1 Introduction

Since the advent of Bitcoin in 2008, which until today remains the most widely used digital currency worldwide, digital currencies have gained in popularity. More recently, tokens based on different blockchains have been created to raise funds from a large crowd of people for the development of a project or firm (Adhami et al. 2018; Fisch 2019). At the same time, concerns about fraud have arisen, claiming that many of these initial coin offerings (ICOs) are scams (Liebau and Schueffel 2019). We investigate whether information provided prior to the ICO gives hints on the risk of fraud, and document the severity of the phenomenon. Understanding the extent of fraud in ICOs and its determinants is crucial if it is to become a new source of entrepreneurial finance (Ackermann et al. 2020; Block et al. 2018; Howell et al. 2020; Liebau and Schueffel 2019; Momtaz 2020a, b).

Similar to an initial public offering of corporate securities where a prospectus is published before the securities issuance, firms planning an ICO draft a white paper, which in the past was not formally approved by financial markets authorities. In this study, we collect detailed information from the white papers for a sample of 1393 ICOs that took place worldwide from September 2016 to July 2018. We have coded the white papers along various dimensions in terms of type and extent of information provided to investors. Regulators and professionals have been arguing that different indicators, so-called red flags, may hint to the fact that an ICO could be a fraud (Kaal and Dell’Erba 2019). These include, for example, whether there is a soft cap during the ICO, whether sufficient information is available on the founders, or how the funds will be spent. We construct measures for a large range of these red flags to study their predictive power. In a next step, we run a rigorous search of fraud cases that were reported in the media. A thorough search is done for every ICO in our sample.

We obtain the following results. First, we were able to classify fraudulent behavior into seven categories. Some fraud cases even fall into more than one category. Fraud can originate from corporate outsiders or the issuers itself. Most often, fraudsters deceive investors of ICOs through phishing attacks, in which case external fraudsters or the issuer itself unduly gets hold of the investments. Frequently, the issuer also simply disappears after receiving the funds, which has often been referred to as exit fraud. In total, we could identify 274 fraud cases within the 1393 ICOs studied; 188 suspected and 175 confirmed fraud cases.Footnote 1 Second, we find that whether specific information is disclosed hardly predicts whether an issuer is fraudulent or not. In other words, the information provided during the issuance is hardly useful to predict whether the venture behind the ICOs is a fraud. The information provided by the issuer may simply be wrong and unreliable in the first place, which indicates a need to externally verify the information that is voluntarily provided.

Two important factors relate to fraudulent cases. The first is the amount raised, as ICOs that eventually are found to be fraudulent raise on average almost four times more money. While the causal relation is unclear, one possible reason for this positive relation is that the incentives to engage in fraud are greater the more money is raised (Becker 1968). Corporate outsiders and insiders, such as founders, may be more tempted to engage in fraud if doing so is worthwhile. In economic terms, a one-standard deviation increase in the amount raised is associated with an increase in the fraud probability of 38%. The second factor predicting fraud is whether the code of the venture was disclosed on GitHub, a platform where startups can post their code in order for others to verify the lack of errors. Disclosing the code on GitHub is generally viewed as a sign of trustworthiness and transparency and thus helpful to raise more money (Dabbish et al. 2012; Amsden and Schweizer 2019; Howell et al. 2020). However, we document that such disclosure increases the likelihood of phishing by corporate outsiders by 7%, thereby also generating risks for investors and the startup. This finding is new to the literature and important for the tech community. In particular, it reveals a “dark side” of code disclosure on GitHub, while prior studies have focused mostly on the “bright side” by showing that disclosure helps in raising more money.

These findings contribute to those of other studies (Fisch and Momtaz 2020; Momtaz 2020a), highlighting the important role of institutional investors and other institutions (e.g., investor associations, industry codes of conduct, certifying institutions, funding platforms) in verifying endogenous signals by the issuer. The existence of these institutions could not only reduce moral hazard by the issuer but also mitigate internal fraud. Momtaz (2020a) evidences significant moral hazard problems in ICO-funded firms, whereas Fisch and Momtaz (2020) document that the participation of institutional investors leads to higher post-ICO performance. Although neither study explicitly investigates fraud, moral hazard and performance differentials may be related to deception as well.

