Use this checklist to evaluate any crypto opportunity, message, or platform. If you check “yes” for any red flag, stop and walk away.
The Golden Rules
- If someone contacts you first about crypto, it’s a scam — 99% of the time
- If it sounds too good to be true, it is — Guaranteed returns don’t exist
- There are no free airdrops that need your wallet connection — Never “verify” by signing
- No legitimate support agent asks for your password, 2FA, or seed phrase
- If you’re being pressured to act fast, it’s a scam — Scammers create urgency
Platform Red Flags
| Check | Red Flag |
|---|---|
| URL | Domain slightly misspelled (co1nbase.com) or registered last week |
| Team | Anonymous, stock photos, or no verifiable history |
| Audit | No audit or audit by unknown firm |
| Whitepaper | Buzzwords, no substance, or copied from other projects |
| Social media | New account, bots, or disabled comments |
| Company registration | Can’t find on business registry |
Investment Red Flags
| Check | Red Flag |
|---|---|
| Returns | ”Guaranteed” profits, daily returns %, 100x promises |
| Lockup | Can’t withdraw for months without massive penalty |
| Referrals | Paid for recruiting others (pyramid structure) |
| Sales tactics | Countdown timers, “limited slots,” pressure to deposit more |
| Platform | Not on CoinMarketCap’s top 100 exchanges |
Communication Red Flags
| Check | Red Flag |
|---|---|
| Channel | DM on Telegram, WhatsApp, Instagram, or Twitter |
| Identity | Won’t do video call, uses stolen photos |
| Speed | Wants to move fast, too busy for verification |
| Requests | Asks for crypto, wallet connection, or personal info |
| Verification | Wants you to “verify” by sending crypto or signing |
Personal Security Checklist
- Hardware wallet for >$1,000 holdings
- 2FA with authenticator app (not SMS)
- Unique passwords for every account (use a password manager)
- Seed phrase stored offline (paper, fireproof safe)
- Email account secured with its own 2FA
- Wallet address book with whitelisted addresses only
- Burner wallet for DeFi and NFT interactions
- Wallet approval checker (Revoke.cash) checked monthly
- Crypto-specific email not used for social media
- Test transactions with $1 before large amounts
Transaction Safety Checklist
Before every transaction:
- Is the receiving address exactly right? (check first 4 and last 4 characters)
- Is the network correct? (Ethereum, Solana, Polygon — match the receiver)
- Is the amount correct? (double-check decimals)
- Did I send a test transaction first?
- Do I understand what I’m signing? (MetaMask warnings in RED)
What to Do If You’re Scammed
- Stop communication — Don’t pay more fees, don’t engage
- Move remaining funds to a new wallet
- Report the scam — Exchange, blockchain explorer, local police, IC3
- Revoke all approvals — Revoke.cash
- Warn others — Post on BitcoinTalk, Reddit, Twitter
- Accept the loss — Recovery is rare; focus on prevention next time
The 24-Hour Rule
Before any crypto decision, wait 24 hours. Sleep on it. Talk to someone about it. If it’s still a good idea tomorrow, proceed. Scammers rely on urgency and FOMO. The 24-hour rule kills both.
Verdict
Print this checklist. Share it with every friend new to crypto. The most expensive crypto lesson is learned after losing money. The cheapest is learned by reading this list.
Related: How to Spot a Crypto Scam Complete Guide | How to Create a Strong Security Plan | Common Phishing Attacks