Cryptocurrency red flags: What to look out for

From the obvious to the inconspicuous, scammers use a range of tricks to entice investors into shady projects

Red warning sign against red LED lights and world map                                 
Some simple checks can save investors from red faces and financial losses – Photo: Shutterstock
                                

Contents

With hundreds of cryptocurrencies being launched yearly and a global crypto market cap of $1.63tn, it has never been harder to cut through the noise to decide where you, the investor, should place your money. Compounding the issue, a lack of regulation and oversight makes for precious little accountability, and little recourse should a bad actor make off with your cash.

Unfortunately, with the constantly growing number of projects comes a growing number of scams. Ronghui Gu, a professor of computer science at Columbia University and co-founder of the reputable smart contract auditor CertiK, told Currency.com: “We’ve seen such a proliferation of rug pulls over the last 12 to 18 months. Hundreds of millions of dollars have been lost to project founders who simply take the money and run.” 

But it is not all bad news. “Spotting a potential rug pull is much easier than trying to predict what the next sophisticated smart contract hack will be,” said Gu.

Keeping a cool head and making certain checks can help to navigate you through this constantly evolving marketplace, where many of the “bargains” are dodgier than anything you might find being sold out of a suitcase on a street corner. With that in mind,  join us as we look at the top ten cryptocurrency red flags that you can easily look out for yourself.

Currency.com, like all other news platforms, is not a financial adviser and should not be considered as one. But instead of simply suggesting that you do your own research, we decided to give you the tools to kickstart your due diligence journey and hunt out those red flags. 

Is the website professional?

One of the easiest red flags to check is the quality of a project’s website.

  • Is it full of spelling mistakes? 
  • Does it look amateurish? 
  • Are the images stock photos? 
  • Does it provide comprehensive terms and conditions, team details, a roadmap, social media links and other typical business information?
  • Is there an up-to-date blog?
  • Is it full of “fluff” (promises of rewards, gains and investor returns)?

Always be sure to paste the URL into who.is. Services such as Namecheap provide domain anonymity, one of the other red flags to consider.

Screenshot of redacted registrar information through Namecheap – Photo: who.is
Namecheap makes it impossible to check a registrar’s information – Photo: who.is

On this note, Chris Hauk, consumer privacy champion at Pixel Privacy, told Currency.com: “Imposter websites are a popular scam. Never click links in emails or text messages, only visit URLs you know are legitimate and bookmark those sites for future visits, to prevent mistyping the URL and possibly visiting a scam site.”

Hauk also suggested that the Google Play Store is a “wild west” compared to Apple’s App Store.

Is the project transparent?

A white paper is one of the most important documents to look for when researching a cryptocurrency project.

Without a white paper, protocol specifics cannot be interrogated, the team vision remains unknown or vague, and a clear execution strategy cannot be determined. While white papers may contain some highly technical information, on the whole they are generally quite easy to read, since they are often tailored to investors.

Dr Raullen Chai, co-founder and head of strategy and blockchain at IoTeX, also believes that a smart contract should have source code attached to it.

“Web3 projects should always be open-source,” said Chai. “Be wary if you cannot find the source code, [which is] usually on the team’s Github page or repository."

Can you see bot activity?

One of the most common ways to create a false sense of enthusiasm regarding a cryptocurrency project is to deploy bots on social media. Thankfully, bot activity is relatively easy to spot.

Obvious signs include repetitious comments that supposedly come from numerous different accounts, overly enthusiastic hype seemingly unrelated to the particular announcement, poor grammar and excessive use of emojis. 

Although bot promotions are most common on Twitter and Telegram, any site with a chat function is prone to bot activity. This includes price trackers such as CoinMarketCap and even blockchain explorers.

Screenshot of bot activity on Bitgert’s Twitter profile – Photo: Twitter
Repeated messages, seen here on Bitgert’s profile, are an indication of bots – Photo: Twitter

The next step is to check whether an unusual number of followers has been amassed over a short period of time. While followers are important, if a recently launched Twitter profile has seemingly managed to recruit tens of thousands of followers in a very short timeframe, there is a good chance many of them are bots. The same logic can be applied to Telegram.

If you’re still unsure, try viewing the profiles of the suspicious commenters. If their Twitter feeds are excessively dedicated to hyping one particular project, it may very well be a bot.

Is the development team anonymous?

Whether or not a development team should make the team members’ identities known is a point of contention in crypto circles. On the one hand, it seems like a no-brainer that a potential investor deserves to know who they are trusting their money with. Others point to Bitcoin as the patron saint of anonymous projects made good.

That argument, however, has flaws. While it is true that the identity of Satoshi Nakatomi has yet to be disclosed, Bitcoin’s core team of contributors and developers is well known. Additionally, all commits executed by Bitcoin Core contributors are made publicly available on bitcoin’s Github repository.

