Crypto Presale Due Diligence Checklist: 20+ Checks Before You Buy
A rigorous crypto presale due diligence checklist is the single most effective tool a retail investor can use to avoid rug pulls, vaporware projects, and exit scams. This guide gives you more than 20 concrete, actionable checks, explains the mechanism behind each one, and tells you where to find the data. Work through every item before you commit capital to any presale token. Bookmark or print it, then revisit it for every new opportunity you evaluate.
Why Presale Due Diligence Is Different From Buying Listed Tokens
When you buy a token on a centralised exchange, price discovery has already happened. Liquidity exists, audits are often published, and the project has at minimum survived a listing process. A presale strips away almost all of those safety nets. You are buying a promise, backed by a whitepaper and a smart contract that may not even be deployed yet.
This asymmetry means the burden of verification falls entirely on you. The checklist below is structured in five phases that mirror a professional venture analyst's workflow: team, technology, tokenomics, legal and security, and community.
---
Phase 1: Team and Founders
Check 1: Are the founders publicly named and verifiable?
Search each named founder on LinkedIn, GitHub, and Twitter/X. Cross-reference their work history against public records. Ghost-founders or pseudonymous teams are a significant risk factor unless the project is a transparent, community-run protocol (rare in early presales).
What to look for: Employment tenure that matches claimed experience, GitHub contribution history, prior project involvement, and any history of failed or fraudulent projects.
Check 2: Do advisors have genuine credentials?
Many presales list high-profile advisors who have no real involvement. Check whether each advisor has posted about the project publicly, whether their name appears in the project's legal documents, and whether they respond to direct queries.
Check 3: Has the team run a successful project before?
Serial founders with a track record of delivering are meaningfully lower risk than first-time teams. Search "[founder name] + crypto" on Google and review results beyond the first page.
Check 4: Are team token allocations locked?
Request or locate the vesting schedule. Team allocations should be locked for a minimum of 12 months post-launch with linear or cliff-based vesting. Immediate unlock at TGE (Token Generation Event) is a major red flag.
---
Phase 2: Technology and Product
Check 5: Does a working product or testnet exist?
A live testnet, GitHub repository with meaningful commit history, or a deployed MVP dramatically de-risks a presale. If the only artefact is a whitepaper and a landing page, your risk profile is closer to a donation than an investment.
Where to check: GitHub (look for recent commits, not a single push), the project's testnet explorer, or public beta access.
Check 6: Is the whitepaper technically specific?
A credible whitepaper explains *how* the technology works, not just *what* it does. Vague language like "leveraging cutting-edge AI and blockchain synergies" with no technical mechanism described is a strong signal that the team cannot execute.
Look for: consensus mechanism details, tokenomics formulas, cryptographic primitives used, scalability approach, and cited references.
Check 7: What problem does it actually solve?
Map the project's claimed solution to a real, documented pain point. Who are the target users? Is there evidence those users want this product (pilot agreements, waitlists, letters of intent)?
Check 8: Is the smart contract code public?
Open-source contracts allow independent review. Closed-source contracts at presale stage are a significant concern unless the team provides a credible reason (e.g., pending patent).
---
Phase 3: Tokenomics
Check 9: What is the total supply and how is it distributed?
Request or locate the full token allocation breakdown. Common allocations and acceptable ranges are shown in the table below.
| Allocation Bucket | Acceptable Range | Red Flag Range |
|---|---|---|
| Team & Founders | 10–20% | >25% |
| Investors / Presale | 15–30% | >40% |
| Ecosystem / Treasury | 20–40% | <10% |
| Public Sale / Liquidity | 10–20% | <5% |
| Advisors | 3–7% | >10% |
| Community / Airdrops | 5–15% | <2% |
Check 10: What is the fully diluted valuation (FDV) at presale price?
Multiply the presale token price by the total supply. If the FDV is $500 million for a product with no revenue, no users, and no working code, you are being asked to pay a price that requires extraordinary growth just to break even.
Formula: FDV = Presale price per token × Total token supply
Check 11: What is the circulating supply at TGE?
A large percentage of tokens unlocking at TGE creates immediate sell pressure. Compare the TGE unlock percentage against the vesting schedule for all other buckets. If 40% of supply becomes liquid on day one, price support will be weak unless demand is exceptionally strong.
Check 12: Is there a clear token utility?
Tokens with genuine utility (governance, fee payment, staking, access rights) have structural demand drivers. Pure speculative tokens with no utility rely entirely on new buyers entering the market.
Check 13: What is the token release schedule for the next 12 months?
Model out month-by-month unlock events for all allocation buckets. Tools like Token Unlocks (token.unlocks.app) can help for listed tokens, but for presales you must construct this manually from the vesting terms.
---
Phase 4: Legal and Security
Check 14: Has the smart contract been audited by a reputable firm?
Audit reports should be publicly available, not just "audit in progress." Reputable firms include CertiK, Trail of Bits, OpenZeppelin, Quantstamp, Hacken, and PeckShield. Read the report yourself: check the severity of findings and whether they were resolved.
Critical distinction: An audit reduces known vulnerability risk but does not eliminate it. The Ronin bridge hack in 2022 occurred despite audits.
Check 15: Is there a bug bounty programme?
Active bug bounties signal that the team wants external scrutiny. No bug bounty on a project claiming institutional-grade security is inconsistent.
Check 16: What jurisdiction is the project incorporated in?
Check the legal entity behind the project. Incorporation in a jurisdiction with clear crypto regulations (Switzerland, Singapore, Cayman Islands with substance, UAE) is preferable to no disclosed entity or shell structures in opaque jurisdictions.
