The Metamask team’s official guide to best practices when contributing — for experts and novices alike!

If you’re participating in a token launch for the first time, or even if you’ve done it all before, the process of safely and securely taking part in such an event requires research, preparation, and vigilance.

Token sales have proven to be a powerful new way of raising funds, but the current infrastructure and climate surrounding the phenomenon presents many risks. As a contributor, you want to purchase tokens for a project you believe in, but you also want to make sure you don’t get phished, scammed, send your currency into the abyss, or any of the unfortunate situations that people sometimes face in the process of contributing to token sales.

At MetaMask, we work with users every day who are struggling when trying to participate in token launches. Token sale contributors should always approach their engagement with caution. We’ve created this guide to participating in token launches to empower our community with best practices, and answer some of the most common questions that come up in the token launch process.

First Things First: Inform Yourself

When you initially learn about a token launch you’d like to participate in, gather all the information you can. Not every token launch is structured in the same way. Some are not available in all countries. Some require registration beforehand. And some spread their token sales over several days, or even weeks.

Make sure you do a few things before the token launch begins:

Research, research, research

Every single person who engages with the decentralized web should consider themselves responsible for educating themselves on the technology and doing due diligence research on any project before considering contributing. Read the whitepaper, the source code, check out the track record of the team, and understand what your contribution entitles you to. There are a lot of dubious projects in the Ethersphere, and security and safety should remain at the forefront of every participant’s mind.

Understand the value proposition of the project

Avoiding getting phished or hacked is one thing; but you also need to make sure you don’t willingly put money into a project that is not built on solid business or tech fundamentals. Beyond total dud or scam projects, you want to make sure you aren’t just buying tokens for the sake of buying tokens; is this a project that you believe has a real future? Do you have a reason to purchase these tokens? Will you participate in this ecosystem? Will they be valuable to you? The answer to all of these should be a resounding “Yes.”

Know the prerequisites you need in order to be a valid investor

Make sure you can actually participate in this token launch. Do you need to live in a certain country? Register ahead of time? Many token launches will restrict U.S. buyers from participating, and now the Chinese government has banned token launches entirely. It’s important to make sure you’re operating within the law and within the rules of the token sale.

Find out how you will pay for the token, and how tokens will be distributed

What is the mechanism of the token launch? Some are straight sales, some are more exotic, like reverse dutch auctions, and some take other forms. On the day of the sale, what needs to happen for the token to change hands?

Watch out for Red Flags

The Ethereum space is exciting and full of opportunities, but there are scammers and phishers of all sorts looking to take advantage of people’s trust. It’s essential that you protect yourself while participating in token launches.

When trying to give your money to someone, make sure it’s who you intend.

A few best practices to staying safe:

Never share your private key

Never paste your private key anywhere beyond your primary wallet application like Metamask or MyEtherWallet. If you’re using a web-based wallet, keep it bookmarked, and only ever manage it through your bookmark. Phishers can look just like legitimate support staff, but commonly direct people to fake sites to steal their secrets.

Treat your private key like your confidential identity information (like your SSN). It gives total control over your account and its funds — if someone is asking for it, there is likely something phishy happening. If someone claims they will give you benefits in exchange for your private key — it’s a scam! Keep an extra eye out for websites that have similar URLs to your trusted platforms, but have a minor difference that may lead you to a scam site built to imitate the site you’re expecting.

Always do a deep read of the whitepaper, check out the source code

A legitimate Ethereum project will have a complete, detailed white paper explaining the value proposition of the project and the utility of their token in its ecosystem. You should read this when you’re doing your due diligence. If there isn’t a white paper, it’s likely that the token is a scam. Even if there is a white paper, it doesn’t mean the project is legitimate; make sure you read the white paper and evaluate if it provides details that back up the claims in the website and marketing. Keep an eye out for the project’s tech development on Github, to make sure it’s more than just a catchy name and a shiny website. Even if you can’t read code, a healthy developer presence on Github and elsewhere is a sign of a more legitimate project.

Listen to the community

The Ethereum community usually forms a solid opinion of a token launch before it happens. Check on r/ethereum, r/ethtrader, r/cryptocurrency, and the Ethereum Gitter Channel to see what people are saying about the launch. Find some informed voices from the community whose integrity and knowledge you trust, and follow them on social media.

