects to raise capital by selling newly created tokens to early backers. It’s similar in concept to an IPO, but instead of offering shares in a company, investors receive crypto tokens that may have future utility or market value. Unlike IPOs, ICOs don’t guarantee ownership rights, revenue sharing, or legal protections. And unlike Security Token Offerings (STOs), which are designed to comply with securities laws, most ICOs operate in a legal grey zone (sometimes intentionally).
This ambiguity is exactly why scams are so common. In a typical ICO, a project launches a website, publishes a whitepaper, and accepts crypto payments in exchange for promises of future value. There’s usually no regulator involved, no escrow, and no guarantee that the team behind the project will follow through.
ICOs attract scammers for a few reasons. First, anyone can launch a token with minimal effort. Second, transactions are irreversible. Once funds are sent, there’s no chargeback or customer service to appeal to. Third, global access means scammers can target investors across jurisdictions with minimal risk of consequences. And lastly, the hype surrounding new coins (especially during bull markets) encourages reckless behavior. Investors often act quickly out of fear they’ll miss the next 100x opportunity.
ICOs can fund real innovation, as Ethereum proved in 2014. But the absence of safeguards, combined with the psychological pressure of early-stage investing, makes ICOs one of the easiest vehicles for fraud in crypto. Whether you’re a new investor or not, assuming that every token sale is legitimate is a fast way to lose money.
Major Types of ICO Scams
Exit Scams
This is the most common form of ICO fraud. The team launches a flashy website, collects millions in crypto from investors, then disappears. There’s usually a vague roadmap, fake team bios, and no product in sight. Once the funds are secured, all communication stops and wallets are drained. Victims have no legal recourse, especially if the project operated offshore.
Pump-and-Dumps
Some ICOs are built around artificially inflating the token’s price post-launch. Insiders or coordinated groups hype the token, then dump large holdings once it lists on a small exchange. The sudden price crash wipes out retail investors who bought in during the spike. It’s a strategy lifted straight from traditional penny stocks, but easier to pull off in crypto.
Bounty Payment Scams
To generate buzz, some ICOs offer “bounties” for marketing, such as sharing posts, translating content, or promoting in forums. But once the ICO ends, the promised rewards are never paid. These scams exploit community labor and trust without cost, relying on vague terms or abrupt shutdowns to dodge accountability.
Fake Airdrops
Scammers create fake projects and promise free tokens in exchange for wallet details, social engagement, or even private keys. Victims think they’re early recipients of a new coin, but instead give up sensitive data or access rights. Some airdrops also require sending ETH to “activate” the claim, which is a classic advance-fee fraud.
Plagiarized Whitepapers
Instead of original research or tokenomics, some projects simply copy-paste existing whitepapers from legitimate platforms like Ethereum or Polkadot. They change the branding but keep the structure. This preys on investors who skim materials or assume technical language signals credibility.
Exchange-Based Scams
Fraudulent teams sometimes launch tokens exclusively on fake or low-tier exchanges they control. These platforms mimic real trading activity, but users can’t withdraw funds or sell tokens. It’s a closed loop designed to extract deposits and inflate the illusion of demand.
Pre-Mine and Supply Manipulation
Scammers quietly allocate a large share of tokens to themselves before launch, often without disclosure. Once public trading begins, they offload these tokens for profit, crashing the price. Legitimate projects usually lock team tokens or disclose vesting schedules. Hidden pre-mines are a red flag.
Phishing-Fueled ICO Scams
Some scammers don’t run real projects at all. They impersonate well-known ICOs by setting up spoofed websites and fake Telegram groups. Victims think they’re investing in a real token sale, but end up sending funds to attacker-controlled wallets. These scams often surge during hype cycles.
How to Assess if an ICO Is Legit
Check the Regulatory Status
Start by verifying if the ICO is registered, especially in the U.S. Any project offering tokens that resemble securities should be listed with the SEC. Look for Form D or Form 1-A filings on the EDGAR database. If nothing turns up, and there’s no legal exemption stated, that’s a red flag. Most scams operate in legal gray zones and avoid compliance altogether.
Look Into the Team
Research the team’s background using LinkedIn, GitHub, and past project footprints. Fake ICOs often list made-up names or clone identities from other developers. Check for consistent social activity, real connections, and technical contributions. A blank online presence or low-effort profiles with few followers are usually signs of fraud.
Study the Whitepaper
A legitimate whitepaper outlines how the technology works. Look for specifics: consensus mechanism, architecture, use cases, scalability, and any testnet details. If the whitepaper is vague, full of buzzwords, or looks copied from another project, don’t ignore the signs. Good projects welcome scrutiny; scams avoid it.
Gauge Technical Feasibility
Some ICOs make claims that are flat-out impossible. Building a decentralized AI that runs on quantum-proof zero-knowledge rollups? Sounds impressive, but can’t be done today. Check if the proposal aligns with known technical limitations. If it looks like science fiction, assume it’s fiction.
