New tokens launch every hour. Most disappear within weeks — some by accident, many by design. This checklist gives you 12 concrete warning signs to look for before you put a single dollar into any crypto project. Not investment advice. Educational reading only.
This article is written for educational purposes only. Nothing here constitutes financial, investment, or legal advice. Cryptocurrency is highly speculative and carries significant risk, including total loss of capital. Always do your own research (DYOR), verify information independently on-chain, and only invest what you can genuinely afford to lose. Past performance of any token — large or small — does not predict future results.
The crypto space is remarkable for its genuine innovation — Bitcoin introduced programmable scarcity, Ethereum brought smart contracts, Solana pushed throughput to new levels. But the same open, permissionless infrastructure that makes this technology powerful also makes it trivially easy to launch a token with no underlying value, no real team, and no intention of building anything.
Scams, rug pulls, and abandoned projects are not rare edge cases. They are a consistent feature of the landscape. The majority of new tokens — particularly on fast, low-fee chains — either fail or were never genuine to begin with.
This list does not tell you which projects are good. It tells you which signals should make you pause, slow down, and look harder before committing money. Use it alongside our interactive Rug Pull Checklist tool and our longer guide on how to avoid crypto scams in 2026.
The first category of warning signs is the easiest to spot — language that promises things no one can actually deliver.
No one can guarantee a return on any investment, let alone a speculative token. "10x guaranteed", "earn 200% APY risk-free", "your money is safe" — these phrases are not just unrealistic, they are the defining language of financial fraud. Legitimate projects, including well-known ones like Bitcoin and Ethereum, explicitly warn that prices can fall to zero. If a project does not say that, that itself is a problem.
What honest language looks like: "price can go to zero", "do your own research", "not financial advice".
"Presale ends in 24 hours." "Only 1,000 spots left." "Last chance to get in early." Urgency is a psychological tactic designed to short-circuit your ability to think clearly. In an open, 24/7 market, genuine opportunity does not evaporate in an afternoon. When a project manufactures time pressure, ask why they need you to decide before you can research them.
Slow down rule: if a project pressures you to buy immediately, take 48 hours instead. If the opportunity is real, it will still exist.
Anonymity alone is not a red flag — Satoshi Nakamoto created Bitcoin pseudonymously. What matters is the combination: anonymous team plus large funding requests, grand vision claims, or promises of partnerships. If someone asks you to send money to people you cannot identify, and those people have made specific commitments about the future, you have no recourse if they disappear. Verify what you can verify.
The question to ask: "If this team vanished tomorrow, what accountability exists?"
Partnership announcements are cheap to make and hard to disprove until it is too late. "In talks with [major company]", "backed by [VC name]", "partnered with [payment giant]" — if none of these are confirmed via the partner's own channels, treat them as marketing, not fact. Look for the partner's press release or official statement. If there is none, assume the partnership is unconfirmed at best, fabricated at worst.
Verify rule: a real partnership appears on both sides' official communications.
These red flags live on the blockchain itself. Unlike marketing claims, on-chain data cannot be faked — you can check it directly on Solscan or equivalent explorers.
On Solana, a token's mint authority controls who can create new tokens. If mint authority is active, whoever holds it can inflate the supply at any time — diluting your holdings to near zero without warning. A legitimate community token should have its mint authority revoked before or immediately at launch, not "soon" or "after growth".
How to check: paste the contract address into Solscan.io → Token tab → look for "Mint Authority: None (Revoked)". If it shows a wallet address, supply can be inflated.
TrustTails note: TAIL's mint authority is revoked. Contract: 4NoNV3jSYLRbUtVWSTK5XdkpuvRzGpMCmfZSBKMuk6Rc — verify on Solscan.
Separate from mint authority, freeze authority allows the token issuer to freeze individual wallets — preventing you from selling your own tokens. In a legitimate, decentralised project, no central party should be able to freeze holder wallets. If freeze authority is active, the team has a kill-switch over your ability to exit.
How to check: same Solscan token page → "Freeze Authority". Should read "None (Revoked)". This is distinct from mint authority — check both.
Use our interactive checklist tool to run both checks at once for any Solana token address.
If one or a few wallets hold a disproportionate share of the total supply — say, 30%, 50%, or more — the holders of those wallets can crash the price at will by selling. This is sometimes called a "whale dump" or slow rug. Check the top-holder distribution on Solscan. Also look for wallets that appear to be controlled by the same entity (funded from the same source, transacting in similar patterns).
General threshold: no single wallet should hold more than 5–10% of supply in a community token, and team allocations should be disclosed and locked with a verifiable vesting schedule.
A token with very low liquidity in its trading pools is easy to manipulate and hard to exit. More dangerously, if liquidity is not locked — meaning the team can withdraw the trading pool at any time — a liquidity rug can happen in seconds. Look for liquidity lock duration (on services like Raydium or Unicrypt for Solana). "Locked for 30 days" is not reassuring. "Locked for 1 year" with a verifiable on-chain receipt is meaningful.
Also watch: sudden large liquidity withdrawals in transaction history are a major warning signal, even on older tokens.
Some of the most dangerous red flags are not on-chain at all — they are in how a project communicates, who it pays to promote it, and how it treats its own community members.
Influencer-driven crypto promotions are extremely common and often undisclosed. A token that pays social media accounts — large or small — to promote it is manufacturing the appearance of organic excitement. This is not unique to crypto (it happens in stocks and traditional marketing too), but in crypto the amplification is faster, the disclosures rarer, and the exit faster.
Signals to watch for: multiple accounts posting very similar language at the same time; influencers who only post about a token when it launches; posts that never mention risk. None of these are definitive alone, but together they suggest coordinated promotion rather than genuine community enthusiasm.
