Before you interact with any crypto project, run it through these 12 on-chain and off-chain safety signals. A high score is reassuring — but it is never a guarantee. Always do your own research.
If a token's mint authority is still active, the team can create unlimited new tokens at any time — instantly diluting every holder's share to near zero. A revoked mint authority means no new supply can ever be created. Verify on Solscan or Solana.fm: look for "Mint Authority: None" or "Revoked".
A freeze authority allows the token creator to freeze any wallet holding that token — making your tokens immovable. When this authority is revoked, no single party can prevent you from transferring your own tokens. Verify the same way as mint authority on any Solana block explorer.
The total supply should be declared by the project and match what's shown on-chain. Check that the circulating supply matches the stated supply, and that no large undisclosed reserve exists. On Solana, on-chain supply figures cannot be manipulated retroactively once mint authority is revoked.
In a rug pull, a team provides liquidity to a DEX, drives up the price, then withdraws all liquidity — leaving buyers with worthless tokens. If a project is already trading, check whether LP (liquidity provider) tokens are locked in a time-lock contract or permanently burned. Platforms like Raydium publish LP info. (If a project is pre-launch and not yet trading, tick Yes and note that this signal applies once live.)
Scammers create fake tokens with near-identical names and promote them via DMs, fake announcements, and copycat accounts. The real contract address should appear only in the project's verified Twitter/X bio, official Telegram pinned messages, or verified website. Never trust an address shared in a DM — even if the sender looks official.
On Solscan, view the "Holders" tab for any Solana token. If one or a small number of wallets hold 30%, 50%, or more of the supply, a co-ordinated dump by those wallets could devastate the market. Look for a broadly distributed holder list, or a clearly identified treasury/team wallet that is disclosed and time-locked. There is no universal safe threshold — use your own judgement.
Many legitimate crypto projects are anonymous — anonymity alone is not a red flag. The risk is unexplained anonymity combined with false promises. A trustworthy anonymous team should still articulate who they are culturally, why they chose anonymity, and what accountability mechanisms exist. Doxxed teams carry legal accountability; anonymous teams rely on reputational consistency over time.
A third-party audit means a security firm reviewed the contract code for vulnerabilities, backdoors, and exploits. Note: an audit is not a guarantee of safety — it reflects the state of the code at the time of review. Always check the audit is real (hosted on the auditor's own site), recent, and that no critical issues were left unresolved. (Many early-stage projects are unaudited — mark No if uncertain, and proceed with extra caution.)
Any project promising guaranteed profits, fixed APY returns, or a specific price target is either misinformed or deliberately misleading. Cryptocurrency markets are volatile and unpredictable. Credible projects describe their roadmap, use case, and community without making financial promises. Phrases like "100x guaranteed", "risk-free", or "your money will grow" are serious red flags.
Visit the project's Telegram and Twitter/X. A healthy community discusses ideas, asks critical questions, and receives honest answers. Red flags include: only hype with no substance, questions being deleted or banned, bots dominating the feed, or an unusually fast-growing follower count with low engagement. Healthy scepticism within a community is a positive sign, not a negative one.
Phishing is rampant in crypto. Scammers clone websites with slightly different domains (e.g. trusttai1s.io instead of trusttails.io), create fake Telegram groups with near-identical names, and impersonate admins. Always navigate to official links from the project's verified Twitter/X bio or a bookmarked URL. Never click links shared in DMs — legitimate projects will never contact you first via DM to offer tokens, whitelist spots, or airdrops.
Countdown timers, "only X spots left", "buy now before it's gone", or pressure from community members to hurry are classic manipulation techniques designed to bypass your rational thinking. Legitimate projects want long-term, informed holders — not impulsive buyers. If you feel rushed, that itself is a signal to slow down and research more carefully.
A high score is encouraging but is not a safety guarantee. Do your own research before interacting with any token.
TrustTails (TAIL) — all critical signals confirmed at launch.
4NoNV3jSYLRbUtVWSTK5XdkpuvRzGpMCmfZSBKMuk6Rc
Each signal is drawn from publicly documented rug-pull patterns and on-chain forensics research. Here is what each category means and how to interpret your score.
These are the highest-risk factors. A "No" on any Critical signal should make you deeply cautious. They include mint authority, freeze authority, fixed supply, liquidity status, and link verification — all things that can be checked on-chain in under two minutes.
