Before investing in any crypto project, run it through this verification framework. A scam will fail multiple checks. A legitimate project will pass most of them.
Step 1: Verify the Team (10 minutes)
Goal: Confirm the team members are real people with verifiable identities.
What to check:
- LinkedIn profiles with history
- Previous crypto projects (successful or failed, but real)
- GitHub accounts with substantial code contributions
- Public appearances (conference talks, podcasts, YouTube interviews)
- Real names, not pseudonyms
Fake teams often:
- Use stock photos (check with Google Image Search)
- Have managers with no LinkedIn presence
- List “advisors” who don’t know they’re advising
Step 2: Check the Code (15 minutes)
Goal: Verify the project has real, functioning code.
What to check:
- GitHub organization with repositories
- Code commits from multiple developers over months
- Smart contract verified on the blockchain explorer
- Testnet or mainnet deployment
Warning signs:
- Private repository (can’t see the code)
- GitHub created last week with 2 commits
- Copied code from another project
- No smart contract address
Step 3: Verify the Audit (10 minutes)
Goal: Confirm the security audit exists and is legitimate.
What to check:
- Find the audit report on the auditor’s website (not the project’s site)
- Verify the contract address in the audit matches the deployed contract
- Check for “critical” findings that were not resolved
- Check the audit date (is it recent?)
Audit red flags:
- “Audit” by an unknown firm with no track record
- Audit report only on the project’s website (can be faked)
- No audit at all
- Audit was 18+ months ago with no follow-up
Step 4: Analyze Tokenomics (15 minutes)
Goal: Understand who holds the tokens and whether the distribution is fair.
Use: Bubblemaps, DexScreener, RugCheck, TokenSniffer
What to check:
- Holder distribution — Top 10 wallets should hold <30% of supply
- Liquidity lock — LP tokens should be locked for 6+ months
- Team allocation — Should be <20% with vesting over 12+ months
- Mint function — Can new tokens be created at any time?
- Tax mechanism — Buy/sell tax over 5% is a red flag
Step 5: Investigate the Community (10 minutes)
Goal: Determine if the community is organic or filled with bots.
What to check:
- Twitter account age (>6 months)
- Telegram/Discord member count vs. real engagement
- Are questions answered honestly, or are questions deleted?
- Is there real debate and criticism allowed?
Bot-filled communities:
- 50,000 Telegram members but 50 active speakers
- All positive messages, no criticism
- Bots like “price prediction” and “daily rewards” spam
Step 6: Check Listings (5 minutes)
Goal: Verify the project is tracked by reputable sources.
What to check:
- CoinGecko or CoinMarketCap listing (some vetting required)
- Listed on DEX aggregators (Jupiter, 1inch) or major exchanges
- Available on reputable tracking sites
Warning signs:
- Not listed on any major tracking site
- “Listed” on unknown exchange with no volume
- Volume of $10 but market cap of $10M
Quick Scam Score
| Check | Pass | Fail |
|---|---|---|
| Team with real identities | +3 | -3 |
| Public code on GitHub | +2 | -2 |
| Audit by top firm | +2 | -1 |
| Liquidity locked | +2 | -2 |
| No mint function | +1 | -2 |
| Organic community | +1 | -1 |
| Listed on CoinGecko | +1 | -1 |
| Top 10 holders <30% | +2 | -2 |
| Team tokens vested | +2 | -2 |
| Total | 16 | -16 |
Score interpretation:
- 10-16: Likely legitimate — proceed with standard risk management
- 5-9: Caution — high risk, small position only
- 0-4: Very high risk — avoid
- Negative: Almost certainly a scam
Verdict
This framework takes 60-90 minutes for a thorough check. If a project can’t pass basic checks on team, code, audit, tokenomics, and community, it’s not worth your money. The 90 minutes you spend verifying could save you thousands.
Related: How to Research a Crypto Project Before Investing | Rug Pulls Explained | Fake ICO and Presale Scams