This is one of the most active scam vectors in crypto right now. You may receive a direct message on X (Twitter), Telegram, or Discord from someone claiming to be a project admin, a successful investor, or a "community manager" offering you early access to a presale, an airdrop, or a private allocation.
The rule is simple: legitimate crypto projects do not DM individuals to offer presale access. Real presales are announced publicly. If someone messages you privately about buying tokens, treat it as a scam by default, regardless of how professional it looks. Block, do not engage, do not click links.
This applies to accounts impersonating well-known projects — including TrustTails. Official TrustTails channels: X @trusttailscoin, Telegram Community, Telegram Official. No other account speaks for us.
A project that routinely deletes posts after they age, removes previous roadmap commitments, bans community members who ask difficult questions, or changes its name and rebrands after negative coverage — these are warning signs that the team is managing perception rather than building openly.
Look at the project's earliest posts. Do the claims from six months ago match the current narrative? If the team promised a product launch, an audit, or a partnership and quietly moved on without acknowledgement, that pattern matters more than any single post.
Healthy projects: acknowledge delays transparently, leave old posts up, and engage with criticism without banning the commenter.
Transparency is not just about words — it is about what you can independently verify. A project with no public GitHub or open-source contract code, no third-party security audit (or an audit from an unknown firm that cannot be verified), and a roadmap consisting only of vague milestones with no dates or deliverables is asking you to trust without giving you anything to check.
This is different from being early-stage. An early-stage project can still publish its contract address, lock its liquidity, revoke mint and freeze authorities, and communicate honestly about what it has not yet built. The absence of these basics is a choice, not a constraint.
Read more in our guide to verifying a Solana token step by step.
TrustTails (TAIL) is a small, pre-launch, community-first Solana token. We are including ourselves in this article because we think every project — including ours — should be held to the same standard as the checklist above.
Here is what you can verify on-chain right now, before TAIL is even buyable:
4NoNV3jSYLRbUtVWSTK5XdkpuvRzGpMCmfZSBKMuk6Rc — one address, published on all official channels only.
What we have not yet done: a formal third-party audit (planned), published tokenomics with full wallet breakdown (in progress), locked liquidity (pre-launch — liquidity lock terms will be published when trading opens). We are stating this openly rather than pretending these things are already complete.
TAIL is a small, community project on Solana. It may succeed, it may not. We are not asking you to buy it based on promises. We are asking you to watch what we build — and hold us to the same checklist you would hold any other project to. Read our full transparency page →
Understanding the pattern helps you recognise it earlier — before the final stage.
Token launches with a polished website, social accounts, and promises of real utility or community. Paid promoters amplify early. Price rises on thin volume, creating a convincing chart.
Urgency language increases. "Limited presale spots." "Price going up tomorrow." New buyers enter driven by fear of missing out, not research. Liquidity grows.
Insiders sell their allocation or drain liquidity — sometimes in a single block, sometimes gradually over days. Price collapses. Remaining holders cannot sell at any meaningful price.
Socials go silent. Telegram is deleted or handed to bots. The website eventually goes down. There is typically no legal recourse, especially for cross-border anonymous teams.
No. A revoked mint authority removes one specific risk — surprise supply inflation. A token can still have high insider ownership, unlocked liquidity, or an anonymous team planning to dump. Revoked authorities are a necessary baseline, not a sufficient guarantee. Always check the full picture.
Bitcoin and Ethereum are well-established networks with many years of public track record, open-source code, and deep liquidity. They do not have mint authority in the same sense (Bitcoin's supply schedule is coded into the protocol; Ethereum's is governed by community consensus). However, their prices are still highly volatile and they carry risk. This checklist is particularly relevant for newer, smaller tokens where these controls matter most — but price risk exists across all crypto assets.
DYOR stands for "Do Your Own Research." It is a reminder that you are responsible for your own financial decisions. In crypto, it also serves a legal function — projects use it to make clear they are not providing investment advice. But DYOR has real substance too: the tools to verify on-chain data, check liquidity, and read contract history are freely available to anyone. Use them. Do not rely solely on what a project says about itself.
No. All cryptocurrency investment carries risk, including total loss of capital. Even projects with excellent technical fundamentals, transparent teams, and long track records can lose value due to market conditions, regulatory changes, technical failures, or factors outside anyone's control. The checklist in this article helps you avoid the most obvious scams — it does not turn any investment into a safe one.
In Australia, report to ASIC's MoneySmart scam watch or Scamwatch (ACCC). In the UK, report to Action Fraud. In the US, the FTC and FBI's IC3 both accept crypto scam reports. For platform-level scams on Telegram or X, use the platform's built-in reporting tools. Recovery of funds in crypto scams is extremely rare — prevention is the only reliable protection.
We cannot answer this and would never claim to. TrustTails is a small, pre-launch, community-first token on Solana. It may succeed, it may not. We have revoked mint and freeze authority and published our contract for on-chain verification. We make no promises about price, returns, or adoption. Verify what you can verify on-chain, assess the risk honestly against your personal situation, and only make decisions you are comfortable being fully responsible for.
Use these resources to put the checklist into practice.
Paste any Solana token contract and run through a structured checklist — mint authority, freeze authority, liquidity, holder concentration, and more.
Open toolA longer, step-by-step guide covering phishing, impersonation scams, fake airdrops, honeypot contracts, and more — with practical actions for each.
Read guideA step-by-step walkthrough of using Solscan to check mint authority, freeze authority, supply, holder distribution, and transaction history — with screenshots.
Read guideJoin the TrustTails community to follow the project's progress, ask questions publicly, and hold us to the same standards this article describes. No DMs. No presale pitches. Just open conversation.