Since the advent of Bitcoin in 2008, which until today remains the most widely used digital currency worldwide, digital currencies have gained in popularity. More recently, tokens based on different blockchains have been created to raise funds from a large crowd of people for the development of a project or firm. At the same time, concerns about fraud have arisen, claiming that many of these Initial Coin Offerings (‘ICOs’) are scams. We investigate whether information provided prior to the ICO gives hints as to the risk of fraud, and document the severity of the phenomenon.

Similar to an initial public offering of corporate securities where a prospectus is published before the securities issuance, firms planning an ICO draft a whitepaper, which in the past was not formally approved by financial markets authorities. In our study, we collect detailed information from the whitepapers for a sample of 1,393 ICOs that took place worldwide from September 2016 to July 2018. We coded the whitepapers along various dimensions in terms of type and extent of information provided to investors. Regulators and professionals have been arguing that different indicators, so-called ‘red flags’, may hint that an ICO could be a fraud. These include, for example, whether there is a soft cap during the ICO, whether sufficient information is available on the founders or how the funds will be spent. We construct measures for a large range of these red flags to study their predictive power. 

Next, we run a rigorous search of fraud cases that were reported in the media. A thorough search is done for every ICO in our sample. Identifying fraud cases with certainty is not always possible, because of the short time that has elapsed since the ICOs took place and the rare incidence of final judicial decisions. Also, the public often uses the term ‘scam’ to simply refer to the fact that projects are bad. However, the mere fact that a project has bad business prospects does not make it a scam. We treat fraud as involving some form of intent to deceive investors, whether on the part of the issuer or some outsiders. This is particularly difficult to prove, so our focus is on both suspected and confirmed fraud.

We were able to classify fraudulent behavior into seven categories as shown in Table 1. Some fraud cases fall into more than one category. Fraud can originate from corporate outsiders or the issuer itself. Most often, fraudsters deceive investors of ICOs through phishing attacks, in which case external fraudsters or the issuer itself unduly gets hold of the investments. Frequently, the issuer also simply disappears after receiving the funds, which has often been referred to as ‘exit fraud’. In total, we could identify 274 fraud cases within the 1,393 ICOs studied; 188 suspected and 175 confirmed fraud cases. 

TABLE 1: Distribution of Fraud Cases Identified (N = 1,393)

Multiple fraud types are possible for an ICO. For precise definitions of each type of fraud, please refer to the full paper.

Fraud Type

No. Suspected Cases

No. Confirmed Cases

Exit Fraud



Security Fraud



Ponzi Scheme



Pump and Dump



Phishing / Hacking



Other Types






Percentage of sample



Using multivariate analysis, we find that whether specific information is disclosed hardly predicts whether an issuer is fraudulent or not. In other words, the information provided during the issuance is hardly useful to predict whether the venture behind the ICOs is a fraud. The information provided by the issuer may simply be wrong and unreliable in the first place, which indicates a need to externally verify the information that is voluntarily provided. 

Two important factors however relate to fraudulent cases. The first is the amount raised, as ICOs that eventually are found to be fraudulent raise on average almost four times more money. While the causal relation is unclear, one possible reason for this positive connection is that the incentives to engage in fraud are greater the more money is raised. Corporate outsiders and insiders may then be more tempted to defraud. In economic terms, a one-standard deviation increase in the amount raised is associated with an increase in the fraud probability of 38%. 

The second factor predicting fraud is whether the code of the venture was disclosed on GitHub, a platform where startups can post their code in order for others to verify the lack of errors. Disclosing the code on GitHub is generally viewed as a sign of trustworthiness and transparency and thus helpful to raise more money. However, we document that this form of disclosure increases the likelihood of phishing by 7%, thereby also generating risks for investors and the startup. This result is new in the literature and of great importance for the tech community.

Our findings raise important questions about how to reduce the risks of fraud in ICOs in the future as the market continues to develop. Note that ICOs share many similarities with equity and reward-based crowdfunding. This implies that the experience gained by national regulators in the crowdfunding domain—especially regarding equity crowdfunding—as well as the knowledge obtained by market participants may be useful for the discussion on whether and how to regulate ICOs. The creation of professional platforms where ICO issues could take place, similar to equity crowdfunding campaigns that are frequently run on specialized platforms —some countries even require by law that such a platform be used— may facilitate the implementation of both formal regulation and self-regulation. These platforms may even be existing equity crowdfunding platforms expanded to integrate ICOs, just as they have done for other asset classes such as real estate crowdfunding, fixed income products, and secondary markets. 

In fact, combining crowdfunding and ICOs may be optimal to overcome the current inefficiencies of crowdfunding and the shortcomings of ICOs. Specialized platforms might be in a comparatively better position to run background checks and analyze the truthfulness of the information in the whitepapers, because unlike one-time investors and issuers, platforms can specialize in conducting such due diligence. Moreover, platforms could use small business credit scoring, a technology that has been used by financial institutions to evaluate applicants for small loans that involves analyzing data about the owner of the firm and the limited data about the firm itself. Using such platforms might not only reduce the likelihood of fraud, but also decrease the costs of capital.

Lars Hornuf is Professor of business administration, financial services and financial technology at the University of Bremen.

Theresa Kück is a Research Assistant and PhD student at the University of Bremen.

Armin Schwienbacher is Professor in entrepreneurial finance and fintech at SKEMA Business School.