Billions of dollars are lost every years to scams. We’ve seen the same stories time and time again from celebrity-endorsed tokens to the most legitimate-looking projects that end up pulling the rug out from under you. That being said, there are certain basic checks that most of them do not pass. Here is how to check if a crypto project is a scam.
None of this is financial advice. It is a checklist.
Although this might seem simple, it’s one of the most important and overlooked steps. Who is actually building this, and can you prove they exist outside the project's own marketing?
Real projects have real people attached. Their LinkedIn profiles go back years before the token launch, talks show up on conference schedules, their GitHub accounts have commit history. Their old jobs and companies are easy to check through sources the project does not control.
Scams have fake founders. The patterns repeat.
Anonymous teams are not automatically scams. Bitcoin was launched anonymously, but anonymity raises warning signs for everything else. The code, the track record, the on-chain behavior all need to be much stronger when there is no named person to hold accountable.
Take the three names most featured on the project website, search each one in Google. You can either add “crypto scam” or with the year they claim they started the project, and check whether any non-project source mentions them. If you cannot find proof any of them existed before the token launched, that is a red flag. Usually forums like Reddit are a great place to ask, or you can go to resources like the FTC's page on spotting crypto scams.
Every token that is not a pure scam has a smart contract you can inspect. Occasionally, hot wallets, like Metamask, may flag smart contracts that might be suspicious. Always read permissions when interacting with unknown tokens. On the other hand, you can always resort to blockchain explorers. For Ethereum-based tokens, Etherscan shows the contract code, the verified source, and any dangerous functions. For Solana, it is Solscan. For most other blockchains, an equivalent explorer exists.
There are two functions matter even if you never read a line of Solidity.
A mint function that the contract owner can call. This lets whoever holds that permission make unlimited new tokens whenever they want. The moment the supply is inflated, the price collapses. Real fixed-supply tokens do not have this. If you see a mint function the owner can call, the scarcity of the token is at that owner's discretion.
A blacklist or freeze function. This lets the owner block specific wallets from selling. The scam pattern. People buy, the price climbs, everyone tries to sell, the contract owner freezes everyone except themselves. The owner sells into whatever liquidity is left, and the token goes to zero with most holders stuck. This is called a honeypot, and it shows up in almost every rug-pull post-mortem.
Tools like TokenSniffer and Honeypot.is automate the scan and flag the common versions of these patterns. They are not perfect, but they catch the obvious cases in seconds, and the obvious cases are most of what shows up in group chats each week. Chainalysis publishes yearly reports that back up how often these patterns repeat.
Two quick checks on liquidity and token distribution can catch another big group of scams.
Check whether liquidity is locked. On most decentralized exchanges, adding liquidity to a trading pool is what makes the token sellable. If the project's team can pull that liquidity at any time, they can, and scams reliably do. Legitimate projects lock their liquidity tokens through a time-lock contract, and the lock is checkable on-chain. No lock, or a very short lock, means the floor under the token can be pulled the day the team decides to.
Check the top wallets. Every block explorer shows the addresses holding the most of any token. If one or two wallets hold 40% or more of the supply, the price is a decision those holders get to make. When they sell, everyone else eats the drop. Real projects usually have more spread-out holdings, or at least a clear explanation (with on-chain proof) of which large wallets are locked treasury addresses and which are ones the founders can dump from tomorrow.
This is the same principle that makes self custody worth doing in the first place. The power is in who controls what, not in what anyone claims.
Open the project's Telegram, Discord, or X community and read for ten minutes without posting anything.
Real projects have questions being asked and answered, technical discussions, criticism that does not get deleted, and admins who say we do not know or that is a known issue when it is warranted. The community should feel normal, like with jokes that do not feel forced and conversations with normal people who care about the same thing.
Scam communities sound often like infomercials. Every message is hype, price-based questions are answered with “to the moon”, questions about the team, the contract, the liquidity lock, or the distribution get deflected, redirected, or the person asking gets muted. Consider it a red flag if admins push the next catalyst hard or if real concerns get labeled as FUD and the people raising them get banned.
The five-minute test. Ask a reasonable, polite question about the smart contract (something like is the liquidity time-locked, and for how long) and watch what happens. In a real project, someone answers or points you to docs. In a scam, you get muted inside a minute.
None of these four checks are expensive, nor do they need special skills. Running all four takes under five minutes, and the project either passes them or it does not. The single most protective habit in crypto doing your own research. If something has already gone wrong, the FBI's IC3 complaint center is where to report a scam.
Filtering scams is half the job but keeping the coins you do hold safe is the other half. A five-minute scam check stops you from sending money into bad projects, but it does nothing for the browser wallet you still have to sign transactions from every day.
That signing step is where most drains actually happen. Every signature on a connected browser wallet is one the next fake site could target. Ryder One moves signing from the browser to an offline and physical device you hold in your hand. Even a perfect phishing page cannot drain a wallet it cannot reach.
Pair the scam check above with a hardware wallet, and the two biggest sources of crypto losses, fake projects and drained wallets, will stop being your problem. Start with Ryder One.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: