How to Research a New Crypto Project: A 10-Point Due Diligence Framework

Key Takeaways

Thousands of new crypto projects launch every year. Many fail quietly. Some fail loudly, taking investor funds with them. A small number succeed. The difference between making an informed decision and a costly mistake usually comes down to the research you do before committing capital.

This guide gives you a structured, repeatable 10-point framework for evaluating any new crypto project. Each checkpoint is designed to surface the information that matters and to help you identify red flags before they become financial losses.

This is not financial advice. It is a research methodology. What you do with your findings is your decision.

How to Use This Framework

Score each checkpoint from 0 to 10. A score of 0 means the project fails that check completely. A score of 10 means it passes cleanly. Total all 10 scores for a maximum of 100.

The 10-Point Due Diligence Checklist

Checkpoint 1: Team Transparency and Track Record

Point: Who built this project, and can their identity and history be verified?

Evidence: Search each named team member on LinkedIn. Look for previous projects, professional history, and public contributions. Cross-reference names against GitHub commits and conference appearances.

Explanation: Anonymous teams are not automatically a problem, but anonymous teams launching projects with investor funds are a significant risk. Pseudonymous founders who have built prior verified projects (like some in the DeFi space) carry more weight than completely unverifiable identities.

Red flags: No verifiable LinkedIn profiles. No GitHub history. Team photos that reverse-image-search to stock photo sites. Bios that are vague or unverifiable.

Free tools: LinkedIn, Google, reverse image search (Google Images or TinEye), GitHub.

Max Score: 10  |  Red Flag Threshold: Below 4

Checkpoint 2: Whitepaper Quality

Point: Does the project have a whitepaper, and does it hold up under scrutiny?

Evidence: Read the whitepaper or technical documentation end to end. Look for a clearly stated problem, a technically coherent solution, and referenced research or prior work. Run a section through a plagiarism checker.

Explanation: A well-written whitepaper does not guarantee success. A poorly written one almost guarantees failure. Look for specificity. Vague whitepapers full of buzzwords but light on technical detail are a warning sign. Projects that cannot clearly explain how their technology works likely do not have working technology.

Red flags: Plagiarised sections. No technical depth. Heavy use of marketing language. No citations or references. Claims that are not substantiated.

Free tools: Project website, Scribbr or Grammarly for plagiarism checking, GitHub for code cross-reference.

Max Score: 10  |  Red Flag Threshold: Below 5

Checkpoint 3: Tokenomics Structure

Point: How are the tokens distributed, and does the structure benefit the project or just its founders?

Evidence: Find the token allocation breakdown. Look for what percentage goes to the team, investors, community, treasury, and public sale. Check vesting schedules: how long are team tokens locked, and when do they unlock?

Explanation: Healthy tokenomics typically keep team and insider allocations below 20 percent of total supply, with vesting periods of one to four years. Projects where founders hold 40 percent or more with short unlock periods are structurally set up for a token dump on retail buyers.

Free tools: CoinGecko tokenomics section, Token Unlocks (tokenunlocks.app), project documentation.

Max Score: 10  |  Red Flag Threshold: Below 4

Checkpoint 4: Investor and Backer Quality

Point: Who invested in this project at the venture or seed stage?

Evidence: Look for named investors on the website, Crunchbase, or press releases. Research the track record of those backers. Have they funded other legitimate projects?

Explanation: Backing from reputable venture capital firms does not guarantee success, but it does signal that professionals with reputational stakes have evaluated the project. Unknown or unnamed investors are a neutral data point. Investors with histories tied to failed or fraudulent projects are a negative signal.

Red flags: No disclosed investors. Investors with no verifiable history. Claims of institutional backing that cannot be confirmed.

Free tools: Crunchbase, project blog, Twitter/X announcements.

Max Score: 10  |  Red Flag Threshold: N/A (low-weight checkpoint for early-stage projects)

Checkpoint 5: On-Chain Wallet Distribution

Point: Is token ownership spread across many wallets, or is it concentrated in a few?

Evidence: Use Etherscan or BscScan to view the token holder list. Look at what percentage the top 10 or top 20 wallets control. Check whether those wallets are labelled as exchange wallets or whether they belong to insiders.

Explanation: A healthy distribution suggests genuine adoption. When 5 wallets control 60 percent of a token supply, the project is vulnerable to coordinated sell-offs that collapse the price. This is sometimes called a "whale trap" and it is a common feature of low-quality projects.

Red flags: Top 10 wallets hold more than 50 percent. Multiple large wallets created on the same date. Unlabelled wallets with massive holdings.

Free tools: Etherscan.io, BscScan.com, Bubblemaps (bubblemaps.io) for visual wallet clustering.

Max Score: 10  |  Red Flag Threshold: Below 4

Checkpoint 6: Smart Contract Audit Status

Point: Has the smart contract code been independently audited by a credible security firm?

Evidence: Look for audit reports from firms like Certik, Hacken, Trail of Bits, OpenZeppelin, or Quantstamp. Read the actual report, not just the badge. Check whether identified issues were resolved.

Explanation: Unaudited contracts are one of the most common sources of crypto losses. In 2023 and 2024, hundreds of millions of dollars were drained from DeFi protocols through smart contract exploits. An audit does not eliminate risk but it substantially reduces it, especially if critical issues were found and fixed before launch.

Red flags: No audit. An audit where critical issues remain unresolved. An audit from an unknown or unverifiable firm. A badge on the website that links to no report.

Free tools: Certik Skynet (certik.com/skynet), Hacken audits page, DeFiSafety.com.

