Key takeaways

  • Start by evaluating the project’s website, white paper and roadmap. A professional website and clear, realistic goals often indicate legitimacy, while vague or overpromising statements are red flags.
  • Legitimate projects have public, verifiable team members with relevant experience. Be cautious of anonymous teams or unverified partnerships.
  • Active, genuine engagement on social media and forums signals credibility. Also, token distribution should not be highly concentrated among a few wallets to avoid manipulation risk.
  • Look for smart contract audits by reputable firms and KYC/AML compliance. Projects lacking these security measures may pose significant risks.

The cryptocurrency space, with its rapid growth, offers exciting investment opportunities. However, it has also seen a rise in fraudulent tokens and scams, making due diligence essential for investors. 

In the first half of 2024, cryptocurrency fraud resulted in losses of $679 million, as reported by the Federal Trade Commission (FTC). Investment scams were the most prevalent, making up 46% of all crypto-related fraud cases. According to the Chainalysis 2024 Crypto Crime Mid-Year Update, pig butchering scams have emerged as the most lucrative form of fraud this year, with cybercriminals increasingly moving away from elaborate Ponzi schemes in favor of more targeted and personalized campaigns like pig butchering.

This scenario necessitates assessing a token’s authenticity and security, which requires a methodical, systematic process. 

This guide offers a comprehensive explanation of the essential processes, resources and methods to determine if a token you are considering investing in is authentic.

Why verifying token legitimacy matters

Investing in illegitimate tokens can lead to significant financial losses and erode trust in the cryptocurrency ecosystem. Scams like the Bitconnect Ponzi scheme and the Squid Game Token rug pull have defrauded investors of millions of dollars. 

By conducting thorough due diligence, you can protect yourself from such fraudulent activities and contribute to a healthier crypto market.

Here is a quick checklist for verifying token legitimacy:

Checklist for verifying token legitimacy

Step 1: Research the project

A transparent team, thorough information and a defined goal are all components of an established project. This step is fundamental to understanding a token’s background and vision.

Website check

  • Professionalism and design: A well-designed website with structured, clearly written material is usually indicative of a genuine project. Look for a layout that is easy to use, professional-looking branding and high-quality graphics. For instance, if you visit the Ethereum project’s website, you find extensive information about its technology and use cases, signaling that it’s a genuine one.
  • Domain verification: Verify the domain registration date and owner information using resources such as WHOIS. Scam projects often use newly registered domains with hidden owner information. The OneCoin scam, for instance, had a domain registered privately, raising early red flags.

White paper review

  • Quality and clarity: A white paper is the foundational document for any crypto project, outlining its purpose, goals and technology. The Bitcoin white paper is a good example of a comprehensive and technically detailed document.
  • Use case and roadmap: Seek out a use case that is realistically defined and a roadmap that details the project’s long-term goals. For instance, Cardano offers information on a series of upgrades (called eras) in its roadmap. Avoid projects with vague or unrealistic promises.

Did you know? In 2020, law enforcement cracked down on the PlusToken scam, one of the largest crypto Ponzi schemes ever, recovering over $4.2 billion worth of assets stolen from investors in Asia.

Step 2: Investigate the team

When evaluating a token’s legitimacy, the credibility of the development team is essential. Real initiatives are open and honest about the backgrounds and identities of their team members.

Team background

  • LinkedIn and other profiles: Check team members’ LinkedIn profiles to confirm their stated industry ties and experience. The Squid Game Token lacked identifiable team members, which was a significant indicator of its fraudulent nature.

Advisers and partnerships

  • Research advisers: Check the identities and credibility of any advisers the initiative claims to have. Advisers ought to be reputable professionals with proven track records. 
  • Authentic partnerships: Verify any claimed advisers or partnerships. Legitimate associations are often announced on both parties’ official channels. So, if a token claims a partnership with Microsoft but there’s no mention on Microsoft’s official channels, this is a red flag.

Step 3: Analyze community engagement

A vibrant, involved community frequently indicates the authenticity and durability of a project. You can learn more about how the public views the project by conducting a community assessment.

Social media presence 

  • Platforms: Look for active engagement on platforms such as X, Discord, Reddit and Telegram. Regular updates, receptive moderators and constructive debates are hallmarks of a healthy project.
  • Engagement quality: Look beyond follower counts. Genuine projects have meaningful interactions, not just promotional content. Sudden spikes in followers or generic comments may suggest the use of bots.

Community feedback

  • Crypto forums and reviews: Experienced investors and analysts frequently review projects and share their ideas on cryptocurrency forums (like Reddit and Bitcointalk). To obtain a fair assessment of the sentiment of the community, look for both complementary and critical comments.
  • Transparency and responsiveness: Reputable initiatives candidly respond to inquiries and critiques. Avoid projects that delete negative comments or ban users asking critical questions.

Step 4: Check token metrics

Token metrics provide valuable insights into the credibility and stability of a project. Spotting red flags, trading data, distribution and liquidity analysis is crucial.

Market data

  • Volume and liquidity: To examine trading volume, market capitalization and liquidity, use tools such as CoinMarketCap or CoinGecko. Extreme price volatility or little trade volume may indicate manipulation or little interest.
  • Compare key indicators: Examine market capitalization, fully diluted value (FDV), active users, development activity and total value locked (TVL) in comparison to related projects. Market cap indicates confidence but can signal overvaluation if too high. A high FDV indicates possible future inflation, while a low FDV suggests limited token issuance. High active users signal strong adoption, while low active users may suggest limited engagement. Similarly, high development activity indicates ongoing innovation and long-term growth potential, while low development activity raises concerns about sustainability. TVL reveals ecosystem strength, with high TVL showing liquidity and growth, while low TVL signals limited traction.

