How to Determine If a Crypto Coin Is Safe

By
&
Tom Blackstone
Gabe TurnerChief Editor
Last Updated on Apr 14, 2022
By Tom Blackstone & Gabe Turner on Apr 14, 2022
The content on this page is provided for informational purposes only. Security.org does not offer financial or investment advice, nor does it advise or encourage anyone to buy, sell, or trade cryptocurrency. It is advised that you conduct your own investigation as to the accuracy of any information contained herein as such information is provided “as is” for informational purposes only. Further, Security.org shall not be liable for any informational error or for any action taken in reliance on information contained herein.

New cryptocurrencies come out every day. But how do you know which coins are secure and which ones will turn out to be scams?

In this guide, I’ll cover some great tips and tricks on how to distinguish safe cryptos from frauds.

The truth is, crypto investing is volatile by nature, so why not stack the odds in your favor as much as possible? You can start by being a well-informed investor.

Now let’s put on our investigator hats to find some safe coins.

FYI: A “safe coin” is a legitimate coin, as opposed to a fake or fraudulent coin. By “safe,” we do not mean that the coin will yield high returns (unfortunately, we don’t have a crystal ball).

Overview

In the crypto world, investors routinely make monster returns if they can catch a viable project before it is discovered. For example, investors who bought Harmony (ONE) in 2019 experienced a 7x return on their investment from then until now, and Avalanche (AVAX) investors saw their coin grow in value by 20x from early 2020 to 2022.

But for every coin that has massive gains, there are many more that turn out to be absolute frauds. Here are a couple of examples.

SaveTheKids Fraud

In June 2021, a number of YouTube influencers started promoting a cryptocurrency called SaveTheKids token. SavetheKids token was supposed to be a coin that redistributes wealth to its holders and to charity. It was promoted by FaZeClan (Esports organization), RiceGum (rapper), Sommer Ray (Instagram model), and many others.

With these celebrities promoting the coin, many investors believed that it would see incredible gains. And there was a line of code in the smart contract that prevented the developer from selling more than 20% of his holdings every 24 hours, so investors felt that the coin could not be a pump-and-dump scam.

Did You Know: A pump and dump is an illegal crypto scam where developers hype up a project before launch, “pumping” the price, then sell their tokens and end all marketing, causing the price to crash and never recover.

But the smart contract had not been deployed yet. And on launch day, the developer changed the code at the last minute to allow insiders to sell all of their holdings after the first minute.1

On launch day, the token closed at nearly $0.02 per coin. With a circulating supply of 1 billion coins, this made the market cap of SaveTheKids nearly $20 million.

But over the next few days, SaveTheKids lost over 90% of its value, finally bottoming out at $0.001358 per coin. The influencers immediately stopped promoting the coin, and many of them deleted the tweets and YouTube videos they had made promoting it. Meanwhile, the developer took the project’s website down, completely abandoning the project.2

Some of the influencers involved have claimed they did not know SaveTheKids token was a scam. For example, Kay from FazeClan has issued an apology video. In the video, he claims that he was taken advantage of by the developer, who made off with“six-figure profits” while Kay lost money.3

Squid Token Scam

In December 2021, a group of crypto developers released Squid token, a cryptocurrency named after the Netflix sensation “Squid Game.” The developers claimed this token would be used in a future play-to-earn game based on the movie.

What Is Play to Earn?: A play-to-earn game is a video game that allows players to earn crypto collectibles through gameplay. Because these collectibles are on the blockchain, they can be easily converted into cash, allowing players to make money from playing the game.

The developers sold over $3 million worth of Squid tokens. But investors soon discovered that the token lacked a transfer function and therefore could not be sold. The developers then disappeared, never to be heard from again.4

Scams like these are popping up in the crypto world every day. So how can you tell the difference between these and legitimate coin projects?

Here are the steps you can take to determine if a crypto coin is safe:

  • Join the project’s community and see how the developers respond to questions.
  • Take a close look at the marketing for the project, and steer clear of it if it seems all hype and little substance.
  • Read the dev team’s documentation to understand how the coin works.
  • Look at the coin’s contracts using a block explorer.
  • Read any audits that have been done on the project’s code.

We’ll go into more detail about each of these critical steps in the sections below. And we’ll begin by discussing the simplest step you can take to investigate a new crypto project: joining the project’s community.

Check out the Coin’s Community

The simplest way to start investigating a crypto coin is to join its community.

Most projects will maintain Discord and Telegram groups. There should be a button near the bottom of the project’s homepage for either group (see below).

crypto social buttons
crypto social buttons

If a project has a lot of support from investors, it will usually have an active group with lots of people chatting in it. The developers will also pop in from time to time to answer questions or discuss the project’s road map.

With a safe and legitimate project, the devs will often take time to explain how the project works. And if community members criticize the devs’ decisions, the devs will try to explain why they made the decisions they did.