While our analysis contributes mainly to understanding the extent of fraud in ICOs, in a broader context, it also shows how markets evolve if no specific regulation is in place or entrepreneurs at least believe that no regulation exists. Given that traditional stock markets are now regulated all over the world, the phenomenon of ICOs allows for the study of firm behavior that is comparable to the situation before the implementation of regulations such as the Securities Act of 1933 and the Exchange Act of 1934. Other studies have examined specific forms of fraud, such as pump-and-dump schemes (Hamrick et al. 2020; Li et al. 2019) and Ponzi schemes on Ethereum (Bartoletti et al. 2020). Hamrick et al. (2020) construct different measures of fraud signals on two social media channels (Discord and Telegram) and conclude that those initiating these schemes may earn profits. Li et al. (2019) provide evidence that pump-and-dump schemes eventually reduce liquidity and the price of cryptocurrencies. The results of these articles are specific to pump-and-dump schemes, and other forms of fraud are unlikely to work through the same channels. Bartoletti et al. (2020) examine the extent and impact of Ponzi schemes on Ethereum by analyzing smart contracts on Ponzi-typical patterns. They identify 12% of smart contracts as Ponzi schemes, but these affect only a small number of the transactions on Ethereum (0.08%). In this article, we extend the set of fraud analyzed. Moreover, while previous work examines the trading impact of fraud, we explore the determinants of fraud initiated by either the issuing firm or outsiders. Liebau and Schueffel (2019) offer early evidence that fraud (or “scam”) occurs much less often in ICOs than often claimed. However, they neither uncover the drivers of fraud nor differentiate between different types of fraud. Other articles studying fraud in ICOs scrutinize the regulatory framework but are mostly conceptual (e.g., Chohan 2019).

The remainder of the article is structured as follows. First, we provide examples of common types of fraud in the ICO market and outline our hypothesis (Section 2). Second, we present our data and results (Sections 3 and 4). Finally, we discuss our findings and provide policy conclusions (Section 5).

2 Forms of fraud in ICOs and hypothesis

Digitalization has brought new forms of finance for startups (Block et al. 2018). Crowdfunding was probably the first form in this development. The first platforms have emerged in 2008 and the industry has professionalized, with significant growth rates every year since thenFootnote 2. However, new technologies have brought the digitalization a step further, including the invention of the blockchain, which enables new forms of contracting and issuance of tokens and securities. Recently, startups have started using the blockchain to raise money in the form of an ICO (Block et al. 2020).

An ICO can be chosen for different reasons. The simplest form of an ICO is done by a newly created startup in need for initial funding to develop a product or service. In an ICO, the owners launch a crowdfunding campaign to raise money in exchange for tokens. These tokens can be used by backers to consume a product or service, which the startup plans to develop in the future. For example, the token can become a means of exchange for services provided on the platform that is supposed to be created. In this case, the tokens created are often referred to as utility tokens. Unlike in the traditional crowdfunding model that takes place on platforms like Kickstarter and where the creators describe their project in a pitch on the website, in an ICO, the founders outline their project in a white paper. White papers have no standardized format and describe the product or service to be developed and how the ICO is going to take place. While the funds the startup uses are published publicly on the blockchain, there is no auditing of the project spending based on the funds that have been raised after the ICO is completed.

While this business model largely resembles reward-based crowdfunding, there are also many differences. The tokens will be created through an ICO so that the crowd can buy more tokens than what they need for consumption purposes, because the excess tokens can be resold on the secondary market. Moreover, the fact that the tokens are traded later makes them a tradable asset, more in line with a security. Indeed, because trading takes place on exchanges before the platform goes online, investors may also participate in the ICO by buying tokens with the intention of selling them shortly after on an exchange to make profits. In some cases, tokens are not created as means of payments for services provided on the platform, but the sole purpose of the token is to participate in the future profits of the startup. In this case, the tokens created are referred to as securities or investment tokens.

The value of the tokens is thus related to the chances of project success. If the project cannot be developed, the tokens essentially become worthless. By contrast, the value of the token appreciates when the project becomes successful so that early backers financially benefit. Most often, startups use Ethereum as the blockchain of choice as this was one of the first blockchains that support complex and autonomous self-executing contracts.

2.1 Forms of fraud in ICOs

2.1.1 Exit fraud

In many cases, ICO issuers’ intention is not to build up a business and list it on an exchange but to quickly disappear with the collected money. This type of fraud, which is often referred to as exit fraud, is often combined with a fake team, in which fictitious people are presented as team members of the ICO. The fraudsters of the ICO Benebit, for example, used photos of employees of a school in the UK to represent a team.Footnote 3 This, however, became public after the fraudsters had already raised $2.7 million USD through the ICO. Before the ICO started, the issuers tried to appear as legal and reliable as possible. For example, they were active on social media and on Twitter for more than a year before the ICO began. In addition, they spent around $500,000 USD for marketing purposes and were highly rated by ICO review websites. As soon as they were detected as fraudsters, however, the Benebit website disappeared, and the social media accounts were deleted.Footnote 4