Token distribution

  • Fair distribution: Ensure tokens aren’t unduly concentrated in the hands of a small number of holders (commonly referred to as “whales”) by assessing the distribution mechanism. Excessive concentration may allow for price manipulation.
  • Team allocation: Exercise caution if the development team or advisers receive a substantial portion of the tokens, especially if there are no vesting schedules in place.

Step 5: Verify security measures

In the realm of cryptocurrency, security is crucial. Reputable projects put security and transparency first by conducting audits and making their smart contract codes available to the public.

Smart contract audit

  • Reputable audits: Check to see if companies like CertiK, Hacken or Quantstamp have audited the token’s smart contracts. Audits demonstrate the team’s dedication to security and assist in identifying weaknesses. For instance, Aave has undergone multiple audits, which are publicly available.
  • Audit reports: Look for warning signs or unsolved problems in any published audit reports. The absence of an audit may indicate possible security threats, particularly for decentralized finance (DeFi) projects.

Bug bounty programs

  • Incentivizing security: To encourage the community to disclose flaws, projects like Ethereum offer bug reward programs. As an additional security measure, see if the project has a running bug bounty program. 

Did you know? In 2021, $600 million was stolen in the Poly Network hack. However, the hacker surprisingly returned all funds, claiming they did it “for fun” and to expose security flaws.

Step 6: Regulatory compliance

Compliance with legal and regulatory standards is increasingly important in the crypto industry. Understanding a project’s legal status aids in determining its risk level and long-term viability.

Legal standing

  • Registration and licensing: Assess the project’s compliance with the laws of the jurisdiction in which it operates. If a project lacks proper registration and licensing, it may face legal risks and regulatory scrutiny, potentially leading to fines or shutdown.
  • KYC/AML compliance: To comply with rules and protect investors, projects with a long-term viability emphasis employ Know Your Customer (KYC) and Anti-Money Laundering (AML) policies. Without KYC/AML compliance, the project could be vulnerable to illegal activities, such as money laundering or fraud, which could harm its reputation, investors and long-term viability.

Regulatory filings

  • Official filings: For projects operating in regulated markets, check filings with bodies like the United States Securities and Exchange Commission. Absence of required filings can result in legal actions, as seen with some initial coin offerings (ICOs) that were deemed illegal securities offerings.

Step 7: Watch for red flags

Common warning indicators are frequently present in fraudulent initiatives. By recognizing these warning signs, you can avoid being a victim of fraud.

Unrealistic promises

  • Guaranteed returns: Projects that promise high returns at low risk or guaranteed profits should be avoided. Such statements are rarely true in the cryptocurrency space and frequently indicate a scam.
  • Aggressive marketing tactics: If a project relies heavily on marketing gimmicks rather than substance, it may lack genuine value.

Anonymous teams

  • Team transparency: Public teams with verified backgrounds typically indicate legitimate projects. The anonymity of the SushiSwap founder initially raised concerns, although the project later proved its legitimacy through community governance and development.
  • Dubious claims and fake endorsements: To give their projects a false sense of credibility, fraudulent projects usually leverage unverified testimonials or false celebrity endorsements. For instance, scammers have falsely used names like Elon Musk’s to promote fraudulent tokens.

Did you know? The infamous Bitconnect Ponzi scheme promised guaranteed returns, attracting thousands of investors before collapsing in 2018, leading to lawsuits and arrests. It remains one of the most high-profile crypto scams to date.

What to do if you’ve been scammed in a token fraud

If you’ve been scammed in a token fraud, follow the below steps to prevent further losses:

Stop transactions and secure accounts

  • Immediately halt any further transactions.
  • Change passwords, enable two-factor authentication (2FA), and transfer remaining assets to a secure wallet.

Report to authorities

  • Local law enforcement: File a report with the police.
  • Regulatory bodies: Contact agencies like the SEC (US), the Financial Conduct Authority (UK) or others in your country.
  • Cybercrime platforms: Report on platforms like Action Fraud (UK), IC3 (US) or Econsumer.gov (international).

Document everything

  • Record transaction details, wallet addresses and amounts.
  • Take screenshots of any communication with the scammers.

Report to blockchain services

  • Flag the fraudulent token’s address on blockchain explorers — e.g., Etherscan, BscScan, etc.
  • Notify your wallet provider — e.g., MetaMask, Trust Wallet, etc.

Alert the community

  • Warn others on social media, Reddit, Bitcointalk, etc.
  • Report the scam to platforms like CoinMarketCap and exchanges.

Consider recovery services and strengthen future security

  • Use reputable recovery firms but research carefully to avoid further scams.
  • Learn from the experience and improve your due diligence and security practices.

Prevention is better than cure

Due diligence is crucial given the increase of frauds and counterfeit tokens in the cryptocurrency space. Assessing the project’s website, team, community involvement, token metrics, security protocols, regulatory compliance and warning signs are all part of the systematic process of confirming the legitimacy of a token. 

By using the right tools and resources to verify key details, you can significantly improve your chances of finding legitimate opportunities and avoid scammers.

Staying alert to red flags and following these simple steps helps you navigate the crypto world more safely. By prioritizing transparency, credibility and security, you’ll have a securer and potentially more rewarding crypto investment experience.