By contrast, risky projects or scams may have no community at all. You may find that you are not allowed to talk in the group — and that the only content available is announcements from the devs.

If a group does have plenty of investors participating in it, you may find that the devs give vague answers to questions, and they may ban people who push too hard for clarifications. These are red flags that indicate the developers may be hiding something from the community. In this case, the project may be a pump and dump or some other type of fraud.

These community groups on Discord and Telegram are great places to meet with devs and learn how much support a coin has. But ultimately, a coin also needs to communicate a message to the general public. So it’s also important to vet the coin’s marketing campaign.

FYI: The “Metaverse” is the ultimate crypto community: a VR world where land and other assets exist on the blockchain. Read our guide on Crypto in the Metaverse if you want to learn more.

Take a Good Look at the Coin’s Marketing Campaign

In order for a coin to rise in price over time, it needs to constantly attract new investors. This is where the coin’s marketing comes in.

A viable project will likely have an active Twitter page that posts announcements and links to blog posts. The marketing team may use this channel to announce contests and other promotions. Typically, these posts will try to get other community members involved in sharing content to raise awareness of the project.

If a coin is safe, you may also see crypto-oriented YouTube channels discussing it. This is usually because the marketing team has paid these channels to discuss the project.

But notice I say crypto-oriented channels. With a legitimate project, you generally won’t see the project discussed on channels that are unrelated to crypto, like ones devoted to fashion or movies, for example (unless the crypto project is actually related to these subjects).

With a legitimate project, you’ll also find that the marketing is aimed at educating the audience about how the project works. But with a riskier project, you may find that the marketing makes big promises about a high rate of return and provides little detail as to how this rate of return will be achieved.

Pro Tip: Pro Tip: If you find that a coin is being promoted by celebrities or other influencers who are not experts on crypto, you may want to regard this as especially suspicious, as these influencers are often used to peddle worthless coins to their audiences. Sometimes the influencers are in on the scam, while other times they are victims themselves.

Even if a coin has stellar marketing and a great community behind it, this doesn’t mean it will be secure over the long run. Ultimately, a good crypto project needs to fulfill a need in the marketplace. That, in a nutshell, is how cryptocurrency gains value.

So how do you know if the project fulfills a need? One way to begin is by reading the docs.

Review the Docs Carefully

Even if you don’t use a fine-tooth comb, it’s still important to understand the docs by reading through them.

A legitimate crypto project will usually have some kind of documentation. It may have a subsection of the website called Docs, or it may have a single PDF called a white paper. Either way, there should be one or more documents for the project that explain what problem the coin is attempting to solve, how it solves this problem, and how an investor can use the coin to profit from this solution.

curve finance docs
curve finance docs

The docs should also make clear what risk you are taking by investing in the coin.

By contrast, if a project is risky, it might not have any docs at all. Or it might have docs, but the explanations given in them may be vague and filled with promises of incredible amounts of money to be made by investors.

Once you’ve read the docs, the next step in determining whether a coin is safe is to check out the contracts.

Pro Tip: Thinking about buying crypto? Read our complete guide to Buying Crypto Safely in the U.S. And be sure to brush up on the laws and regulations in our article, Is Crypto Legal in My State?

Look at the Contracts

Now we’re getting into some serious due diligence.

If the coin you are considering is a token or DeFi project, it will have one or more smart contracts running on the blockchain. In order to make sure the coin is safe, consider investigating the code in these contracts.

What Is a Smart Contract: A smart contract is a file that runs on a blockchain network. In a decentralized application, all of the permanent data (such as balances) are stored by smart contracts.

Here is how you can investigate the smart contracts for a project.

Find the contracts.

The first thing you’ll need to do is to find the contracts on a block explorer. For this, you’ll need the contract address and the URL for the block explorer.

The contract address should be stated in the developer’s documentation. As for the block explorer, here are some URLs for some of the most popular networks.

Once you arrive at the block explorer homepage, just search for the contract address using the search bar at the top of the page.

etherscan search bar
etherscan search bar

This will bring you to the page for the particular contract you’ve entered. Click the Contract tab on the page.

etherscan contract
etherscan contract

This should show you the contract’s code. Then you can begin your investigation.

FYI: Trying to decide which wallet to use? Head over to The Beginner’s Guide to Crypto Wallets. In this guide we cover everything you need to know about hot wallets, cold wallets, and everything in-between.

Make sure the contract is verified.

The first thing you might want to check is whether the contract is verified. An unverified contract generally can’t be read by human beings. So if the developer hasn’t verified their contract, there may be something in the code they don’t want people to see.

Before a developer can deploy contracts to the network, they have to compile the contracts. This translates them into a machine language that can be read by the network’s validator nodes.

However, this causes a problem if you want to read the contracts yourself, since bytecode is very difficult for humans to read.

