PreSaleCryptoBMIC

safety · 12 min read · last updated 2026-05-15

The crypto presale scam checklist

27 red flags that show up in scam presales — anonymous teams, fake audits, copy-pasted contracts, "guaranteed" returns. Run this list before you wire.

This is the checklist we run on every presale before we cover it. Most projects fail it. The list is long because the playbook keeps mutating — but the underlying patterns repeat.

Score each item. Three or more = walk away. Some items are individually fatal.

Team

  1. No team page. ❌ Fatal.
  2. Team page exists but no LinkedIn or verifiable employment history. Stock-photo headshots are a giveaway.
  3. Founder LinkedIns created in the last 90 days. Reverse-image-search the photos.
  4. Founder claims to be ex-Google / ex-Goldman / ex-anything but no public talk, paper, or commit history backs it up.
  5. Founder’s prior project is a rug pull. Search their handle on rugpullfinder, rekt.news, or Etherscan for prior dead contracts.

Documents

  1. No whitepaper. ❌ Fatal.
  2. Whitepaper is 8 pages with one architecture diagram and 7 pages of marketing. A real whitepaper has math, references, and a clear failure-mode discussion.
  3. Whitepaper plagiarism — entire sections copy-pasted from another project’s paper. Run a few paragraphs through Google.
  4. No tokenomics page or tokenomics that doesn’t add to 100%.
  5. No unlock schedule, or “to be announced” unlock schedule. ❌ Fatal.

Smart contract

  1. No audit. ❌ Near-fatal.
  2. Audit by a firm you’ve never heard of, with no website or LinkedIn. Common pattern in 2025: “audits” by sock-puppet firms.
  3. Audit report is a PDF with no firm logo or contact details. Ask the audit firm directly via their public email — silence means it’s fake.
  4. Audit covers a contract version different from the deployed contract. Compare the commit hash in the audit to Etherscan’s source.
  5. Contract has a mint() function callable by the owner. This means the team can print tokens at will. Fatal unless time-locked.
  6. Contract has a pause() or blacklist() function. Means the team can stop you selling.
  7. Contract is a proxy with an upgradable implementation, no time-lock. Means the team can change the code after you’ve bought.
  8. Liquidity is not locked, or locked for less than 6 months.

Marketing

  1. “Guaranteed returns” or “X100” language anywhere. ❌ Fatal — also a securities-law violation in most jurisdictions.
  2. Influencer-heavy marketing with paid posts not disclosed. Search the influencer’s posts for the FTC-required disclosure.
  3. Telegram and Discord are flooded with shill bots posting “wen moon” 24/7. Real communities have arguments.
  4. Mods aggressively delete critical questions. Test it — ask one critical question politely; see what happens.
  5. The project’s roadmap doesn’t include the word “audit” or “security”.

Mechanics

  1. 0/0 vesting on retail + long vesting on insiders. Asymmetric — insiders structurally exit on top of retail.
  2. TGE FDV more than 5x the private-round FDV. Retail is being asked to subsidize the entire VC pricing curve.
  3. Liquidity-to-FDV ratio under 2%. A single $50K sell can crash the price 30%+.

Process

  1. Pressure to commit “before tier ends in 4 hours”. Real fundraisers have process; scams have urgency.

How to actually verify the audit

This is where most retail loses. Step by step:

  1. Find the audit report PDF on the project’s website.
  2. Note the audit firm name. Google it.
  3. The audit firm’s website should have a portfolio page listing the projects they’ve audited. Find this presale on it.
  4. The audit report should include a Git commit hash of the contract version they audited.
  5. On Etherscan, find the deployed contract. Click “Contract” tab → the verified source should match.
  6. If you can read Solidity, scan for the privileged functions in §15-17.

If the audit firm doesn’t have a portfolio page, isn’t on the project’s site, or isn’t reachable by email — the audit is decorative. Treat it as if there were none.

How to verify the team

  1. Reverse-image-search every team headshot. Stock photos are a fatal flag.
  2. For each name, find a LinkedIn profile created more than 1 year ago, with mutual connections you can verify.
  3. Search the founder’s name on conference speaker lists, GitHub, X, Medium. Real builders leave a public trail going back years.
  4. If the team claims to be in San Francisco / London / Singapore, look at company-registry filings — incorporation should match.
  5. Email the founder cold from a clean email. If they don’t respond within a few days, they likely don’t exist.

What we do when we run the checklist

For our presale teardowns we run this list and score the project 1-10. We publish the score and the specific items that failed. We tell you what we couldn’t verify (e.g. “audit firm did not respond to email”). We don’t tell you to buy or not.

After the presale: don’t get phished

Even a clean presale ends in a vulnerable claim window. The single biggest source of post-presale loss is phishing — fake “claim now” emails sent the morning of TGE.

Rules:

  • The real claim URL is the one on the project’s original domain. Bookmark it before TGE.
  • If you receive a “claim now” email, navigate to the bookmarked URL — never click the email link.
  • Use a separate wallet for claiming, not your main holdings wallet.
  • Once claimed, move tokens to a wallet you control. Cold storage if you’re holding through unlock cycles.

The honest summary

Most presales are not outright scams — most are just structurally bad deals for retail. The scams hide among them. This checklist is how you separate them.

Three or more flags = walk away.

Wallet shortlist for this topic: see our wallet reviews

FAQ

How many of these red flags is "too many"?
One is a yellow flag, two means slow down, three or more means walk away. Some red flags (anonymous team + no audit) are individually disqualifying.
Are all anonymous teams scams?
No — Bitcoin's founder is anonymous. But anonymity raises the burden of proof. Without team identity, the audit firm and the contract are doing all the work. Most anonymous teams cannot meet that bar.
What's the most common scam pattern in 2025-2026?
The "abandoned audit" — a real audit firm signed off on version 1 of the contract, but the deployed contract is version 2 with a privileged `mint()` function added after the audit. Always compare the audit report's commit hash to the deployed bytecode.

Sources

Research, not advice. This article is editorial. We are not your financial adviser. Crypto presales can lose 100% of capital.