2.1.2 Securities fraud

From a legal perspective, offering securities that are not registered is illegal. Thus, the question is whether the token created constitutes a security. In the USA, whether a transaction involves a security is determined by means of the Howey test, which was developed in the seminal SEC v. W. J. Howey Co. court judgement. According to the test, a security is involved in a transaction if someone (1) invests his money in (2) a common enterprise and is led to (3) expect profits (4) solely from the efforts of the promoter or a third party. According to Alberts and Fry (2015), cryptocurrencies are generally not securities because they are lacking two important criteria outlined in the Howey test. First, cryptocurrencies such as Bitcoin are not investments in a common enterprise, as they can be used to make any form of payment. Second, the purchasers cannot expect profits from the purchase based on the efforts of the seller of the cryptocurrency. Nevertheless, in SEC v. Shavers the SEC has applied securities regulation to investment funds that have invested in Bitcoin companies.Footnote 5

Furthermore, after the SEC published the DAO Report in July 2017, the regulator sued several companies for securities offering by means of unregistered digital tokens. One recent case is the offering of Kin Token by the Canadian company Kik Interactive Inc. Kik is running a messaging application named Kik Messenger but due to a decreasing number of app-users and low revenues, the company faced liquidity problems in late 2016. To recover from this financial distress, the company created the Kin Token and started an ICO in May 2017. In the published white paper, the founder of the company stated to develop the “Kin Ecosystem,” in which the token holder can use Kin to purchase goods and services. Moreover, the value of the token would increase due to a limited number of tokens. The company raised funds of approximately $100 million USD from more than 10,000 investors, of which more than half were US investors.Footnote 6 In June 2019, the SEC concluded that the token offering by Kik fulfils the four criteria of the Howey test: “Investor’s purchases of Kin were an investment of money (1), in a common enterprise (2), with an expectation of profits for both Kik and the offerees (3), derived primarily from the future efforts of Kik and others to build the Kin Ecosystem and drive demand for Kin (4). Consequently, Kik’s offers and sale of Kin in 2017 was an offer and sale of securities.Footnote 7 For this reason, the SEC sued Kik Interactive Inc. for unregistered security offering in the federal court of Manhattan, NY.Footnote 8

2.1.3 Ponzi scheme

Another example of fraudulent activities in the ICO market is the crypto-lending platform Bitconnect with its token BCC. The England-based company successfully ran an ICO in December 2016, performed as one of the best cryptocurrencies on coinmarketcap.com in 2017, and, according to Bitconnect, it represented a market value of $4.1 billion USD.Footnote 9 Bitconnect’s business model was based on the following scheme. After investors deposited their Bitcoin into the Bitconnect BCC exchange platform and purchased its digital token BCC, the investors could use the token for two programs: First, investors can lend their token back to Bitconnect as part of its “Bitconnect Lending Program.” Bitconnect pretended to reinvest this token and promised a monthly return of up to 40%. Second, Bitconnect guaranteed a monthly return of up to 10%, if the investor holds the token for more than fifteen days in his or her BitConnectQT-wallet (“Bitconnect Staking Program”). In January 2018, the Texas State Securities Board and the North Carolina Securities Division aimed to shut down Bitconnect’s business with cease-and-desist letters due to an unregistered security offering of BCC. In addition, through the guaranteed investment returns, the regulators stated that Bitconnect’s business model resembles a Ponzi scheme. In February 2019, also the FBI started investigating against Bitconnect.Footnote 10

2.1.4 Pump and dump, phishing, and hacking

Fraud in the ICO market does not necessarily emanate from the company running the ICO, something we call external fraud in our analysis. Another fraud category is pump-and-dump schemes, which have been investigated in the context of ICOs by Hamrick et al. (2020) and Li et al. (2019). In a pump-and-dump scheme, a fraudster artificially inflates the price of a token through false information, in order to sell the token that was initially cheaply bought at a higher price.

