Crypto Scam Red Flags Checklist

Crypto scams come in hundreds of variants—some are obvious, others sophisticated. The common thread: they're all preventable through observation of red flags. A red flag is a warning sign that something is wrong. Learn to spot them, and you'll avoid the vast majority of losses.

This checklist is structured by category. The more red flags present, the higher the risk. A project with one red flag might still be legitimate; one with multiple red flags across categories is almost certainly a scam.

Team and Leadership Red Flags

Anonymous Founders Without Legitimate Reason Most legitimate projects have identified founding teams. Anonymity is sometimes justified (privacy concerns in jurisdictions with hostile governments, security risks to founders). But anonymity without explanation is suspicious, especially in traditional DeFi protocols where founders have no privacy rationale. See Due Diligence Framework for how to properly vet teams.

Unverifiable Credentials Verify everything. If a founder claims to be a "blockchain pioneer" or "successful serial entrepreneur," check it. Search LinkedIn, GitHub, Twitter, and news archives. If you cannot independently verify claims, they don't exist.

Team Members Who Suddenly Leave Watch for departures, especially silent ones. If a core team member's profile disappears from the website or Twitter, ask why. Voluntary departures are normal in startups, but sudden disappearances from social media can indicate someone distancing themselves before a collapse.

No Previous Successful Projects First-time founders sometimes create successful projects, but founders with track records are lower risk. If everyone on the team is a first-timer with no shipping history, acknowledge the additional risk.

Conflicting or Changing Narratives Listen to what the team says. If the pitch changes repeatedly—first it's a currency, then it's a utility, then it's a governance token—the team is likely making it up as they go or pivoting desperately. Consistent narratives come from clear thinking.

Fake or Fabricated Credentials Search founder names plus "founder," "CEO," "blockchain." Check LinkedIn directly (not linked from their website). Does the profile match the claims? Have they worked at the stated companies? Fake credentials are surprisingly common.

Team Concentration in One Geography While not a scam indicator, this represents risk. If the entire team is in a single city or country with weak rule of law, regulatory risk is high. If they're in multiple countries, that's lower risk.

Tokenomics Red Flags

Founders Hold >50% of Tokens If the founding team controls the majority of tokens, they control the entire project. Sell pressure from token unlocks could devastate price. Healthy projects have more balanced distributions.

Large Token Unlocks Coming Soon Check vesting schedules. If 50% of tokens unlock in six months and the team holds most of them, expect heavy selling pressure. Use tools like Messari or Token Terminal to see unlock schedules.

No Vesting Schedule Published Lack of transparency about when tokens unlock is suspicious. Legitimate projects publish detailed schedules so investors can model price impact.

Misleading Claims About Scarcity "Only 1 million coins will ever exist" sounds scarce until you learn there are also "100 million tokens" with different names. Or the team claims scarcity but then upgrades the contract to mint more. This happened repeatedly in 2021.

Extreme Inflation Rate If the protocol mints 1,000% new tokens annually, the system will struggle to maintain value. Compare inflation rates across similar projects. If your project's rate is 10x higher than competitors, ask why.

Fully Diluted Valuation That Defies Logic Calculate FDV: multiply current price by total tokens (including locked). If a project has FDV of $500 billion but generates $10 million in annual revenue, it's absurdly overvalued. Compare FDV to total addressable market size.

Allocation Favors Insiders Over Community Look at token distribution. If the founding team and early investors get 70% and the community gets 5%, the project is building wealth for insiders, not creating value.

Constant Supply Changes Contracts that were modified to mint or burn tokens after launch raise suspicion. Did the team publish reasons and community approval? Or did they unilaterally change supply?

Technology Red Flags

No Audit or Audit from Unknown Firm Lack of professional security review is concerning for smart contracts managing significant assets. Unknown auditing firms may lack expertise or integrity. See Auditing Smart Contracts for Safety for how to evaluate audit quality.

Audit Report with Critical Issues Unfixed Download the audit report and read it. If critical vulnerabilities exist and weren't fixed before launch, code is live with known bugs.

Plagiarized Whitepaper Copy segments of a project's whitepaper into a plagiarism detector or search Google. Plagiarized content indicates lack of original thinking. Tools like Turnitin can help, but manual searching often finds issues.

Vague or Incoherent Whitepaper A good whitepaper explains the problem, solution, technical implementation, tokenomics, and roadmap clearly. If the whitepaper is vague, uses buzzwords without substance, or avoids explaining technical details, something's wrong.

Code Is Closed Source or Unavailable Legitimate projects publish code on GitHub. Closed-source projects hide their implementation, which prevents security review and auditing. Avoid them.

GitHub Repository Is Dormant Check the project's GitHub. Are developers committing code regularly? If the last commit was six months ago and the project claims to be actively developing, that's a red flag.

Copied Code from Other Projects Some borrowing is normal, but wholesale copying of code from other projects (without proper attribution or modifications for purpose) suggests the team doesn't understand their own protocol. Check GitHub's search for similar code or read Etherscan's code comparison tools.

Smart Contract Can Be Upgraded Arbitrarily Some contracts are upgradeable—the code can be changed by an admin without user consent. If the upgrade mechanism lacks governance, a single admin can drain the contract or change rules. This risk is acceptable only if there are strong governance controls.

