⇐ Back to the beginning of the blog

MyCryptoBank ICO: review, audit [rate: bad]

img 5b59b416e39df - MyCryptoBank ICO: review, audit [rate: bad]

In the article were conducted an audit of the technical component of the MyCryptoBank project: security, methods of collecting money for ICO, claimed MVP, video clip, Whitepaper. There are weaknesses in many points. As for the methods of collecting money, there is an extremely suspicious situation: allegedly serious fees of $ 5M, without the possibility of verifying them, the ICO smart contract is generally absent. This can be an easy basis for criticizing the project by different ICO reviewers, despite a good business rating. The final technical rating, conducted by CryptoB2B for MyCryptoBank on July 26, 2018: 0 out of 10, is bad.

MVP Analysis: slyness

Important note. The analysis of this video and other points is carried out in this chapter only because the project actively hints at the proximity to MVP. For what is it done? Probably to improve your competitive advantage. But its actually no MVP and what it is – raises questions. The presence of an MVP is not required for an exit to the ICO. When there are hints of MVP and they are not entirely honest, it causes blame, which is the idea of ​​this chapter. It is necessary to do the described steps, but you should not give this for your achievement.


Consider the video and some useful frames. Watch the video, it’s beautiful and explains that it was discovered:

 

The wallet to which the actor (probably a company employee) received money – 0x6218b34448a0f802794021c967898c5c1175fd54. In Etherscan we look at the transactions:

https://etherscan.io/address/0x6218b34448a0f802794021c967898c5c1175fd54

img 5b58eef1bea9e - MyCryptoBank ICO: review, audit [rate: bad]

 

0.5778365 ETH is the amount that came by check. The screenshot shows that this amount was received not from their system, but from the Bitfinex exchange. Judging by the legend, MVP already exists and the video should be more or less approximated to reality and not be an artistic fiction. The first thing that is obvious: video – fake, in the sense that the amount came from the stock exchange. The video itself is normal, the future idea explains, the founders are good fellows. But such videos, where people elegantly paid with bitcoin for the coffee in the cafe and demonstrated these videos on the ICO – quite a lot, everyone has already seen. Unfortunately, we can not buy coffee with Cryptocurrency.

The second. If Etherscan did not know that it was the wallet of the exchange, he would not have written “Bitfinex”. The authors of the video should use the transfer of money from their neighboring wallet or at least one of the many exchangers in order to simulate the availability of MVP. Then the sender would not be “Bitfiniex”, but an unidentified wallet (it could also be recognized as an exchanger, but much more difficult). If the purchase was from the exchange, it would be necessary to remake the video, having found this error. Unfortunately, two mistakes in one place indicate a lack of planning. None of the project team could guess to look at their own transactions in Etherscan – stupidity and negligence (when fiction is given for MVP).

Third. This is not a minus, just a small observation – why did you need to buy cryptocurrency really through the exchange? After all, it was easier to have a related wallet. Probably, at that time there was no free money. What is also saying is not in favor of having an MVP, but in the complete absence of financial transactions in real lockups.


img 5b58f7ae84662 - MyCryptoBank ICO: review, audit [rate: bad]

img 5b58f22fb5f1d - MyCryptoBank ICO: review, audit [rate: bad]

 

In the terminal money was inserted at 20:18:12 (UTC + 0). And in the blockchain they appeared at 16:46:52 (UTC + 0), i.e. for 3.5 hours before shipment. This means that the founders of the company, in addition to a new era in the financial sphere, easily use the nuances of the space-time continuum, when you first receive money for an account from the future (a new form of credit?), And then you have to transfer the sum back to the past and restore the equilibrium in the universe .


The rate at the time of purchase was $ 519.18. Judging by the Coinmarketcap in June 22 at 20:18 (UTC + 3), the ETH / USD rate was about $ 480. The system commission is ~ 8%. In the already existing and convenient ePayments system, the commission for the input / output of the cryptocurrency on its bank card is about 1-2%. Cash withdrawal from ePayments: from 1-2% (not advertising, comparison). In the chapters below, the authors will assign the number of “8%” to “Other banks” and inform that their commission is “from 0.1%” – the difference is up to 80 times!