To help users overcome this problem, developers usually provide the human-readable version of the code to the block explorer. Once they’ve done this, the block explorer can compile the code and check to make sure it is identical to what is deployed on the blockchain. This is called verifying a contract.

Did You Know: A contract verification is the process of proving that the human-readable code supplied by the developer is the same code that is running on the blockchain.

To check whether a contract has been verified, just take a look at the code shown on the page. If all you see is gibberish strings of characters, that means the contract hasn’t been verified. Here is an example:

example of bytecode
example of bytecode

By contrast, a verified contract will also show human-readable code at the top of the page. It will look something like this:

human readable code example
human readable code example

The block explorer may also directly state that the code is verified, as it does in the screenshot above.

Of course, if a contract is not verified, this doesn’t mean that it’s a scam. Developers are human, and they can forget to verify their contracts. But if you find that the project has an unverified contract, you may want to ask the developers about it in Discord to see how they respond. If they respond suspiciously when asked about it, then you might consider avoiding the project.

Did You Know: Every time you interact with a smart contract, you have to sign a message proving that you’re the owner of the sending account. This prevents anyone else from pretending to be you on the network. For more on how this works, check out The Crypto User’s Guide to Cryptography.

Once you’re able to see the human-readable code, the final step is to consider the code’s audit.

Audit the contracts (or read an existing audit).

All smart contracts should have public code that can be read on its block explorer page. But unless you know how to read Solidity, you might not know what you are looking for. So here are a few tips for auditing the code yourself or relying on a third party to do it.

  • Use RugDoc. RugDoc is a website that specializes in auditing smart contracts and looking for scams or bugs. It rates projects as Not Eligible, Some Risk, Medium Risk, or High Risk. You can use these ratings to get a basic feel for how much risk there is of the project being hacked or turning out to be a scam.If you click on a high-risk project to get the detailed report, you may see statements like “Token Ownership not renounced. Owner can mint & dump” or “Governance can drain the contract 90 days after poolEndTime.” These are essentially statements of what the code says, but put into plain English for people who can’t read code.If you want to understand these statements on a deeper level, you can go back to the contract page and read the code to see if you can spot the section that RugDoc is talking about. This may allow you to make better sense out of what the contract says.
  • Read the audit report. Because developers want to assure the public that their contracts are safe, they often hire smart contract security companies to audit their contracts.There is an inherent conflict of interest in this practice because auditing firms naturally want to say nice things about the people who are paying them.But if a firm audits a contract and it turns out to be a scam or is hacked, this may harm the firm’s reputation and cause it to lose business. So these auditing firms do have an incentive to be honest about the risks that exist in a contract.When a security company finishes its audit, it releases a report detailing the risks of the contract. This report is usually posted on the firm’s website. Reading this report can give you lots of information about the contract’s risks.Most auditing companies grade risks as low, medium, or high. If a contract has many issues labeled as high risk, you may want to avoid it.

    As with a RugDoc report, you can get a deeper knowledge of the statements made in a firm’s auditing report by going back to the contract and looking for the issues they’ve raised. Even if you don’t think of yourself as a programmer, this practice may help you to get some understanding of what is going on in the code and how this affects your risk as an investor.

  • Read the code yourself. Of course, if you know how to read Solidity (or whatever language the contract is written in), the safest way to understand the risks of a contract may be to audit the code yourself. This may be especially useful if you’re dealing with a new project that has not yet been audited or reviewed by RugDoc.

So that’s all there is to investigating a coin’s smart contracts. Now let’s move on to some final thoughts.

Pro Tip: Want more info on how to avoid crypto scams? Check out roundup of Crypto Pitfalls to Avoid.

Final Thoughts

Investing in cryptocurrency can bring incredible gains. But if you end up investing in a scam or a risky project, it can also lead to huge losses.

There have been a lot of crypto scams popping up lately. But you can do your best to avoid them by engaging in a few simple practices. Before investing in a new coin, remember to do the following:

  1. Check out the coin’s community and marketing.
  2. Read the docs to make sure you understand what you’re investing in, how you might profit from it, and what risks you are taking by investing in it.
  3. Look up the contracts in a block explorer, and check to make sure they are verified.
  4. Read the audit report, consult a third-party website like RugDoc, or read the code yourself to make sure you understand the risks you are taking.

Practicing these habits can go a long way toward protecting your crypto from rug pulls, pump and dumps, and other crypto scams so that you don’t end up like the next investor in SaveTheKids or Squid token.

Citations
  1. Youtube. (2021). The ACTUAL TRUTH Behind The SaveTheKids Scam. youtu.be/0SSzCoz_XNc?t=547.

  2. Mashable. (2021). The biggest cryptocurrency scams of 2021. mashable.com/article/biggest-cryptocurrency-scams-2021.

  3. Youtube. (2021). The Truth. www.youtube.com/watch?v=n_o77pHsGiM.

  4. BBC. (2021). Squid Game crypto token collapses in apparent scam. bbc.com/news/business-59129466.