No Test Suite or Low Code Coverage Professional projects have extensive tests. If tests don't exist or coverage is <50%, the code is likely buggy. Verified from the GitHub repository.

Community and Adoption Red Flags

Fake or Bot Activity Search the project's Discord or Telegram for patterns. Do thousands of new members join daily but never chat? Are comments repetitive—everyone saying identical phrases? Are accounts brand new with no history? These are bot-inflated communities.

Mods Delete All Criticism Join the official community. Ask legitimate questions about risks or weaknesses. If you're immediately banned or your message deleted, the community is hiding problems.

Aggressive Censorship Community leaders who silence critics are either protecting scammers or are scammers. Legitimate projects welcome skeptical questions because good projects can handle scrutiny.

No Organic User Growth Look at on-chain activity. If the token exists but nobody's using the protocol, there's no real adoption. Tools like DeFi Pulse show actual usage metrics.

Influencer Shilling Without Disclosure Watch for pattern: multiple unrelated influencers suddenly promote the same project on the same day. These are paid promotions. Influencers who disclose they're paid to promote are at least being transparent; those who hide compensation are unethical.

Community Pushes for Quick Investments "Buy now or you'll miss out" and "This offer expires soon" are pressure tactics. Legitimate investments have permanent properties. Scams create artificial urgency.

Only Social Media Presence Real projects have substantive content beyond marketing. Check whether there are technical blogs, research articles, or news coverage from independent sources. If social media is the only touchpoint, it's likely hype.

Twitter Followers Purchased Use tools like Twitter Audit to check account health. Sudden follower spikes combined with low engagement suggest purchased followers. A real account has consistent growth and high engagement ratios.

Operational Red Flags

Promises Unrealistic Returns "Guaranteed 100% annual returns" doesn't exist in legitimate finance. If it sounds impossible, it is.

Pressure to Recruit "Earn commissions by bringing friends" is the structure of pyramid schemes. Even if the underlying product is real, this recruitment model is fraudulent.

Lack of Transparency About Funding Real projects disclose where money comes from. If a new token launch claims funding but provides no details about investors or funding amounts, assume they're lying or didn't raise money.

No Roadmap or Vague Roadmap Projects should communicate development plans. Roadmaps don't need to be perfect, but their absence suggests no planning. Roadmaps that are perpetually deferred indicate nothing is being built.

Website Changes Frequently If the website narrative changes every week, the team is improvising. Consistent branding indicates planning.

Cannot Explain How It Works Call the project's support line or ask in their community: how exactly does your protocol make money? How does this token derive value? If no one can give you a coherent answer, it's probably a scam.

No Published Financial Information What's the revenue, if any? How much is in the treasury? Legitimate projects, especially those seeking investment, disclose this. Silence means they're hiding something.

Requires Sending Funds to a Wallet Legitimate projects don't ask you to send funds directly to someone's personal wallet. Use smart contracts that automatically execute transactions. Personal wallets invite theft.

Website or Domain Recently Created Use WHOIS to check domain registration dates. A brand-new domain claiming to be an established project is suspicious. Older domains are lower risk (though not risk-free; domains can be purchased from previous registrants).

Regulatory Red Flags

Explicitly Avoids Discussing Regulatory Status Legitimate projects acknowledge regulatory reality. SEC has stated many tokens are securities. If a project refuses to discuss whether their token is a security, they likely know it is and are breaking laws.

Operates in Multiple Jurisdictions to Avoid Regulation Some jurisdictional flexibility is normal, but projects that specifically operate in "lenient" jurisdictions to avoid regulation are playing legal arbitrage. This suggests they know they're breaking rules in developed markets.

No Privacy or Terms of Service Real platforms have legal documentation. Absence of terms, privacy policy, or user agreements is a red flag.

Faces Legal Challenges Search "[project name] lawsuit" and "[project name] SEC." Legal challenges don't always mean a project is a scam (regulatory overreach is real), but multiple lawsuits suggest trouble.

Banned or Delisted from Exchanges If major exchanges remove a token, there's usually a reason. It could be regulatory pressure or security issues. Check whether the delisting was voluntary or forced.

How to Use This Checklist

Go through this list project by project. For each red flag present, increase your risk assessment. One red flag is a caution. Three red flags across different categories is a warning. Five or more red flags suggests the project is dangerous—don't invest.

Apply this checklist to every project before investing, whether it's a small new token or a major protocol. The checklist takes 30 minutes to work through thoroughly. Thirty minutes of research has saved investors billions of dollars.

This checklist is not exhaustive—new scams evolve, but fundamentals remain. Scammers rely on victims not thinking clearly. By working through this checklist systematically, you think clearly, and thinking clearly prevents financial catastrophe. For context on how to recover if a scam occurs despite precautions, see Recovering From a Crypto Scam.

See Common Crypto Scams, Rug Pulls Explained, Phishing Attacks, Suspicious Tokens, Auditing Smart Contracts for Safety, and Reporting Scams for deeper analysis of specific scam types and prevention.

External Resources:

• SEC Investment Fraud Alerts: https://www.sec.gov/
• FTC Scam Reports and Consumer Advice: https://www.ftc.gov/
• FBI Internet Crime Complaint Center: https://www.ic3.gov/