Moreover, numerous examples show that fraudsters are active in sending phishing mails, faking social media accounts, or hacking into companies’ IT systems. This, for example, was the case with the Israel-based ICO crypto portfolio management platform named CoinDash. As soon as the public ICO-phase started in July 2017, a malicious attacker changed the official wallet address on the CoinDash’s website. Thus, investors sent their money to the false address until CoinDash shut down the website and, according to CoinDash’s blog, the hackers captured 43,000 ETH within seven minutes.Footnote 11 In September 2017 and February 2018, CoinDash announced that the hackers sent back 10,000 ETH and 20,000 ETH, respectively. In a similar way, fraudsters could steal around $1 million USD from potential investors of the ICO The Bee Token. While the ICO was running, investors who fell victim to phishing mails sent their money to false wallet addresses.Footnote 12 The company confirmed the phishing attack and suspected that the attackers were able to gain personal information in form of e-mail addresses, first names, and surnames through illegal access to a third-party vendor.Footnote 13

Another way attackers can harm the ICO issuer and its investors is by exploiting bugs in smart contracts. Studies in the field of computer science show that smart contracts contain various vulnerabilities (Luu et al. 2016; Kalra et al. 2018. Nikolić et al. 2018). According to the cybersecurity agency Hosho (now Zokyo), every fourth smart contract is vulnerable to attacks.Footnote 14 This was also the case with the DAO that was attacked after its ICO. The DAO resembled a venture capital fund that no longer relied on hired investment managers or a board of directors but rather on autonomous self-executing contracts. While investors of traditional investment funds typically face an agency problem, in which fund managers potentially act in their personal interest and not in the investors’ best interest, the DAO intended to solve this problem by leaving the decision-making process of the venture capital fund to computer algorithms and the owners. Owners maintain a pro rata voting right in line with their token share in the organization. Investors had a right to withdraw their initial Ether investment until they executed their voting right in the venture capital fund for the first time. Therefore, the smart contract contained a so-called split function, which enables investors to withdraw their initial investment if they disagree with the way the DAO uses their funds (Mehar et al. 2019).

In June 2016, a GitHub user identified a bug and informed the developers of the DAO that this split function made the smart contract vulnerable to attacks. Before the developers could resolve the issue, a hacker diverted around 3.6 million Ether worth approximately 50 million USD away (Mense and Flatscher 2018). In the end, the problem was fixed by what is called a hard fork, and the funds were returned to the investors of the DAO. This type of bug in a smart contract also led to a hacker attack during the ICO of SpankChain, a payment platform in the adult entertainment industry. The smart contract of the payment channel contained a bug similar to the DAO bug and was exploited in October 2018. The hacker stole 165.38 Ether, which were worth approximately 38,000 USD at the time of the incident.Footnote 15 Two days later, SpankChain announced that the hacker returned the stolen funds and was rewarded with 5000 USD.Footnote 16

2.1.5 Other fraud

Besides these frequent and well-documented forms of fraud, there have already been numerous other ways in which investors have been cheated by ICO companies or corporate outsiders. Some ICOs falsely claim to have partnerships with well-known companies such as Boeing, PayPal, or Walt Disney, which was the case, for example, with the ICO Titanium Blockchain.Footnote 17 DeClouds was another ICO that tried to establish a decentralized trading platform of precious metals such as platinum, gold, silver, and palladium. According to the white paper of the ICO, the advantage of DeClouds is that it enables investors to trade precious metals on a peer-to-peer basis on an alternative stock market and to earn returns from the appreciation of precious metals. According to DeClouds, the German DAB bank supposedly supported the startup with a 5 million EUR investment. As it turned out, the cooperation was a scam, and the founders disappeared with the money they had collected.Footnote 18

2.2 Information disclosure on GitHub and effects on fraud

For traditional capital markets, finance scholars have theoretically and empirically shown that information disclosure is beneficial to investors (Leuz et al. 2008). According to prior studies, low information asymmetries reduce the cost of capital for companies and make capital allocation more efficient (Merton 1987; Diamond and Verrecchia 1991; Healy and Palepu 2001). In line with these findings, research has documented that disclosing the ICO token code on GitHub improves issuers’ fundraising abilities (Dabbish et al. 2012; Amsden and Schweizer 2019; Howell et al. 2020), because experts can cost-efficiently review the code. This third-party review ensures the quality of the code to expert and non-expert investors. Disclosure and scrutiny on GitHub may thus certify that the code does not include bugs, as in the case of the DAO and SpankChain.

While prior research has mostly focused on the positive side of disclosure on GitHub, negative consequences may also occur. De Andrés et al. (2019) note that the “level of transparency also comes at a cost as, in this case, it can increase the number of hacking attacks because hackers also have access to the smart contract code and are therefore able to identify any bugs or vulnerabilities more easily.” Indeed, an unintended consequence of disclosure on GitHub may be that some knowledgeable experts exploit instead of report bugs to the community, leading to increased external fraud such as hacker and phishing attacks either during or after the ICO campaign.

