5 Steps to Recognize a Legitimate Centralized Crypto Service

11 Jul 2024

Sadly, it’s easier to be scammed in the online world, and cryptocurrencies haven’t been saved from it. Their internal platforms are mostly safe and useful, but centralized middlemen around them are another case entirely. There are legitimate crypto exchanges and projects, but there are also malicious copycats and brands designed just to snatch the coins of their followers.

‘Centralized’ means that something (often the power) is concentrated in a central point, individual, or group. In this case and for final users of cryptocurrencies, this means that custody of your funds, and/or the ultimate rules of the game, are in the hands of a company or organization. That’s how most crypto exchanges with fiat exit work, for instance. In this article, we’ll delve into the potential red flags these projects may have, while in a future piece, we’ll talk about different alert signs for decentralized projects.

Luckily, it’s almost always possible to distinguish between a legitimate platform from one that it’s not. There are a lot of obvious red flags we can find in plain sight if we just look in the right direction. Let’s learn more about it ahead.

Basic Signs

Likely, the first thing you’ll visit when interested in a certain coin, exchange, or any other related brand, is its website or social media account. In the first case, there are several things (links) you should find in a legitimate project: an “About Us” or “Team” section, terms and conditions, contact data or support system, related documents (whitepaper, roadmap, blog, privacy notices, etc.), and, of course, a readily-available product or service.

If most of those items are missing, that’s a giant red flag, enough for you to just drop it. If they’re more or less there, but the product or service they’re describing is only a promise or incoming, and they’re already asking for money anyway, that’s also a very bad sign. It could be, for instance, the offer of new tokens in a presale without a whitepaper, and with an anonymous team. That’s a huge no for investors.

Additional details also have their weight. You must be able to know for how long the project has been around –the longer, the better. A URL address without an SSL certificate (the common green lock), or a URL that isn’t written exactly as the name of the brand you’re looking for (i.e., Obite.com / Obyte.org) are more than suspicious signs. In the last case, you’ll end up, for sure, in a copycat site. Broken links that look like they’re there but you can’t click them or reroute to the wrong sections; as well as bad spelling and grammar in their original language are considered common warnings.

In a social media platform like X (Twitter), it’s useful to check the unique handle (@) of every user, their verification badges, if any, and the number of followers or size of their community. In any case, it’s best to always check other sources about the project, starting from its official website.

Read their Documents

We’ve all done it: just accept terms and conditions without reading them. Don’t do that if you’re dealing with assets and investments, because you could easily lose them all. You’ll have to sit and actually read them, including sections like “Legal”, “Privacy”, “Warnings”, and other specific rules, if any. In the case of crypto projects like Initial Coin Offerings (ICOs) or new coin or platform releases, in general, besides the above, you’ll also have to read their whitepaper and roadmap —they should be available in legitimate projects.

A whitepaper outlines the project's goals, technology, use cases, tokenomics, and, sometimes, it also includes the roadmap (future plans). A legitimate project will have a well-written, detailed whitepaper that explains its vision clearly and transparently. Now, the first thing to check in this document is if it’s original. There are several free plagiarism checkers online that’ll allow you to analyze large sections, for instance. A lot of scammers wouldn’t bother to create something from scratch.

Obyte (formerly Byteball) whitepaper glimpse. A legitimate whitepaper often starts with an Abstract, without flashy colors or promises.

Next, look for a clear problem statement and purpose, as legitimate projects aim to solve real-world problems with feasible solutions. Be wary of unrealistic promises of high returns or use overly aggressive marketing language without providing evidence to support their claims. Additionally, pay attention to the technical details provided in the whitepaper; if the technology or solution is unclear, overly complex, or lacks sufficient detail, it may indicate a lack of understanding or transparency from the project team.

The tokenomics section is also important, but it shouldn’t be the main thing in the document. This one should describe a fair token distribution, clear token utility, and sustainability. On the other hand, a decent roadmap should outline realistic development milestones and timelines.

Research the Team

Yes, we know that Satoshi Nakamoto himself was always anonymous. However, in case you don’t know, most of the current main team of Bitcoin Core and their sponsors are quite public. Private with their personal data, as much as any other cypherpunk, but public anyway. Truth be told, most people and investors wouldn’t trust anonymous faces without any guarantee.

A reasonable thing to do before investing is to put a name, face, and professional trajectory to the creators of the involved firm. Legitimate projects typically have a team with relevant experience in Distributed Ledger Technology (DLT), software development, finance, or related fields. Check their LinkedIn or GitHub / GitLab profiles and track records to verify their credentials.

A useful tip to start is to look for their names on a search engine like Google or Bing and make a reverse image search of their photographs —using tools like TinEye. You may easily discover this way if they really are who they say they are. If you’re still not sure, contact them via LinkedIn, Twitter, or any other medium that doesn’t directly involve the project.

Check Security

Always assess the security measures in place to protect users' funds and data. Legitimate exchanges, for example, employ robust security practices such as encryption, two-factor authentication (2FA), and cold storage for funds. Other projects should also have secure smart contracts, tested protocols, and regular security audits conducted by reputable third-party cybersecurity firms.

These audits assess the platform's security architecture, codebase, infrastructure, and adherence to best practices. Public disclosure of audit reports demonstrates a commitment to transparency and security. If you can read code, don’t forget to visit GitHub, GitLab, or wherever the source code is stored, so you can analyze it yourself. You could even be rewarded for it, since a lot of legitimate platforms, like Obyte, have their own bug bounty programs.

Obyte Bug Bounty Program on Immunefi
Beyond the code, especially if the platform or service you’re about to use includes fiat money, you’ll also need to check for legal compliance. Ensure that the exchange or brand complies with relevant regulatory requirements and security standards in its jurisdiction. This often includes Know-Your-Customer (KYC) and Combating the Financing of Terrorism (CFT) policies, in which some of your personal data, like your official ID or passport, may be asked before trading.

Reputation and Transparency

Even if the brand is new, it may already have an initial reputation among online crypto enthusiasts and some trustable reviews around known platforms like ScamAdviser or Trustpilot. Legitimate projects often have active communities on social media platforms, forums, and discussion groups like Reddit or Bitcointalk. If a project is introduced on the latter, it’s a good sign, since it’s open to criticism from the actual experts populating this crypto-focused forum.

Transparency is also key in the crypto space. Legitimate projects provide clear and detailed answers about their goals, technology, tokenomics, and roadmap. They maintain open communication channels with the community through regular updates, blogs, announcements, social media accounts, and AMA (Ask Me Anything) sessions.

Outside of this, you can always look for their history of security incidents, such as hacks, breaches, or data leaks. While no platform is immune to security risks, a pattern of past incidents or a lack of transparency regarding security breaches should raise concerns about the platform's security practices and risk management.

Now, we should recommend that before engaging with any centralized service related to Obyte (a crypto exchange, for instance), first look for any of these signs. Trade safely!

Featured Vector Image by Freepik