Further. In the menu there is “OUR MVP”, we pass there:

img 5b59050d8a4cf - MyCryptoBank ICO: review, audit [rate: bad]

A site resembling a stock exchange will open:

https://mycryptobank.1bit.online/eth-btc

What does this have to do with MVP (terminals, buying for fiat, working with a card)? We do not pretend to assert, but at first sight it has nothing to do with it. Next, consider on this site the signature and copyright: “Copyright © 2014-2018 Powered by Merkeleon Exchange Software”. The link in the signature leads to www.merkeleon.at/ru/exchange/, where, probably, anyone can create a clone of a crypto or exchange under his brand. It’s not even WhiteLabel from merkeleon.at, for which it would be necessary to pay decent money, but simply an ordinary account.


Just look at the road map:

img 5b5906cfeeee4 - MyCryptoBank ICO: review, audit [rate: bad]

 

It turns out to register with Merkeleon Exchange Software and hang up someone else’s product on mycryptobank.1bit.online’s own domain – this requires a separate stage (# 2) in the road map!

It is also not clear what is written in paragraphs # 2.1 and # 3, because the project uses the ready crypto infrastructure of someone else’s project, where all this has already been implemented. It remains to lern only for someone else’s API, to register their legal entity and, of course, to spend most of their time developing the mobile application and backend with the API.

Conclusion:

  • A video is a fiction. This is not an MVP demo. There are mistakes that are too lazy to search / fix.
  • The MVP has hints, but it has not been found. The button “OUR MVP” is a lie (both in the word “our”, and in the word “MVP”).
  • We are waiting for August 30 – the term of the development stage # 4. Knowing the complexity of the development, we sincerely wish the project will meet deadlines.

 

Collection widget: hack-work

img 5b59086308e8d - MyCryptoBank ICO: review, audit [rate: bad]

 

We could not understand the main thing – how much money has been collected? Like, ICO is running. Like, some strip. But it’s not clear:

  • blue background on a green bar is the time interval to some end (either a round, or a bonus period, or the entire ICO)?
    or the blue bar is the amount collected?
  • conditional % of the money collection from which Hardcap (or pre-sale, or the entire ICO)?
  • Hardcap itself in tokens 795,500,000 from what exactly Hardcap (or pre-sale, or the whole ICO)?
  • and the phone on the right – what is it (picture, in which currencies have collected money or just a screenshot of the product – is misleading)?
  • how many tokens have already been sold?
  • where is the distribution of fees for wallets?
  • where to look at wallets in order to audit the received money?

Unfortunately, the founder of the project can not even state such primitive things in an understandable way. We have to note that the quality of the user interfaces of the company’s first product (ICO Landing) can be indirectly judged on the shortcomings of the quality of the future project. It is necessary to implement the main page of the ICO site so that a cursory examination would be understandable about all the nuances of the current ICO status without additional movements / questions / searches.

The site https://icoholder.com/en/mycryptobank-22555 says that ~ 30% of the hardcap of the first round of pre-sale is collected. But why it is not visible on own site? Apparently, the current fees are around $5M, and the hardcap on the first round is about $15M. Wallets to search for $5 million – not available. Audit is intentionally difficult.

Total:

  • Technical backwardness in user interfaces.
  • Dangerous negligence: the amount of the collection is not checked (or the founder does not understand the ideology of the blockchain, or there are no fees at all).

 

The procedure for collecting money: horrendously

The project offers to buy tokens for Fiat, BTC, ETH, LTC and BCH. In exchange, someday, after ICO, they promise to send tokens in EOS blockchain. At the same time there it is written – that now you can not enter EOS. Note that the fee in the currency (EOS) on which the project is going to do is not. You can not pay in EOS. Of course, there are no allusions to the EOS smart contract on accepting money to ensure transparency in their collection. The investor can not audit the smart token contract, he is forced to pay money first.

In the Personal Area, when you try to pay in any Cryptocurrency, the Personal Account generates a personal money collection wallet:

img 5b590e75a0a70 - MyCryptoBank ICO: review, audit [rate: bad]

 

We check the issued address (in a red box) in blockchain.com:

img 5b59c55a42ff1 - MyCryptoBank ICO: review, audit [rate: bad]

There are no transactions. Similarly, ETH is checked – there is also created a unique wallet for the client, without any hint of a smart contract.

In general, this Personal Office is virtually absent. He does not manage any fees, but simply generates wallets. This is extremely low in terms of technical quality and the most opaque way of conducting ICO, when the founders intentionally use the template with personal wallets, so that the auditor did not have any opportunity to check the real amount of collected money. Certainly it is impossible to affirm, but it resembles fraud: judging by the legend, an impressive amount is collected (it is not even known what!), But no traces were found. The personal cabinet of CryptoB2B has exactly the opposite properties: all the charges for a single address, maximum openness, ease of conducting any kind of audit (such as checking how much money is actually collected right now), maximum investor protection from the project’s founders. Minus ICO platform from CryptoB2B – it is NOT suitable for those founders of the company who want to hide their fees, as in this case.