Check 17: Is KYC required from the team?
Third-party KYC of the founding team (offered by providers such as Hacken or Assure DeFi) means that if a rug pull occurs, law enforcement has a verified identity on file. It meaningfully changes the risk calculus.
Check 18: Review the presale contract for honeypot or blacklist functions
Use tools such as Token Sniffer, Honeypot.is, or DEXTools token audit to scan the contract for hidden functions that prevent selling, can mint unlimited tokens, or allow the owner to blacklist addresses. This is a non-negotiable mechanical check.
Check 19: How are presale funds held?
Funds should be held in a multi-signature wallet (e.g., Gnosis Safe) requiring multiple keyholders to authorise transactions. A single EOA (externally owned account) controlled by one person holding all presale funds is an unacceptable custody arrangement.
One project worth noting in this space is BMIC.ai, which is building quantum-resistant wallet infrastructure using lattice-based post-quantum cryptography, an important consideration as custodial security standards evolve ahead of Q-day.
Check 20: Is there a refund or vesting protection mechanism?
Some presales offer a partial refund window or escrow release tied to milestone delivery. These protections are rare but meaningful. Understand what recourse you have if the project fails to deliver on stated milestones.
---
Phase 5: Community and Traction
Check 21: Is the community organic or artificially inflated?
Telegram and Discord member counts are easily purchased. Better signals of organic engagement: the ratio of messages to members, the quality of questions asked, and whether the team answers technical questions directly rather than deflecting.
Check 22: Are there credible media mentions or exchange letters of intent?
Coverage on major industry publications (CoinDesk, The Block, Decrypt) or a confirmed listing LOI from a reputable exchange provides third-party validation. Be cautious of "as seen on" badges that link to paid press release placements.
Check 23: Have independent analysts reviewed the project?
Seek out analyses from researchers who are not affiliated with the project and have no referral link. YouTube influencers and Twitter KOLs are frequently paid to promote presales without disclosure. Look for Substack analysts, on-chain researchers, or crypto venture research reports.
---
How to Use This Checklist
Treat each check as pass, fail, or needs-more-information. Do not invest if more than two checks in Phase 4 (Legal and Security) return a fail. A single honeypot function or unaudited contract should be disqualifying regardless of how compelling the narrative is.
Suggested scoring approach:
- Run through all 23 checks and mark each: ✅ Pass / ❌ Fail / ⚠️ Needs More Info
- Any ❌ in checks 14, 18, or 19 is an automatic disqualify.
- Three or more ⚠️ across the full list warrants a hold until more information is available.
- Strong passes across Phase 1, Phase 2, and Phase 3 with clean security checks represents a defensible entry thesis.
Assign no more capital to any single presale than you could lose in full without material impact on your financial position. Presales are high-risk, illiquid instruments.
---
Common Red Flags Quick-Reference
- Anonymous team with no KYC and no prior track record
- Whitepaper that is largely recycled from other projects (check via copy-paste search)
- No GitHub repository or a repository with a single commit
- Audit report that lists critical findings marked "acknowledged" rather than "resolved"
- Token allocation gives team more than 25% with less than 12-month cliff
- Presale hardcap dramatically exceeds what the roadmap actually requires
- Pressure tactics: "only 48 hours left," FOMO-driven countdown timers with no clear end date
- Roadmap with no specific technical milestones, only vague "Q3 2025: partnerships"
- Liquidity not locked post-launch, or locked for less than 6 months
Frequently Asked Questions
What is the most important check on a crypto presale due diligence checklist?
Smart contract security is the most critical category. A honeypot function, an unrestricted mint function, or an unaudited contract can result in total loss of funds regardless of how compelling the project narrative is. Run every presale contract through Token Sniffer or Honeypot.is before sending any capital.
How do I check if a crypto presale team is legitimate?
Search each named founder on LinkedIn, GitHub, and Twitter/X. Cross-reference their claimed work history against verifiable public records. Check whether the project has undergone third-party KYC (providers like Assure DeFi or Hacken offer this). If the team is entirely anonymous with no KYC verification, treat it as high risk by default.
What is a fully diluted valuation (FDV) and why does it matter for presales?
FDV is the presale token price multiplied by the total token supply. It represents what the market would value the project at if all tokens were in circulation at the presale price. A very high FDV relative to the project's current stage means you need exceptional growth just to break even, and significant selling pressure can emerge as locked tokens vest.
How do I verify that a presale smart contract audit is legitimate?
Go directly to the auditing firm's official website (e.g., certik.com, openzeppelin.com) and search for the project by name. Do not rely solely on a PDF the project team provides, as audit reports can be forged or cherry-picked. Read the findings section of any audit report yourself and confirm that critical and high-severity issues are marked as resolved, not merely acknowledged.
What is a multi-signature wallet and why should presale funds be held in one?
A multi-signature (multisig) wallet requires approval from multiple private key holders before any transaction can execute. Tools like Gnosis Safe let projects set up 3-of-5 or 4-of-7 arrangements. This means no single founder can unilaterally move all presale funds, dramatically reducing the risk of an inside job or single-point-of-failure theft.
Should I invest in a crypto presale with no working product?
No working product at presale stage is not automatically disqualifying, but it raises the risk profile significantly. Evaluate the strength of the team's track record, the specificity of the technical whitepaper, and whether a testnet or GitHub repository with meaningful commit history exists. Weight your position size accordingly, and never allocate more than you can afford to lose entirely.