Before the Launch: Be Prepared

Participating in a popular token launch is sort of like buying concert tickets that you think might sell out fast: you don’t want to forget your Ticketmaster login or have to update your credit card info at the last second. But with token launches, there is the added threat of phishing, so it’s even more important to make sure you know the details ahead of time.

Before the launch:

Set up your accounts ahead of time.

Find out what you need to use to interact with the token sale, whether it’s MetaMask, MyEtherWallet, or another kind of wallet or browser. Set up your account before the token sale so that you’re ready to go.

Back up your account

Make sure you back up your seed phrase for MetaMask or any other account backups for other types of wallets. Double check that it’s going to the right address for your account. Write it down; your hard drive could always crash. You can’t be too safe when you’re backing up your account!

Get the address

Projects will usually release the address of the token sale ahead of time; make sure you get it beforehand from a reliable source, and compare that to the address on the day of the sale. Sometimes, phishers will give you the wrong address, so read and re-read it! In one case phishers were even able to gain control of a project’s website and post the wrong address there. Another way to check that the address is correct is to use a block explorer like EtherScan to review the contract’s source code and make sure it does what you expect.

What to Expect on Launch Day

There are some precautions you should take to stay safe and increase your chances of obtaining your tokens when the launch commences and you begin your participation.

When submitting your transaction:

Triple-check the address

It’s easy to input the wrong address when you’re sending your ETH; and as we’ve mentioned, there are phishers out there who will try to bamboozle you with the wrong address. Check the address you’ve input against the address you got from the project before the token launch, and again against their website. Make sure you’re on the correct, legitimate site when you do so. Be careful with projects that only release the address when the sale opens, because you have no way to verify that it is correct.

Up the gas price by a few GWei

When you’re submitting a transaction on Ethereum, the suggested gas price is usually sufficient; but during a high-traffic period during which there is a backlog of transactions, you can skip to the front of the line if you offer a higher gas price. This may increase your chances of processing a time-sensitive transaction. You can see if the blockchain has a backlog on the Etherscan pending transaction page, and you can see a lot of stats about current gas prices on EthGasStation. You can read more about gas and how it works in this article.

Be patient

Your transactions could take a few seconds to a few hours, and in some cases even a few days to process. This just depends on the current transaction backlog. A big token launch with a limited time opportunity can create a huge backlog, that has sometimes lasted days. You can always check on EtherScan to see how your transaction is doing. If it’s been more than 24 hours, it’s likely the transaction has failed, but you should definitely check to see.

Know that you may not get any tokens

When you’re participating in a token sale, especially a popular one, you aren’t guaranteed to get a token. Even if you’re one of the first people to submit, and you’ve done everything right, sometimes the transactions are simply processed in an order unfavorable to you. This isn’t something that MetaMask or any other wallet provider can control. Only miners have control over the order that transactions are processed. Don’t worry, if that is the case, your ETH will be returned to your wallet, minus the transaction fee (presuming the sale itself was secure and valid).

After the Sale

You now have some tokens, whatever that means!

Congratulations, you’ve purchased some tokens! After the sale takes place, and assuming you’ve successfully purchased a token in a legitimate sale:

You can view your token balances in MetaMask in the Token tab (see this guide for details).

You can send tokens from your MetaMask accounts using the token send page from MyEtherWallet.com following this guide.

How We Can Help

At MetaMask, we do everything we can to ensure our users safety and security Unfortunately, if your Ether is depleted from your wallet, we can’t reverse those transactions.

However, there are many things we can help you with. If you have any problems using MetaMask or getting set up, check out our Support Page, and if you can’t find an answer there, open a ticket with us.

The Ethereum token ecosystem is a strange and exciting place; now that you are equipped with a few best practices to protect yourself, hopefully you can get involved more safely, and stay better informed!

Like this piece? Sign up here for the ConsenSys weekly newsletter.

DISCLAIMER: The views expressed by the author above do not necessarily represent the views of Consensys AG. ConsenSys is a decentralized community with ConsenSys Media being a platform for members to freely express their diverse ideas and perspectives. To learn more about ConsenSys and Ethereum,please visit our website.