This two-sided view of disclosure is not unique to ICOs. On the one hand, disclosure information on the company reduces the need for investors to collect the information on their own (Diamond 1985), which is more efficient than having each investor bear the costs of information gathering. Disclosure can consequently increase liquidity of shares or tokens later on in the exchange as a result of a reduction in information. On the other hand, Hellmann and Perotti (2011) and Cooter and Edlin (2014) show that entrepreneurs who reveal their business ideas suffer from appropriation risk. If the token code contains the business model in a detailed manner (more detailed than the white paper), issuers might suffer from transparency and a higher likelihood of hacker and phishing attacks. In summary, we expect the disclosure of the token codes on GitHub to reduce internal fraud but increase external fraud.

3 Data collection

3.1 Methodology for data collection

Our sample consists of 1393 ICOs, which are listed on Icobench.com and Icorating.com, and ended their fundraising campaign before July 1, 2018. The first ICO in our sample started in September 2016. Both websites belong to the largest ICO listing websites worldwide. These websites provide information on the ICOs, such as financial details, team information, links to social media channels, and ICO characteristics like pre-ICO phase, token ticker, or location of the ICO issuer (Huang et al. 2020).

Identifying fraud cases with certainty is not possible, because of the short time since the ICOs took place and the rare incidence of final judicial decisions. Also, the public often uses the term “scam” for simply referring to the fact that many projects are bad. However, the mere fact that a project has bad business prospects does not make it a scam. Fraud assumes some form of intent to deceive investors by either the issuer or some outsiders. This is particularly difficult to prove, so our focus is on suspected and confirmed fraud. Suspected fraud refers to media coverage about fraudulent campaigns on high-quality print or online media. Reports about a bad business model or simply claiming that the founders are fraudsters are not enough to classify the ICO as suspected fraud. Confirmed fraud refers to cases where a trustworthy source like the SEC, another governmental agency, or the ICO issuer itself has confirmed that the fraud took place. We also considered exit fraud as confirmed when the communication with the issuer stopped two weeks after the end of the funding period and was not initiated again. Confirmed exit fraud was also often associated with a disappearance of the website of the issuer.

Because we focus on fraud, our sample will inevitably be smaller than a sample of projects with bad business prospects. Different methods have been proposed to identify fraud. For example, an article in the Wall Street Journal suggested looking at plagiarism in the white paper text, leading to 271 red-flagged cases out of a sample of 1450 ICOs.Footnote 19 However, such an approach will necessarily lead to many falsely identified fraud cases, because honest issuers could copy the content of white papers to save in legal and administrative costs, a behavior often observed in the fintech domain (Dorfleitner et al. 2020). Through the increasing standardization of white paper formats, there is further an increasing use of templates, which leads to plagiarism for other reasons than the type of fraud we are examining here. Our method is therefore more conservative to ensure reliability in the cases we classify as fraud, at the expense of possibly missing some fraudulent issuers out.

To identify ICO fraud cases, we rely on the method that was developed by Cumming et al. (2020a) for crowdfunding. From October 2018 to January 2019, we ran an extensive search on Google and searched for the following three terms: (1) name of the ICO, (2) “ICO,” and (3) “fraud” or different synonyms for fraud: “scam,” “phishing,” “pump and dump” and “ponzi." Using this method, we could identify 274 fraud cases, 188 suspected and 175 confirmed fraud cases. Some ICOs were classified as suspected and confirmed fraud, because multiple fraud types were involved out of the seven categories described in Section 2.1. To ensure that our coding system is reliable and coherent, detailed explanations were provided for each fraud category and when to classify a scam as suspected or confirmed (see Appendix Table 9). In particular, we had a second researcher, who was not involved in the project, code all fraud categories independently. Finally, in case our coding was not consistent with the second researcher, we discussed the coding and, in four cases, needed to reclassify the respective fraud category.Footnote 20

3.2 Summary statistics on fraud cases

Table 1 summarizes our findings in terms of number of fraud cases identified, by fraud type. The most common fraud category is phishing attacks. The bulk of phishing attacks were formally confirmed by the founders, after they detected them, feared that their funds get stolen, and consequently warned their investors. The next most common fraud type is exit fraud, for which 25 could be confirmed and 21 were suspected. For all other categories, suspected fraud cases are more common than confirmed fraud cases. In case of securities fraud, the ICO issue was sometimes accompanied by one of the other fraud types. So far, we were able to identify 13 suspected security fraud cases, but only 3 confirmed one. Furthermore, we were able to identify one confirmed pump-and-dump scheme, with 31 suspected cases. Overall, 27 ICOs were related to a Ponzi scheme.