What about shiba inu (SHIB), you ask? While SHIB’s 11-digit market capitalisation took the crypto community by surprise, few if any subsequent tokens could hope to replicate its success.

Ultimately, while a secretive team might not be a clear indicator of malicious intent, or even one of the primary red flags, ask yourself this: if developers are proud of and confident in their product, why would they not want to attach their names to it?

Mark Basa, global brand and business manager at HOKK Finance, said: “As more projects become scammed and the industry evolves, it will become paramount for teams to show their faces and build credibility. People want to know that there are real people running the show and not some teenage hacker living in their parents’ basement.”

On the other hand, IoTex co-founder Chai said: “(It’s) not important in the Web3 world. There are many great anonymous teams in the Web3 space.”

Is the project subject to centralisation?

According to CertiK’s The State of DeFi Security 2021 report, “centralisation issues were the most common attack vector,” resulting in $1.3bn in funds lost across 44 DeFi (decentralised finance) hacks. 

If a handful of wallets hold the majority of a token’s supply, the chances of price manipulation are a lot higher. Checking the amount of value stored in certain wallets is a good way to see how much influence over a token’s price certain holders have, although some basic knowledge of how a blockchain scanner works is required.

To do this, head to the appropriate blockchain scanner, which will likely be either Etherscan for Ethereum-based cryptocurrencies or the Binance Blockchain Explorer for Binance Smart Chain-based cryptocurrencies. Note that some cryptocurrencies live on their own blockchain, and not all explorers provide the requisite data. But it is unlikely for a scam coin to do this, given the comparative ease of launching a token on an existing blockchain.

Purely as an example, let’s have a look at the 10 biggest SHIB holders on Etherscan…

Pie chart of SHIB’s top wallet holders – Photo: etherscan.io
Checking the top wallet destinations is crucial – Photo: etherscan.io


Above, you can see that one address holds over 40% of the supply. But while this may seem alarming at first, looking at the specific address clears things up somewhat.

Below, we can see that this 41% wallet is a “Null Address”. Null addresses are where burned tokens are sent, effectively removing them from circulation. Token burns are a standard aspect of deflationary tokenomics.
 

List of SHIB’s top wallet holders – Photo: etherscan.io
The burned tokens were originally gifted to Ethereum co-founder Vitalik Buterin – Photo: etherscan.io

We can see that address two is an exchange wallet, providing liquidity on the Binance exchange. The contract icon on address three suggests that this wallet is linked to a smart contract; this is where staked SHIB reside. Address four is another liquidity pool, as is address six

While address seven is also a smart contract wallet, its purpose is unclear. That leaves 3.74% of SHIB in private wallets, likely owned by developers. Although even at these percentages, price manipulation is possible, it is unlikely this is the intention.

Using these checks, you can assess how centralised a cryptocurrency is.

Is it a trend-based project?

Meme coins and crypto projects based on fads seem to be sticking around for the moment. While many do not profess to be anything other than a joke, you should still exercise caution before investing to see if there are red flags.

Some of the most infamous projects have revolved around cultural trends, while having no observable utility, with the Squid Game token being the most infamous example. In an even more surreal example, a recent Twitter exchange between the founder of The Boring Company, Elon Musk, and McDonald’s prompted the minting of grimacecoin, which subsequently jumped in value by 285,000%.

Scams are “almost always based on social media trends,” according to Basa. “People read something, get hyped, see a token, and then head to a decentralised exchange to get in early. Shortly after, the project is rug-pulled, leaving a lot of unhappy investors.”

Does it sound too good to be true?

In the DeFi space, a common baiting technique is to offer unusually high annual percentage yields (APY) to lure you in, only for you to find that your tokens cannot be redeemed at a later stage.

Chai also said to be wary of free giveaways. In one recent example, “Bitcoin Conference 2021” was reposted on YouTube, with added subtitles promising 200% returns on any bitcoin sent to a specific address. The reposters used the name of a genuine conference to give the scam a legitimate feel.

It also pays to be wary of “rebasing” schemes, which manipulate token distributions to pump the value of a cryptocurrency by many thousands – sometimes even millions – of percent in a short time period. The project begins to trend, bringing new investors in, only for the token to plunge in value.

In a recent example, the anonymous PumpETH token went from $0.0000000005928 to $0.00736 in a 24-hour period, equating to a 1,241,570,000% increase.

Chart showing PETH’s dramatic price swings – Photo: Currency.comThank you
PETH’s dramatic upswings always come crashing down – Photo: Currency.com

Chai said: “Check their vision, their white paper and their roadmap. Check if their vision is big but lacks a reasonable roadmap to execute… never trust what is too good to be true.”

Is the project audited by a reputable name?

According to CertiK’s report, “Disappointingly, the majority of DeFi platforms exploited in 2021 were unaudited.”

But simply acknowledging that a project is audited is only one part of the process. Be sure to read the contents of the report, what was uncovered, and whether the project has resolved these issues.

