Policy IDs and Protecting Yourself from Scams

In traditional centralized finance, such as banks and investments, regulations dictate how participants should act in order to reduce bad faith participation and scams. In exchange for these protections, such as FDIC insurance, the investor (or account holder) generally gets lower returns.

In digital assets, however, you are the bank. You make the decision on how you spend your money, where you send it to, and how it’s used. The freedom to buy and manage your assets does come at a cost. This cost is that you are in charge of your own security against fraud protection.

In this article, we’re going to arm you with a good bit of information to help you protect yourself against these bad actors ahead of our token launch. Things you will learn about here include

1. A very high-level approach to how tokens are created, including what a Policy ID is and how it’s tracked to verify the authenticity of a token or NFT.
2. Common scams in the “cryptosphere”
3. Best practices on protecting your funds from scammers. 
4. MELD’s Token Policy ID

How Are Tokens Minted on Cardano? 

We’re not going to get super technical here, but here are two articles from Cardano.org on how to mint a native asset or minting an NFT on Cardano.

However, there are certain aspects to minting native assets that you need to know about:

Monetary policy script - In short, this covers the name of the token, the time periods in which you can mint and/or burn, and who is able to mint tokens. 

We’re going to skip around a bit, but the next most important part for the end-user (and ultimate purpose of this article) is the Policy ID, which is created in coordination with the minting policy. 

What is a Policy ID? 

Assets’ names on Cardano are not unique and are quite easily duplicated. In response, native assets are assigned a Policy ID, which is a unique identifier attached to the asset permanently. Many NFTs or native assets use the Policy ID as a public verifier of the authenticity of the asset. 

Example: 

On 1/23/2022, a liquidity pool appeared on a decentralized exchange under the name $MELD. MELD officially minted its token on 1/27/2022 with the same name. So how do you tell the difference? 

Using the policy ID, which most legitimate projects make publicly available on their site, you can determine if the $MELD on a DEX is authentic to the MELD project, or not.

How Do I Verify a Project’s Policy ID?

Step 1: Use a public, credible source to find the project’s Policy ID. 

Most projects will display their policy IDs on their website, in their social media groups, or in other various places. In this example, we’re using World Mobile Token’s website to find the token information. Luckily, they make it really easy and post their Cardanoscan link in the footer of their page. 

Step 2: Use CardanoScan.io to verify the Policy ID

World Mobile does a really great job of providing a hyperlink to Cardanoscan. As you can see, as soon as you click on the link it gives you all of the pertinent information, including the Policy ID.

STEP 3: Verify the Policy ID on the DEX you decide to use:

So, from here, we’re going to use our friends over at SundaeSwap to find the Policy ID of the trading pair and verify it against the Policy ID that we know is authentic on World Mobile Token’s Cardanoscan page. 

By scrolling over the token in the pair, a box will appear with the beginning and ending of the Policy ID. This should be sufficient to verify that this is an authentic token. Since it is virtually impossible for a bad faith actor create a similar, but only slightly altered Policy ID for a fraudulent $WMT token on purpose.

Below is a snapshot with fake $MELD tokens that were on Muesliswap and have since been deleted, so you can see how the Policy ID would look on their platform.

Common Crypto Scams 

Crytopcurrency is the “Wild West” of the financial world. The above exercise of finding a fraudulent token, and how we verify an authentic one is just one of many scams that you’ll find in this space. In this section, we’ll take some time to discuss some of the most common scams you’ll find online.

Double Your Token Youtube Videos

For me, and even Charles Hoskinson, this is the worst type of scam. The reason being is that Youtube is supposed to be policing it’s content to be free from scams. For crying out loud, they make enough money off of you with advertising dollars, the absolute least they could do is remove reported video’s, but that’s another discussion.

The problem with this type of scam is that it’s based on authenticity. The video you’re watching is always a legitimate interview or discussion by the person that you’re watching. The scam comes in when with the overlay where the poster promises to double or send you tokens after you send some crypto to an address. 

Here’s the thing, there’s no such thing as a “free lunch”. No one is going to give you free tokens simply for sending them tokens. Furthermore, when you send a transaction, it’s gone. There is no recovering your property. You will not get your money or tokens back.  

Twitter or Youtube Comments

So, this response was given to a person that was having issues with network congestion associated with SundaeSwap’s launch. As you can see, it looks like it could be authentic. I mean, it does say support.. It has the SundaeSwap name in the handle. 

It’s not. Most times these scammers will send you to a Google Doc and request you to put in your private keys. Once they have access to your information, your assets are 100% gone and there’s nothing you can do to recover them.

How to prevent this? Never, ever give your private keys to anyone. Furthermore don’t fill out Google Docs from a source like this with personal information. FINALLY, use authentic contacts, like a project's “Contact Us” page on their website. 

Direct Messages on Social Media

While we’re talking about Twitter, it’s important to know that most influencers or projects will not reach out to you directly in your private messages. Same as above, it will be secondary to a frustration that you’ve had and they’ll send you to a Google Doc to fill out a “support request.”

As above, if you give them your private keys, your funds are gone and will not be returned. 

General Best Practices for Protecting Your Digital Assets

• Never, ever, EVER give out your wallet’s private keys (aka “seed phrase”). 
• Never send assets to someone who promises you to give you something for nothing.
• Don’t interact with projects/influencers that direct message you on social media or respond to you on Youtube asking for you to contact them.
• If in doubt, always verify Policy ID’s and other information with publicly known information, like websites for projects. 
• Use two-factor authentication on wallets (or even better, use a cold wallet when possible.)
• Don’t leave assets on exchanges. 

$MELD’s Token Policy ID

In order to help reduce the opportunity for bad actors to steal your assets, we’ve decided to put our Policy ID at the end of this post. Hopefully for all you crypto enthusiasts, new and experienced, this article will limit the likelihood that you will be taken advantage of as we launch our token on January 27th, 2022, and the upcoming airdrop on January 31st, 2022. 

MELD Token Mint TX:

https://cardanoscan.io/token/6ac8ef33b510ec004fe11585f7c5a9f0c07f0c23428ab4f29c1d7d104d454c44?tab=transactions

Policy ID: 6ac8ef33b510ec004fe11585f7c5a9f0c07f0c23428ab4f29c1d7d10

$MELD tokens will be airdropped on Jan 31 starting 12:00am, midnight (7am Vietnam time) and will take between 3 and 24 hours to complete (*chain congestion dependent).

Remember that there is no “MELD support” user on social media and stay safe out there!