Table 1 Distribution of fraud cases identified (N = 1393). Multiple fraud types are possible for an ICO

An ICO can be classified as more than one type of fraud. For example, an ICO can be classified as security fraud and, at the same time, as a Ponzi scheme. Moreover, one type of fraud can be detected and another suspected. In our sample, 198 ICOs are associated with one type of fraud, 69 with two types of fraud, and the rest with three.

Finally, we find that internal fraud declines over time, while there is no clear pattern for external fraud.Footnote 21 However, these findings need to be taken with caution given the small sample size for the year 2016 and the potential lack of fraud identification for more recent ICOs.

3.3 Summary statistics on ICOs

All variables are defined in Table 2. Table 3 presents summary statistics for our sample. In terms of general sample characteristics, 88.7% of the ICO have used the Ethereum blockchain. On average, 57.1% of the token are offered during the ICO, and only 44.1% do a pre-sale prior to the funding period. Founder information, such as the number of founders involved in the project is included in 94.1% of the white papers (Team info available). This percentage is slightly lower for fraudulent cases, as expected. Finally, information on how much was ultimately raised (Amount raised) could be retrieved in 61% of the cases only, despite extensive and systematic search efforts.

Table 2 Definition of variables
Table 3 Summary statistics on main variables. The subsample of fraud cases includes both suspected and confirmed cases

There is great variation in the amount raised between the ICOs in the sample, with an average of 18.8 million USD and a median of 6.3 million USD. With 41.4 million USD, the average amount is, however, significantly higher for fraudulent cases, which are the ICOs where the benefits from fraud are also highest. One further possible reason for this difference is that ICOs that have been identified as being fraudulent during the first days of the issuance will be stopped early on and thus not included in our sample. All our fraudulent cases are those that have been identified as such after the ICO was over.

While overall fraudulent ICOs tend to have disclosed less information, the differences in disclosure are not statistically significant in a multivariate setting as we will show below. Differences may appear in the quality of the information, something which however is more difficult to assess for non-professional investors. An important difference here concerns information disclosure on how the funds are going to be used, which is only provided in 28.5% of the fraudulent cases as opposed to 45.4% for non-fraudulent cases. However, as will be shown below, it hardly helps predict fraud. There are also no meaningful differences in terms of number of social media used. In terms of financial details included in the offering, one important difference is the presence of a soft cap, which is less common in the fraudulent cases (28.5% vs. 44.6%).

Fraudulent ICOs show important differences as compared to the remaining ICOs that were not identified as fraudulent. ICOs that are fraudulent are by far larger in terms of funds raised. While some of this difference may be because fraud is less likely to occur when the amount collected is particularly small, because the gains from a fraud is limited, we still observe a large difference when considering only ICOs that raised at least 15 million USD. We confirm the positive relationship between the amount raised during the ICO and fraud in a multivariate regression setting (see Table 4). One explanation for the finding that funds raised are positively correlated with fraud is that in the absence of institutions that verify and identify information, honest entrepreneurs may have a competitive disadvantage raising funds in the ICO market (Momtaz 2020a). However, Fisch and Momtaz’s (2020) empirical evidence shows that the participation of institutional investors has a positive effect on funds raised and is also correlated with a positive post-ICO performance, which could be indicative of a lower likelihood of internal fraud (e.g., exit fraud).

Table 4 Determinants of fraud cases

There may be differences in the quality of information that was not captured in our study and that require—similar to venture capital investments—a good understanding about the ICO process and a due diligence of risky projects by investors. For example, the case of DeClouds has shown that posting a photo with German DAB bank with the intention to certify the quality of the ICO is not sufficient for the issuer to provide a credible quality signal, because the signal itself must be verified and non-fraudulent (Momtaz 2020a). Especially retail investors may refrain from collecting more information due to the cost of verifying these signals relative to the small size of their investments.

4 Results

We now turn to assessing whether the differences between fraudulent and non-fraudulent ICOs identified in the univariate analysis also hold in the multivariate setting. To this end, we run Probit regressions with three different dependent variables: Confirmed Fraud, Suspected Fraud, and Fraud. The latter equals 1 if an ICO is either a suspected or confirmed fraud, and thus combines both subcategories in one variable. We run the analyses on all three variables to assess the robustness of our findings. While we expect many suspected fraud cases to eventually be confirmed,Footnote 22 examining them separately (the variable Suspected Fraud) and together with other cases (through to combined variable Fraud) is worthwhile. Table 4 presents the results. We include a large set of possible explanatory factors, while ensuring limited multicollinearity among our explanatory variables. Many of the explanatory variables in our analysis are similar to those in other studies examining the determinants of funding success (e.g., Adhami et al. 2018; Fisch 2019; Huang et al. 2020). Models (1)–(3) use the largest possible sample. In models (4)–(6), we further include Amount raised and Token distributed as additional factors. In particular, adding the variable Amount raised is useful given that we found in the univariate setting that fraudulent ICOs raised almost four times more than non-fraudulent ones. These additions, however, reduce our sample to about half.