Audit the Tokenomics
Look at how the token supply is distributed. Is there a massive allocation to insiders? Is there any lockup period? What happens to unsold tokens? Legitimate projects publish clear breakdowns, often with visual charts. ICOs that don’t explain or hide this data often plan to dump on retail.
Check the Pitchbook
A pitchbook is a marketing deck (not a technical document). It should clearly explain how raised funds will be used, how the product will be developed, and what the business model is. Look for basic financial planning. If it’s all hype, with no cost assumptions or ROI logic, walk away.
Red Flags and Psychological Triggers
Scam ICOs rely on psychological pressure and neglect. Most victims don’t fall for scams because they’re uninformed. They fall because they’re rushed, distracted, or lured in by emotion.
Below are common red flags to help cut through the noise. If a project triggers more than one, it’s time to reconsider.
| Red Flag | What You See | What It Means |
| Fake urgency | “Presale ends in 2 hours” | Pressure to skip due diligence |
| Anonymous team | No LinkedIn or GitHub | Likely hiding identity |
| Unrealistic returns | “Guaranteed 10x in one week” | Classic exit scam setup |
| No interaction | Dead social channels, zero replies | Not building a real community |
| Unclear use of funds | “Dev allocation” without details | Misappropriation is likely |
| Plagiarized docs | Whitepaper sounds copied | Zero originality or real development |
| Fake endorsements | “Backed by Binance” (with no proof) | Attempt to gain unearned trust |
| One-way communication | No roadmap or AMA participation | Avoiding accountability |
Scammers often lean heavily on hype and emotional hooks. Words like “limited,” “exclusive,” and “first mover” are tossed around to create false urgency. Combined with countdown timers or “VIP tiers,” these tactics are designed to suppress rational decision-making.
Social proof is another common manipulation vector. A Telegram group with thousands of members doesn’t mean much if it’s filled with bots or silent accounts. Real projects encourage real engagement. Scam projects avoid transparency and disappear after launch.
If a project uses hype to override logic, step back. Nothing in crypto needs to be decided in a rush.
Legal Landscape and Regulatory Reality
Most ICO scams thrive because they operate in regulatory blind spots or ignore the rules entirely. In the U.S., multiple agencies oversee different aspects of crypto offerings, and all have weighed in on ICOs.
The SEC treats many tokens as unregistered securities under the Howey Test, which asks if an offering involves investment in a common enterprise with expectation of profit from others’ efforts. If it does, that token needs to be registered or fall under a valid exemption. The EDGAR system lists compliant filings like Form D or Form 1-A. No filing? That’s a red flag.
FinCEN classifies crypto exchanges and token issuers as money services businesses, meaning they must follow anti-money laundering laws. CFTC may also get involved if a project offers derivatives or treats the token like a commodity.
Global regulators echo the same sentiment. China banned ICOs outright. France introduced an optional visa regime. Switzerland applies securities laws to most offerings. Turkey criminalized them. Legitimate projects address this directly, often listing their regulatory status in plain terms.
Whistleblower programs now support enforcement. The SEC, CFTC, and FinCEN all offer multi-million dollar reward frameworks for individuals reporting fraud, including ICO misconduct.
The bottom line: if an ICO sidesteps legal disclosure, omits registration, or plays jurisdictional hopscotch, there’s probably a reason. Real projects do the work to stay compliant. Scams don’t bother.
Case Studies: Real ICO Scams
ICOs have attracted aggressive enforcement from U.S. regulators, especially when investor losses pile up. These cases show how scams unfold and what typically triggers legal action.
Loci Inc. promised a blockchain-based intellectual property platform but made false statements about product development, business prospects, and token demand. CEO John Wise misled investors while using company funds for personal expenses. The SEC fined him $7.6 million, citing material misrepresentations and an unregistered securities offering.
Crowd Machine and its founder Craig Sproule claimed to build a decentralized cloud computing platform. In reality, they diverted investor funds for unrelated uses, including buying gold mining interests. The SEC charged them in 2022 with fraud and unregistered sales, ordering $33 million in repayments. Crowd Machine’s whitepaper was vague, and updates to investors were scarce (both common red flags).
Kik Interactive, the company behind the Kik messaging app, raised $100 million in 2017 through its Kin token ICO. The SEC alleged Kik conducted an unregistered securities sale and provided inadequate disclosures about financial risks. In 2020, the court ruled in favor of the SEC, and Kik paid a $5 million fine. While Kik argued it wasn’t offering a security, it failed to meet the regulatory expectations applied to public fundraising.
In each case, the underlying issue was the execution, the misrepresentation of facts, or ignoring securities law entirely. These examples underline that even well-branded or tech-savvy projects can cross the line if transparency and compliance are treated as afterthoughts.