Max Score: 10  |  Red Flag Threshold: Below 6 (audit is a near-essential checkpoint for DeFi)

Checkpoint 7: Liquidity and Market Depth

Point: Can you actually buy and sell this token without significant price slippage?

Evidence: Check the token on DEX Screener (dexscreener.com) or CoinGecko. Look at 24-hour trading volume, liquidity pool size, and the number of active trading pairs.

Explanation: Low liquidity is a structural risk. It means a relatively small sell order can move the price dramatically against you. It also makes exit difficult. Tokens with locked liquidity are safer than those where liquidity can be removed instantly by the developer, which is the mechanism behind most rug pulls.

Red flags: Liquidity below $100,000. Unlocked liquidity pools. Single trading pair with one small provider. Volume spikes that do not match organic activity.

Free tools: DEX Screener, CoinGecko, TradingView (for charting volume and price history).

For professional-grade charting and volume analysis, TradingView offers some of the most detailed tools available for retail traders.

Max Score: 10  |  Red Flag Threshold: Below 5

Checkpoint 8: Community Authenticity

Point: Does the project have a genuine and engaged community, or has it purchased one?

Evidence: Visit the project's Telegram, Discord, and Twitter/X. Read the last 50 messages or posts. Look at the ratio of organic questions and discussions to promotional spam. Check follower growth patterns on Twitter using tools like Bot Sentinel.

Explanation: A bought community is easy to spot. Telegram groups where members never ask critical questions. Twitter accounts where follower counts spiked overnight but engagement is near zero. Discord servers filled with "moon" messages and no technical discussion. Legitimate projects attract people who want to understand the technology.

Red flags: Telegram groups where critical questions are deleted. Bots commenting identical phrases. Paid promotion clearly labelled as "organic" community. No discussion of product updates or technical progress.

Free tools: Bot Sentinel (botsentinel.com), SparkToro (basic checks), Telegram and Discord direct observation.

Max Score: 10  |  Red Flag Threshold: Below 4

Checkpoint 9: Roadmap Realism and Delivery History

Point: Has the team shipped what it promised, and is the roadmap achievable?

Evidence: Find the original roadmap from launch. Compare it to what has actually been delivered. Check GitHub for commit activity. Look for dated announcements of milestone completions.

Explanation: A roadmap full of ambitious promises is easy to write. A team that consistently ships on schedule is rare and valuable. GitHub is your best tool here. A repository with no commits in the last 90 days on an active project is a serious red flag. Activity on GitHub does not guarantee quality, but inactivity almost guarantees stagnation.

Red flags: Roadmap milestones that have been silently moved multiple times. GitHub with no recent commits. Announcements of "partnerships" with no technical substance. Promises that are years away with nothing delivered today.

Free tools: GitHub, Wayback Machine (web.archive.org) for historical roadmap versions, project blog.

Max Score: 10  |  Red Flag Threshold: Below 5

Checkpoint 10: Regulatory and Legal Clarity

Point: Is it clear where this project is registered and how it intends to operate within applicable law?

Evidence: Look for a registered legal entity, a terms of service document, and any disclosures about how the token may be classified under securities law. Check whether the project has received any regulatory notices.

Explanation: This does not mean a project without a legal entity is a scam. Many early-stage projects operate in regulatory grey areas. What matters is whether the team acknowledges this risk and has a stated approach to compliance as the project scales. Projects that make no mention of jurisdiction or regulatory considerations are either uninformed or deliberately evasive.

Red flags: No entity mentioned anywhere. Token claims to be a security but was sold without any disclosure. Project explicitly states it operates outside all regulatory frameworks as a selling point.

Free tools: SEC EDGAR (for US-related disclosures), project terms of service, OpenCorporates (opencorporates.com) for entity verification.

Max Score: 10  |  Red Flag Threshold: Context-dependent

Quick Reference: 10-Point Scorecard

After Your Research: Securing What You Decide to Hold

If your research leads you to allocate to a project, the next question is how you store those tokens. Keeping assets on an exchange carries counterparty risk. A hardware wallet keeps your private keys offline and under your direct control.

Ledger is one of the most widely used hardware wallet brands. It supports thousands of tokens and connects to most major DeFi platforms.

Frequently Asked Questions

What does DYOR mean in crypto?

DYOR stands for "Do Your Own Research." It is a widely used reminder in the crypto space that no one else is responsible for your investment decisions. It refers to conducting independent research rather than relying on social media tips or influencer recommendations.

Is a crypto audit the same as a security guarantee?

No. An audit is a point-in-time review of code by a third party. It reduces the risk of known vulnerabilities but does not eliminate the possibility of new exploits, especially after the code is updated. Always check that the audited version matches the deployed version.

How long does it take to complete this framework?

A thorough pass through all 10 checkpoints takes two to four hours for a new researcher. With practice, experienced users can complete a preliminary screen in under an hour. For projects you are considering meaningful capital in, take your time.

Can a project score well here and still fail?

Yes. This framework filters for obvious risks and structural weaknesses. Market conditions, competition, and execution failures can cause well-structured projects to fail. This is a risk-reduction tool, not a prediction tool.

Where can I find a project's tokenomics breakdown?

Start with the project's official website and whitepaper. CoinGecko lists tokenomics for most established tokens. For unlock schedules and vesting timelines, Token Unlocks (tokenunlocks.app) is a dedicated free resource.

Disclaimer: This content is for educational and informational purposes only and is not financial advice. Nothing here is a recommendation to buy or sell any asset or use any platform. Do your own research and manage your risk.

Read More

• Top 5 Charting Tools and Platforms for Crypto Beginners

• Top 5 Crypto Portfolio Trackers and Management Tools

• Top 5 Paper Trading Platforms to Practice Crypto Trading Risk-Free