In the rules of ICO in MyCryptoBank, there is absolutely no protection of the rights of investors’ interests. The essence of the blockchain is that no one should promise anything to anyone. The essence of a smart contract for the ICO is honestly, autonomously, transparently exchange incoming money for tokens. In this situation, any option ICO is a lie (not confirmed by a smart contract) and will be executed only on the goodwill of the founder, only in manual mode after receiving all the money for a personal wallet:

  • softcap is declared, but it is false (requires the good will of the founder to return the money)
  • hardcap is announced, but it is false, nothing prevents to continue collecting money up to $ 1.7 billion + $ 1
  • bonuses are not protected in any way (the goodwill of the founder is required in order to distribute them fairly)
  • unlimited rights of the founder over the number of tokens, which you can keep or not give to the investor
  • a smart EOS contract is missing, an investor is offered to buy an incomprehensible token
  • blockchain programmers probably have not yet mastered EOS or they are not even in the project
  • the list can be continued, but it does not make sense because of the complete absence of a smart contract manager

All ICO is organized at a very low technical level, from which we make the main 3 conclusions:

  • this is an occasion to doubt the honesty of the founders of the project (a huge suspicion of honesty of fees, but there are no facts)
  • malicious profanation of the ideology of the blockchain, where no one should promise anything to anyone
  • ostentatious low technical implementation of the company’s first product (the procedure for collecting money in the ICO), which casts a shadow on the quality of the future project and the prospects to earn on investing in it now

 

Additional threat to the investor

When the Personal Office issues a wallet for payment to the investor, the person does not have any tools to check whether this is correct. When the fees go to a single wallet for each blockchain, then before paying for it you can check – in the project’s telegram channel, in the almost-dead Bitcointalk, in Whitepaper, in other places.

If one of the following occurs:

  • the hacker completely changed the algorithm for generating all the wallets and private keys to them
  • hacker selectively rare investors to replace wallets, so that he is not immediately caught
  • disloyal employee (programmer) or other persons (employees of the hoster) do the same (mass substitution or secret, little by little)
  • the programmer unintentionally broke the algorithm for issuing wallets (either massively or selectively)
  • the programmer / founder lost the base of the private keys of the created wallets (if they are generated not by the basic BIP32 Root Key or analog)

then the investor will not be able to protect himself from this. Even with all his desire, such methods of organization of the Personal Cabinet are a vicious practice connected with facilitating the programmer in identifying payments (roughly speaking, this is due to laziness, inexperience of developers, cheap product, total disregard of the need to be ready for audit).

If the described problem happens, the investor will not prove that it was the site that forced him to transfer money to the wrong address. When ICO uses a single collection address for each blockchain, in the event of a break-in, it becomes known to everyone, especially company employees, quite quickly (panic in the chat, as a rule). With individual wallets – the problem can not be detected as long as desired. The threat of loss of collected money is a threat to the welfare of the entire project.

 

Protection through Cloudflare: hack-work

The project has protected its site through the well-known anti DDoS service – well done. However, in just 2 clicks you can find the real IP address 199.247.29.198. There is a very low share of the probability that this is not a real server, but a full copy (probability 1%). For ordinary ICO lending, it is unlikely that several mirrors would be launched. Make sure that this real IP can be as follows.

First, we will request the project site through Cloudflare, by downloading https://mycryptobank.io/any-fake-path

img 5b59bd6806d08 - MyCryptoBank ICO: review, audit [rate: bad]

Simultaneously and in parallel we will load a page http://199.247.29.198/any-fake-path

img 5b59bd516d06b - MyCryptoBank ICO: review, audit [rate: bad]

From the screenshots you can see:

  • on 2 servers the same time to within a second
  • match the server version and the general form of the template
  • redirect from IP to main address
  • it would be necessary to carry out the research further in order to guarantee other coincidences

This indicates a weak technical level of the relevant specialists, that in spite of the external gloss (“we defended through Cloudflare”), in fact there is nothing. In CryptoB2B, the “Connect to Cloudflare” service means that the real IP address would not be reachable. By their own efforts, some types of work are not recommended, programmers simply do not have experience. The chance to hold a successful ICO if it is, is given no more than 1 time in life. To impair such a chance technically unprepared solutions is unreasonable. The second chance will not be because of the very low probability for each individual to participate in their lives in at least one of their own major project.

