Scam detection guide

How to Check if Crypto is a Scam (Step-by-Step)

Bottom line: crypto scams usually leave evidence before they collapse. Check the team, token contract, liquidity, wallet behavior, promises, and external reports before investing; a clean website is not proof of safety.

Quick answer

First checks	Team identity, contract permissions, liquidity, wallet history, social proof, and blacklist reports.
High-risk signs	Guaranteed returns, locked withdrawals, anonymous operators, copycat branding, and pressure to act fast.
Best first tools	Use the token risk checker and address risk checker before buying or sending funds.
Last updated	June 2026.

~8 min read · Updated June 2026

1. Quick Answer
2. The 8 Red Flags Checklist
3. Common Scam Types
4. How to Verify a Project
5. Common Mistakes to Avoid

1. Quick Answer

Most crypto scams follow repeatable patterns. You do not need to predict every scheme; you need a checklist that catches the common ones before you connect a wallet or send funds.

If a project shows multiple red flags, stop. Use a risk checker, inspect the contract and team, and verify the project on a block explorer before you proceed.

2. The 8 Red Flags Checklist

One or two red flags may just mean more research is needed. Three or more usually means the project is not worth the risk.

Guaranteed high returns

Impossible APY promises are the clearest scam signal.

Unsolicited contact

Cold DMs, emails, and surprise airdrops are usually bait.

Fake or clone websites

A one-character URL change is enough to steal credentials.

Pressure to act fast

Urgency is a manipulation tool, not a feature.

Unaudited contracts

Unknown code plus no audit is unquantified risk.

Anonymous team

No verifiable founders means no accountability.

Insider-heavy tokenomics

Large insider holdings can dump liquidity on retail buyers.

No transparent on-chain activity

Legitimate projects leave a traceable on-chain footprint.

Run any suspicious address through the risk checker

Check the contract address and deployer wallet for blacklist hits, behavior signals, and data coverage before you connect your wallet.

Check Token Contract → Check EVM Address → Compare Two Tokens → Check TRON Address →

3. How to Verify a Crypto Project

Use four checks together: contract, chain activity, team, and addresses. One check alone is not enough.

Step 1: Verify the smart contract

Find the contract from the project website, then confirm it is open source and audited.

Step 2: Check activity on a block explorer

Look for real transactions, holders, and liquidity that match the project claims. See our blacklist guide for why data can lag behind new threats.

Step 3: Verify the team and community

Look for public founders, a real track record, and a community that existed before the marketing push.

Step 4: Run addresses through a risk checker

Check the contract, deployer, and treasury wallets with a multi-source checker. If you only need to verify one wallet, use our address safety guide.

Stop manually checking

The Token Risk Checker automates the first pass for token contracts, while the Address Risk Checker remains useful for the deployer wallet.

Check Token Contract → Check EVM Address → Compare Two Tokens → Check TRON Address →

4. Common Mistakes

Do not trust polished design, follower counts, or crowd hype. Always check the block explorer, and treat low data coverage as uncertainty, not reassurance. If the risk you are managing is leverage rather than a project scam, use our liquidation price guide.

Frequently Asked Questions

How can I tell if a crypto project is a scam?

Most scams follow detectable patterns. The eight red flags covered in this guide — guaranteed returns, unsolicited contact, clone websites, urgency pressure, unaudited contracts, anonymous teams, unfair tokenomics, and no verifiable on-chain activity — catch the majority of fraudulent projects before you invest. No single check is foolproof, but running through all eight takes under two minutes and surfaces the most common indicators.

What is the most reliable way to check if a crypto project is legitimate?

The most reliable approach combines multiple checks: verify the smart contract is open source and has a recent audit from a reputable firm, confirm the team is publicly identifiable with a verifiable track record, check on-chain activity on a block explorer to confirm the protocol actually functions, search community channels for reported incidents, and run all contract and wallet addresses through a multi-source risk checker.

Can I check if a smart contract has been audited?

Yes. Most reputable audit firms — Trail of Bits, Consensys Diligence, OpenZeppelin, Runtime Verification — publish their audit reports publicly. Check the project website for an audit badge and verify it links to a real report from one of these firms. A project that claims to be audited but provides no report or links to an unknown firm is a red flag.

How do I check if a crypto address or contract is on a blacklist?

Search the address in community scam databases like EtherScamDB, the ethereum-lists repository, or ScamSniffer. For a faster multi-source check, use a risk checker that cross-references multiple blacklists and security APIs simultaneously. Run both the contract address and the deployer wallet address through a checker before interacting with any DeFi protocol.

Why do crypto scams almost always promise guaranteed returns?

Guaranteed high returns exploit a fundamental truth: if an investment genuinely offered 10-100% monthly returns, the market would arbitrage the opportunity away almost immediately. Scammers use impossible yield promises because they work — the desire for easy money overrides rational risk assessment. Legitimate DeFi protocols offer variable, market-determined yields that fluctuate with supply and demand.

← Back to Security Guide Hub