Most factors are not significant, hinting to the fact that predicting fraud is very difficult.Footnote 23 The presence of a soft cap reduces the risk of fraud; however, this significant result disappears when controlling for the amount raised. One reason why a soft cap could reduce fraud is because a larger soft cap requires a large participation by investors, similar to the all-or-nothing effect in crowdfunding (Cumming et al. 2020b). If not enough investors find the issuance sufficiently trustworthy and valuable, it will fail. Therefore, entrepreneurs who plan to engage in fraud are less inclined to define a soft cap, because they bear the risk of not raising any money at all.

One factor that consistently leads to higher fraud is when the startup has disclosed its code on GitHub. This result is at first sight surprising, given that disclosing the code is typically viewed as a sign of trustworthiness and transparency (Dabbish et al. 2012; Amsden and Schweizer 2019; Howell et al. 2020). The difference in the probability of having a fraudulent offer is 6.6–7.4%, depending on the specification considered (model (3) or (6)). Our results therefore stand in contrast to the common view that disclosing information on GitHub is good. A closer examination of what types of fraud are associated with disclosure on GitHub offers a first clue on why fraud might become more prevalent (see Table 5). Phishing and hacker attacks are more common when code is published on GitHub (65.0% vs. 44.0%), which is a main type of fraud in this particular case. Table 5 presents the distribution of fraud cases by disclosure on GitHub. Fraud cases in which the code was disclosed before the ICO on GitHub are more often external than internal fraud, as opposed to fraud cases without prior disclosure. By contrast, exit fraud, security fraud, and Ponzi schemes, all of which are types of internal fraud, are less likely. These observations suggest that GitHub induces more often externally driven phishing and hacker attacks. One likely reason is that phishing and hacker attacks become easier for corporate outsiders when the code of the venture is disclosed. Thus, while recent ICO studies (e.g., Amsden and Schweizer 2019; Howell et al. 2020) have argued that disclosing the code on GitHub is helpful to build trust between the startup and the investors, we find that it encourages external fraudsters to misuse the disclosed information to their own advantage and at the expense of investors. Thus, there is a clear trade-off in deciding to disclose information on GitHub.

Table 5 Sample distribution of fraud cases, by GitHub disclosure

Returning to Table 4, another important result is that having raised more funds is associated with a greater likelihood of fraud (models (4)–(6)), confirming our initial univariate finding that size matters. One reason proposed before is that the benefit of fraud is higher because there is more money to steal. In economic terms, a one-standard deviation increase in the amount raised leads to an increase in the fraud probability of 38%, which is a substantial effect. Our results further show that the amount raised primarily affects suspected fraud, though the coefficient for confirmed fraud is also significant at the 10% level. This relationship is primarily driven by internal suspected fraud, which is consistent with the view that corporate insiders have greater incentives to engage in fraud if there is more to steal.

An underlying assumption is that the significant result on GitHub is due to external and not internal fraud. Indeed, issuers’ benefits from fraud are unrelated to whether the code is disclosed on GitHub. However, the fraud is facilitated for corporate outsiders, thus the increased risk of external fraud. To corroborate this assumption, we run again the same analysis as in Table 4 but separately for external and internal fraud cases. Results provided in Table 6 confirm that the effect of GitHub is driven by external fraud (the first six columns regress on external fraud, the last six on internal fraud).

Table 6 Determinants of external and internal fraud cases

A final question we try to address is whether fraudulent ICOs under- or outperform directly after the ICO. This question is nontrivial, because some fraudulent issuers may ex ante decide not to list because of the cost involved in doing so on an exchange (e.g., internal fraud such as exit fraud), while other types of fraud are impossible to carry out in the absence of a listing (e.g., external fraud such as pump-and-dump schemes). Pump-and-dump schemes only become potentially profitable strategies if one can trade. Similarly, Ponzi schemes require that the ICO lasts long enough so that a pyramid can be maintained over a sufficient period. If it stops, the organizers can no longer pay first investors. Measuring performance is not an easy task, because fraudulent cases are less likely to list in the first place and the remaining sample for which price data are available suffers from a survivorship bias. We therefore measure ICO performance by whether or not the token got listed on an exchange, a measure previously used in the literature to proxy for successful ICOs (Howell et al. 2020).