Furthermore, as Currency.com recently reported, the smart contract audit sector is growing rapidly, with a proliferation of offerings coming into the market. Some are more reliable than others. In 2021, Uranium Finance lost $57m of user funds as hackers exploited a single line of code, despite the company stating that it was audited by three separate organisations.

As well as CertiK, Slowmist and Chainshield also have a good reputation.

Note that Currency.com has no affiliations with any of the above mentioned – and that, just as due diligence should be applied to cryptocurrency investments, you should also conduct background checks on any smart contract auditor.

Is the cryptocurrency endorsed by celebrities?

In September 2021, the UK’s Financial Conduct Authority (FCA) criticised Kim Kardashian for promoting EthereumMAX to her 250 million followers.

Charles Randell, the FCA’s chairman, called it a “financial promotion with the single biggest audience reach in history,” and while he did not explicitly call EthereumMAX a scam, he accused influencers of fuelling “delusions of quick riches”. His suspicions were justified when EthereumMAX tanked in value in an apparent pump-and-dump scheme.

ExpressVPN called this just one instance in a long line of cyber scammers using celebrities to shill dubious cryptocurrencies.

ExpressVPN also cited DJ Khaled, who “landed in trouble in 2017 by not disclosing that his tweets about crypto company Centra Tech were paid promotions.” Centra Tech’s co-founder, Sam Sharma, would later be sentenced to eight years in prison for fraud resulting from Centra Tech’s initial coin offering (ICO).

Not all celebrity endorsements are genuine, according to Hauk. “Imposter social media accounts make it look as if celebrities are promoting a particular cryptocurrency. A while back, several celebrities and technology industry figures had their Twitter accounts taken over and used to try to fraudulently entice folks into turning over financial information and funds for supposedly free cryptocurrency.

“Don’t trust a tweet or social media post, even if it appears to come from a genuine source.”

How healthy is the token’s liquidity?

The rise of decentralised exchanges (DEXs) such as PancakeSwap has made it easier than ever to launch a token. When checking for cryptocurrency red flags, find out which DEX it is primarily exchanged on, then head to that exchange and check liquidity. 

In contrast to centralised exchanges, DEXs rely on liquidity pools provided by users and project runners. Low liquidity could suggest that the token is not strongly supported. Furthermore, if liquidity gets pulled, a holder may not be able to sell their tokens, making the tokens effectively worthless. 

Even if low liquidity does not necessarily indicate a scam, it increases risk to the user.

Bonus round: Does the project get bad press?

A simple Google search goes a long way to finding crypto red flags.

“Research, research, research!” Hauk emphasised. “Research the cryptocurrency on the internet, using the tools at your fingertips. If the crypto is a scam, there is a very good chance someone has exposed it online.”

Reddit can be a goldmine of information, with large communities often rallying against perceived scam projects and exposing red flags accordingly. But be careful: posters often do not have sincere intentions. Crypto armies are regularly deployed onto Reddit to promote a token, and an excessive amount of praise could be as much of a red flag as bad press.

Putting together a toolset

Thankfully, despite the crypto space being rife with bad actors, there is also an abundance of free tools out there that can assist you on your due diligence quests. Here are just a few:

Rugdoc.io checks a project’s smart contracts for “hard rug” codes. While it does not perform full audits, it is a good starting point.

CoinMarketCap lists most cryptocurrencies, and conveniently provides links to social media pages, white papers, blockchain explorers and websites.

The CertiK Leaderboard keeps running tabs on more than 1,500 projects, issuing alerts, scores and ratings. CertiK also offers the Skytrace wallet tracing and visualisation tool, which can be trialled for free.

Market Move provides an overview of a token’s liquidity, contract code, top wallet holders and financials.

Who.is can provide the registrar information for a website’s URL, provided that the registrar is not hiding behind Namecheap.

Twitter Audit allows you to check how many of a Twitter account’s followers are genuine.

FAQs

Common red flags include social media bots, unrealistic promises, a poor quality website, lack of project transparency, anonymous developers, token centralisation, celebrity and influencer endorsements, and an absence of proper auditing.

There are many ways to check for crypto red flags. Be sure to check social media channels, read audits, check white papers and Github repositories, visit official websites, make use of free online tools, check blockchain explorers for centralisation, and carry out Google searches related to the token and/or blockchain.

Rug pulls have rapidly become far more common in recent years. Thankfully, it is much easier to predict rug pulls than it is to spot sophisticated smart contract code hacks.

Further reading

The material provided on this website is for information purposes only and should not be regarded as investment research or investment advice. Any opinion that may be provided on this page is a subjective point of view of the author and does not constitute a recommendation by Currency Com Bel LLC or its partners. We do not make any endorsements or warranty on the accuracy or completeness of the information that is provided on this page. By relying on the information on this page, you acknowledge that you are acting knowingly and independently and that you accept all the risks involved.
iPhone Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image