These require more interpretation. Holder concentration, team transparency, audits, realistic claims, and absence of pressure tactics are context-dependent — but each "No" meaningfully increases risk. Together they paint a picture of the project's culture and intentions.
Community quality and the absence of artificial urgency are softer signals, but still meaningful. An organic community that tolerates critical questions is one of the best long-term indicators of a project worth following — even if it is not a financial guarantee.
Understanding the vocabulary is the first step to protecting yourself. These are the terms used throughout this tool and across on-chain research.
As an example of how to apply this checklist, here is what the publicly verifiable on-chain facts about TrustTails (TAIL) show at the time of writing. We present this factually — not as an investment recommendation.
Common questions about rug pulls, safety signals, and how to verify crypto projects independently.
A rug pull is a type of crypto exit scam. The most common form involves a team creating a token, building hype, then withdrawing all liquidity from a trading pool — making the token instantly unsellable. Slower variants involve gradual large wallet dumps or abandoned projects where development simply stops. Rug pulls range from brazen theft to quiet abandonment; the on-chain signals in this checklist address the most common attack vectors.
No. A high score means the project passes the transparency signals we have identified — it does not mean the project will succeed, remain legitimate over time, or be free of risks we have not captured. Market conditions, team decisions, smart contract bugs, protocol-level exploits, and regulatory changes can all affect a project independently of these signals. Treat a high score as a starting point for further research, not a conclusion.
Visit solscan.io and search the token's contract address. On the token overview page, look for the "Mint Authority" and "Freeze Authority" fields. If they show "None" or display an empty address, the authority is revoked. You can also check solana.fm or explorer.solana.com for the same information. This takes under 60 seconds and is the single most important on-chain check you can do.
Not automatically. Many legitimate and successful crypto projects were built by anonymous teams. The risk is when anonymity is combined with false promises, no verifiable history, and no accountability mechanism. A team that is honest about being anonymous, consistent over a long period, and transparent about their decisions can still demonstrate trustworthiness through behaviour rather than identity. Judge the pattern of actions, not the absence of a name.
When a project provides liquidity to a DEX like Raydium, the liquidity pool issues LP tokens back to the provider. If those LP tokens are sent to a time-lock contract, the provider cannot withdraw the liquidity until the lock expires — this protects buyers. If LP tokens are burned (sent to a dead wallet), the liquidity is permanently locked. You can check on tools like Birdeye or the DEX's own pool information page. For pre-launch projects, this signal applies once the token is tradable.
Only if the audit report is publicly hosted on the auditing firm's own official website and matches the contract address you are reviewing. Fake or low-quality "audits" do exist — some are self-produced, some are paid for from non-credible firms, and some are outdated (the contract may have changed since). Always verify the audit exists on the firm's domain, that it was recent, and that no critical or high-severity issues were left unaddressed.
Always navigate from the project's verified Twitter/X bio link or a URL you have previously bookmarked from a verified source. Check the domain character by character — scammers use look-alike characters (l vs I, 0 vs O, adding hyphens or swapping TLDs). Legitimate projects will never DM you first with a presale link. If you receive an unsolicited message about a token, presale, airdrop, or whitelist — treat it as a scam until proven otherwise. When in doubt, ask in the official community channel (not the DM) and check against the official website.
Most signals apply across networks, but the specific tools and terminology differ. On Ethereum, mint authority may be called "owner" with a mint function; liquidity lock tools include Unicrypt or Team Finance. The core concepts — fixed supply, revoked permissions, locked liquidity, transparent team, realistic claims — are universal to evaluating any token on any chain. Always use the appropriate block explorer and DEX for the network you are researching.
Continue your research with these companion tools and educational resources.
Look up any Solana SPL token by contract address and see mint authority, freeze authority, supply, and holder distribution at a glance.
Open toolA deeper educational guide to the mechanics of rug pulls, historic examples, the anatomy of a coordinated pump-and-dump, and how to protect yourself.
Read articleA dedicated page explaining TrustTails' on-chain verifiable facts — mint revoked, freeze revoked, fixed supply — with links to block explorer evidence.
Read moreMint revoked. Freeze revoked. Fixed supply. No hype. No price promises. TrustTails is pre-launch and not currently available to buy — but you can follow the project and ask us anything in the community.
Not financial advice. TAIL is a high-risk, pre-launch community token. Only use funds you can afford to lose entirely.