Table 7 shows the distribution of fraudulent cases for the subsample of ICOs that eventually got listed and those that did not. The last two columns show the tests for the difference in means of these two subsamples. The subsample of ICOs with listing includes more fraudulent cases (10.1% vs. 6.7%). This difference is mostly driven by external fraud cases, most of them being phishing and hacker attacks. We confirm these differences in a multivariate setting as well.

Table 7 Sample distribution of fraud cases, by exchange listing

In Table 8, we run Probit regressions with the dichotomous dependent variable equal to 1 if the token gets listed on an exchange and 0 otherwise. We test the impact of fraud on that probability, while controlling for all the factors considered in Table 6. We find that fraud is associated with an 11.5% higher probability of listing, though the impact becomes smaller and nonsignificant when we control for the amount raised during the ICO and the number of tokens distributed. However, the last two columns indicate that external fraud is strongly related to a token being listed, and this effect remains significant even after the inclusion of additional controls. The correlation is also economically meaningful. One concern with the interpretation of this result is causality, because in some cases, fraud may only be detected after the listing. Corporate insiders and outsiders might likewise decide to engage in a pump-and-dump scheme only after the token is listed.

Table 8 Determinants of token listing

In unreported regressions, we also test whether fraud is correlated with post-ICO performance. We find that external fraud in the form of pump and dump is related to positive performance after 180 days of trading (calculated as the token return over that period minus the return of the MSCI World Index), which might result from fraudsters first artificially inflating the price of a token through false information, to sell the token that was initially bought cheaply at a higher price. Thus, ICO returns are not a good proxy for fraud, because different types of fraud affect returns at least initially in opposing directions. A worthwhile avenue of future research would be to investigate whether ICOs have developed a sustainable business model and whether their failure rate is higher than that in other technology sectors.

5 Conclusions and policy implications

ICOs combine the financing of a venture through a large crowd with the issuance of a new digital token. Therefore, ICOs share many similarities with equity and reward-based crowdfunding. This implies that the experience gained by national regulators in the crowdfunding domain—especially regarding equity crowdfunding—as well as the knowledge obtained by market participants may be useful for the discussion on whether and how to regulate ICOs. ICOs could be particularly useful when people want to own the platform they are using or would like to use the tokens as means of exchange. For example, the users of LinkedIn or Facebook could own the platform themselves and use tokens to pay for hosting and programming services of the website.

The establishment of professional platforms where ICO issues could take place, similar to equity crowdfunding campaigns that are frequently run on specialized platforms and in some countries are even required by law to use a platform (Hornuf et al. 2018), may facilitate the implementation of both, formal regulation and self-regulation.Footnote 24 These platforms may even be existing equity crowdfunding platforms integrating ICOs, as they have done similar expansions for other asset classes such as real estate crowdfunding, fixed income products, and secondary markets. In fact, combining crowdfunding and ICOs may be optimal to overcome the current inefficiencies of crowdfunding or the shortcomings of ICOs respectively (Ackermann et al. 2020; Block et al. 2020). Moreover, these platforms could use small business credit scoring, a technology that has been used by financial institutions to evaluate applicants for small loans that involves analyzing data about the owner of the firm and the limited data about the firm itself (Berger and Frame 2007). Using such platforms might not only reduce the likelihood of fraud but also decrease the costs of capital (Li et al. 2020).

In contrast with findings in reward-based crowdfunding (Cumming et al. 2020a), the extent of information disclosure offers little opportunity to identify possible fraud, presumably due to the increasing use of template white papers. A more thorough analysis of the white papers is therefore needed. This could be done by institutional investors (Momtaz 2020a), in line with the notion that it is often optimal to share ownership (Narayanan and Lévesque 2019). Alternatively, specialized platforms might be in a comparatively better position to run background checks and analyze the truthfulness of the information in the white papers, because unlike one-time investors and issuers, they can specialize in conducting such a due diligence (Coffee 2006).

Finally, future research might investigate only the fraud cases that were ultimately classified as fraudulent or illegal by a court or administrative agency such as the SEC. Our approach was based on a method that was developed for reward-based crowdfunding (Cumming et al. 2020a) and which we consequently adapted to the ICO market. Our approach led to a conservative sample of fraud cases. Another method could be based on a comparison between the content of white papers and firm facts verified by Internet sources or third parties (e.g., through reverse image searches or company registers). Moreover, future research could classify the sources of fraud, that is, whether the fraud was planned from the outset or entrepreneurs resorted to fraud during or after the ICO offering. Our method was built on distinguishing fraud conducted by corporate insiders from fraud conducted by outsiders, which had important implications for our analysis of information misuse of disclosed codes on GitHub.