 

Whitepaper analysis

Only a superficial analysis was carried out. There were many similar projects and the situation is clear. This criticism is not at all aimed at debating whether a project is needed. Such projects are very necessary. But gross violations in Whitepaper are also not permissible.

img 5b59176a673ee - MyCryptoBank ICO: review, audit [rate: bad]

 

There are too many marketing lies in this table. If the founders of the project compare themselves at least with ePayments, then the picture will radically change. Not advertising ePayments, but this is a long-running and working system, including DEX, which has already implemented everything (+ many other functions, such as Swift transfer to a local bank of the Russian Federation). The system is complex, has many expensive conversion directions. But several options for money exchange (input / output) are almost free, including DEX, about 2%. Or the opportunity to receive cash from your own card at Binbank ATMs almost free of charge when withdrawing large amounts from $ 1000! This is 4 times less than what is written in the table. It is even cheaper than Yandex.money & Webmoney in some cases.

It is commendable that further in Whitepaper the project evaluates competitors, however, forgot about some already neglected – flaws or cunning.


Particularly note the point:

img 5b5919c3319e3 - MyCryptoBank ICO: review, audit [rate: bad]

Unfortunately, almost any function in this kind of project will be centralized and run in normal SQL. The exploitation of the words “blockchain”, “decentralization” should have justifications. If you consider any step of the system, any page of the mobile application of this project is traditional SQL queries. Also, ownership of the entire infrastructure (the usual code and a small set of smart contracts – about 0.1% of the total code) will be centralized, i.e. managed from the project office. Rare functions, such as DEX or moving tokens, are indeed decentralized. The author of the words in the screenshot does not understand the essence of the term “decentralization”.

On the other hand, compared to other ICOs, this project does not have an extraordinary excess of words “blockchain” and “decentralization” – this is a positive moment.


The desire of the project to keep too many tokens is vicious:

img 5b591b328ac3b - MyCryptoBank ICO: review, audit [rate: bad]

For the fund it is enough to allocate only a few% of tokens, for example 3%. When collecting Hardcap 3% it’s about $ 3,000,000. If the project manages to use such an impressive amount in circulation, it definitely already became big, successful, received revenue, and it is quite possible to replenish the tokens by simply buying them out.

Due to the large number of ICOs conducted in CryptoB2B, it is known that almost every founder tries to keep 10-20% of tokens (in addition to tokens for the team, marketing, etc.) under the fund. Almost always it is possible to convince the founder not to be greedy. After all, the project already receives 100% of all money, which should not be taken away from investors and 35% of tokens.


Схема распределения денег вызывает вопросы:

img 5b591bc851393 - MyCryptoBank ICO: review, audit [rate: bad]

 

Spending $ 30,000,000 on development is a dubious idea that raises questions. Similarly, from a technical point of view, it is difficult to assess what the items differ from each other, which also causes suspicion of the thoroughness of the preparation of the legend.

It does not apply to technical analysis, but Hardcap at $ 100M is a search and a chance for all to filter out the project only for this indicator (because of the risk scam).


Whitepaper is completely absent:

  • technical features of the project implementation (but due to the obvious purpose of the project, this is not a critical minus)
  • justification of the choice of EOS
  • description of features of EOS, in comparison with other blockchain
  • schemes and visual pictures (which do not mean anything and technical details still do not disclose)

 

Subtotals

  • The procedure for collecting money – in millimeters from fraud
  • DEX from the site – does not belong to the project
  • Mobile application or MVP is not present
  • Private office – third-party delivery
  • There is no smart contract for ICO, the organization of money collection at an unacceptably low technical level
  • In fact, the founding team created only: ICO site (poor quality) + Whitepaper + video (oversight)
  • The team openly neglects the ideology of the blockchain already at the ICO and demonstrates the poor quality of products
  • The topic of choosing EOS was not covered
  • Incorrect comparison with competitors (but it’s good that there was an attempt to do this)
  • A positive aspect is the relevance of such products
  • The size of the profitability of the project and the token due to small commissions is questionable
  • Weak technical background of the team
  • A positive aspect is the infrastructure project

img 5b59220c1ba71 - MyCryptoBank ICO: review, audit [rate: bad]

Business valuation from different agencies seems overstated. There is no agiotage. Risks are significant. However, in this review we consider only the technical aspect, i.e. the third kind of rating. The picture is for reference only.