Are All ICOs Scams? What About the Good Ones?
The claim that “80% of ICOs are scams” isn’t far off, at least when looking at the frenzy between 2017 and 2018. That said, not every token sale is a trap. Ethereum itself started with an ICO, raising $18.4 million in 2014. Brave’s Basic Attention Token (BAT) sold out in under 30 seconds, and the browser remains widely used today.
key takeaway from a dive into ICO data and success rates: 81% of ICO’s were Scams, ~6% Failed, ~5% had Gone Dead, and ~8% went on to trade on a exchange https://t.co/EZ6dMhroy8 pic.twitter.com/Xcj4jvvB8V
— Nathaniel Popper (@nathanielpopper) March 26, 2018
Legitimate ICOs still exist, but they don’t rely on hype or anonymity. Good projects are usually tied to incubators or early-stage backers that have reputations to protect. Binance Labs, Coinbase Ventures, and similar outfits vet projects before offering capital or publicity. While that’s not a guarantee of success, it does raise the bar. For example, Babylon’s token plans have attracted attention thanks to its backing by Binance Labs, but the team still has to deliver and disclose.
The key difference between a scam and a legitimate ICO is what happens after the sale. Real teams build. They publish code, interact with users, and hit roadmap milestones. They don’t need urgency tactics or fake social media buzz because their work speaks for itself.
Investors should treat every ICO as unproven until verified. Legitimacy is demonstrated through transparency, regulatory steps, and actual progress and not whitepapers full of buzzwords.
What to Do If You’ve Been Scammed
If you realize you’ve been scammed through an ICO, act fast. If you still have access to any part of your wallet, move the remaining funds to a new, secure address. Assume your private key or device is compromised.
Report the incident to regulators. In the U.S., you can file a complaint with the SEC through their tips portal or with FinCEN if there’s evidence of money laundering. If the scam involved a specific exchange or platform, contact their fraud department immediately. These reports help investigations and may support future enforcement actions even if recovery isn’t guaranteed.
Warn others in community forums like Reddit, Discord, or X. Most people find out about scams too late because no one spoke up early. Your post might help someone else avoid the same trap.
Avoid any service that offers to “recover” stolen funds in exchange for upfront payment. These are usually second-layer scams designed to exploit desperation.
Once you’ve secured your assets and reported the incident, take time to review what went wrong. Scammers thrive when victims feel embarrassed into silence.
Conclusion
ICO scams continue to evolve, but the warning signs rarely change. Projects that hide their team, promise outsized returns, or pressure you to act fast usually don’t hold up under scrutiny. The underlying technology (blockchain, smart contracts, decentralized tokens) is rarely the problem. It’s the misuse of those tools in unregulated environments that opens the door for fraud.
Staying safe requires asking hard questions. Is this team real? Does the whitepaper make sense? Has the project followed basic legal steps? If the answers aren’t clear, walk away.
Caution doesn’t mean avoiding innovation. Some of crypto’s most valuable platforms began as public token sales. The difference is transparency, feasibility, and verified intent. Scams count on emotion. Good projects withstand logic. Stick with what you can verify and don’t chase promises you can’t prove.
Frequently Asked Questions (FAQ)
How do I know if an ICO is legal?
Legitimate ICOs that target U.S. investors typically register with the SEC or claim a valid exemption. You can check filings like Form D or Form 1-A using the EDGAR database. If nothing shows up, and the team can’t provide documentation, the offering may be illegal or at least non-compliant.
What’s the difference between an ICO and an STO?
ICOs sell tokens that often promise utility or network access. STOs, or Security Token Offerings, issue tokens that represent investment contracts, equity, or debt. STOs are structured to comply with securities laws and typically require KYC, AML checks, and investor accreditation. ICOs, by contrast, operate more loosely and have historically avoided regulation, often attracting scrutiny.
Can you still make money in ICOs?
Yes, but it’s rare and risky. Some investors made strong returns from early ICOs like Ethereum or Solana. Most, however, either lost money or got scammed. The odds of identifying a legitimate, high-potential project early, especially without VC-level access or due diligence, are low. If your only hook is hype, step back.
Are all unregistered ICOs illegal?
Not necessarily. Some ICOs may qualify for exemptions under securities law or limit access to non-U.S. participants. That said, any offering targeting U.S. investors is generally expected to comply with SEC requirements. If a project claims it’s “not a security” without legal justification, that’s a red flag.
Where can I report an ICO scam?
Start with the SEC’s Tips, Complaints, and Referrals form. You can also file with:
- CFTC Whistleblower Office
- FinCEN
- FTC’s ReportFraud site
If the scam occurred on an exchange or platform, notify them directly. Also consider posting warnings on Reddit, X, or forums where others might be targeted. Avoid anyone promising to “recover” funds for a fee; those are often scams themselves.