 

Miscellaneous

Video on the site raises questions. Who is the target audience for such terminals? There are many questions, if you start to think about real scenarios of such everyday behavior of people: when and why would they buy a cryptocurrency for Fiat? Most likely, it will be a weakly demanded functional, when someone will need to buy anonymous cryptocurrency (identification by phone and SMS if desired).


img 5b59272e0f9b2 - MyCryptoBank ICO: review, audit [rate: bad]

It should not be embarrassed that the team is Russian. In the world there is no prejudiced attitude towards Russians on non-political issues, such as ICO and development. Approximately 50-60% of all ICO world: from Russia or with the participation of Russian-speaking residents of different countries.


 

img 5b592f36ed061 - MyCryptoBank ICO: review, audit [rate: bad]

In messages from the administrator of the chat KBree contains an inaccuracy – in EOS you can not buy tokens, such a method was not available in the Personal Area. And by credit card there is a limit of $ 500, which indicates a lack of careful selection of financial partners. Probably, with the amount over $ 500 a financial partner of the company would require KYC. By the way, CryptoB2B offers in its ICO platform a partner who works with cards without a limit of $ 500 and does not require the buyer token in general anything: no phone (the project was required), no other personal data.

 

Way out

There is a procedure for holding an ICO when the rights of the founder of the project are so severely limited that it does not have any loopholes to the endless issue of the token, manipulation of the value of the token (bonuses), it is impossible to ignore or bypass Softcap and so on. Criticism would be meaningless if solutions did not exist, however, they do exist. The essence of the blockade is that it is realizable. The essence of criticism:

  • the founders went to the ICO and were not aware of this
  • censoring the overall horribly low technical quality of implementation of blocking solutions, starting with the methodology of honest money exchange for tokens

The first thing that causes the greatest suspicion of project integrity is the lack of a way to check fees. If the money is ($ 5M?) – they need to be opened. CryptoB2B is categorically against Internet figures (who do not have a technical background), who can only pronounce the word “scam” and accuse everyone of it in a row. But the project gives them an excuse to do it.

Second, ICO should be paused and deal with EOS if the project chose it. For this, there must be at least a programmer for EOS smart contracts in the state. Note that the smart token contract and for ICO to write in own strength is still not necessary, because this leads to the sad consequences described in the article. When the team does not understand at all that the ICO can be held honestly, autonomously, by laying down all promises inside the smart contract. It’s not the fault of the programmer, who could not have experience in dozens of ICO’s.

Third, it is necessary to use the ICO platform to ensure honesty.

The fourth is the completion of a study of competitors and reasoning, why this project will be able to earn when competitors already exist, have already conquered the market and already have very low commissions.

The whole article contains a private judgment of the author, which was based on a superficial study of the project. For example, during an actual audit on an order, CryptoB2B analysts spend about a week on all kinds of emulations, tests and debugging, with the hope of forcing the prepared smart contract to erroneous behavior (95% of all audits manage to do this). In a superficial analysis, an example of this article may contain inaccuracies.

 

Technical rating of the MyCryptoBank project

Description of the main technical idea? Positive*, +3.
[-10 = no, 0 = neutral, + 5 = present]
* – Though the idea is absent, and the project is not described and should be put -3, but because of the obvious it can be thought up by yourself

Have you discovered obvious technical lies (fraud)? Found, -2.
[-10 = found, 0 = not evaluated, + 3 = positive]

Does the main functions of the project have anything to do with the blockade? Almost infrastructure, +5.
[-10 = does not, 0 = has, + 10 = ecosystem]

Adequacy of the sale of tokens, protection of the interests of investors? Terribly (negatively), -10.
[-10 = violations, 0 = not evaluated, + 5 = honest ICO]

The quality of the code, the errors in the smart contract? Did not evaluate, +0.
[-10 = errors found, 0 = not evaluated and / or no errors, + 5 = good quality]

Openness to the audit and answers to inconvenient questions? Did not spend, +0.
[-10 = hostility, 0 = not conducted, + 2 = open to cooperation]

Intermediate assessment by the formula: + 3-2 + 5-10 + 0-0 = -4 points. Numbers less than zero or more than 10 are rounded to the range [0 … 10]. Total: “-4” is rounded to “0”.

Evaluation grades:

-50 … -21 = extremely bad
-20 .. -10 = very bad
-9 … +0 = bad
+1 … +3 = so yourself
+4 … +9 = positive
+10 .. +20 = excellent
+21 or more = excellent

The final technical rating of cryptob2b for the MyCryptoBank project: 0 out of 10, the score is bad.

We apologize for the English translation, was made through Google.

⇐ Back to the beginning of the blog