PreSaleCryptoBMIC

safety · 9 min read · last updated 2026-05-09

Crypto Presale Due Diligence Checklist (2026 Edition)

A skeptical, retail-side crypto presale due diligence checklist covering team, contract, custody, treasury and exit risks before you commit a single dollar.

Crypto Presale Due Diligence Checklist (2026 Edition)

If you have been around long enough, you already know the pattern: a slick landing page, a countdown timer, a Telegram group full of rocket emojis, and six months later the contract is drained or the team has gone quiet. This crypto presale due diligence checklist is built for the reader who has been burned at least once and would prefer not to repeat the experience. It is not a hype filter. It is a kill list — a sequence of checks designed to give you reasons to walk away before you wire money.

We do not promise this catches everything. Sophisticated scams now include audits, KYC stamps, and venture logos. What this checklist does is raise the cost of deceiving you to the point where most low-effort scams fall out of consideration.

1. Team verification (not just KYC badges)

A KYC certificate from a third party means a human handed over a passport. It does not mean that human will return your funds. Treat KYC as table stakes, not assurance.

  • Search each named team member on LinkedIn, GitHub, and Google with a date range filter set to “before” the project launched. People who appear to exist only after the project does are a problem.
  • Reverse-image search profile photos. AI-generated faces still trip on earrings, glasses frames, and background symmetry.
  • Check whether the team’s claimed past employers acknowledge them. A two-line email to a former company HR address has saved several of our readers.

If the team is anonymous, that is not automatically disqualifying — Bitcoin had an anonymous founder — but anonymous teams should compensate with stronger contract guarantees, time-locked treasuries, and renounced ownership. See our presale red flags guide for the long version.

2. Contract review you can actually do yourself

You do not need to be a Solidity engineer. You need to be patient with a block explorer.

  • Open the contract on Etherscan, BscScan, or Solscan. If it is not verified, stop. An unverified contract in 2026 is either incompetence or intent, and neither is acceptable.
  • Look for the functions mint, setTaxes, blacklist, pause, and upgradeTo. Each of these is a switch the owner can flip against you.
  • Check the owner address. Is it an EOA (a single private key) or a multisig? A 1-of-1 EOA is a single point of failure and a single point of theft.
  • Search the contract on CertiK Skynet and confirm any audit claim by reading the actual PDF — not the badge. Cross-reference the audited commit hash with what is deployed (Etherscan’s verified source page shows this).

For a deeper walkthrough, our smart contract self-audit guide covers the exact click path.

3. Tokenomics that survive a calculator

Most presale tokenomics fall apart the moment you put them in a spreadsheet.

  • Add up every allocation: presale, team, treasury, liquidity, marketing, advisors, ecosystem. It must equal 100%. If it does not, the deck is hiding something.
  • Compute fully diluted valuation at the listing price. If FDV is over $500 million for a project with no product, you are not early — you are exit liquidity.
  • Check vesting cliffs. A team with a 30-day cliff is incentivised to pump and dump. Twelve to twenty-four months with linear unlock is the minimum for credibility.
  • Look at presale price versus listing price. A spread of more than 2x to the public means early buyers are pre-loaded to dump on retail at TGE.

4. Treasury and liquidity custody

Where does the raised money go, and who can move it?

  • The receiving wallet should be a multisig (Gnosis Safe on EVM, Squads on Solana). A single hot wallet holding several million dollars is a liability for everyone, including the team.
  • Locked liquidity should be verifiable on-chain via Team Finance, UNCX, or equivalent — and the lock duration should outlast the team’s vesting cliff. Otherwise the team can dump, then withdraw the floor.
  • For your own funds, consider where you are sending them from. A self-custody wallet you control, not an exchange withdrawal, gives you a clearer audit trail. If you are still figuring out custody, our wallet shortlist is a defensible starting point, and our review of BMIC.ai covers one option built specifically for presale participation.

Most presales are not registered securities offerings. The SEC’s investor alert on token offerings is from 2017 and still accurate: most of these are unregistered, and your recovery options if something goes wrong are minimal.

  • Check the terms of service. Are US persons explicitly excluded? If yes, and you are American, participating may void any future legal claim.
  • Identify the issuing entity. “Foundation” registered in the British Virgin Islands with no named directors is functionally a ghost.
  • Search the entity name in court records and OFAC sanctions lists. This takes ten minutes and has caught at least three projects we covered in 2025.

6. Community and signal quality

Telegram member counts can be bought. So can Twitter followers, Discord boosts, and CoinGecko comment volume.

  • Sample twenty random Telegram members. How many have profile photos, posting history outside this one channel, and accounts older than thirty days?
  • Read the questions that get deleted or muted in the chat. Real teams answer hard questions. Scam teams ban the asker.
  • Check whether the project’s name was registered as a domain in the past 90 days. A token claiming to be an established protocol with a domain registered last month is lying.

7. The walk-away test

After every check, ask one question: if I lost 100% of what I put in tomorrow, would I have a coherent story for why I sent it? “Influencer X said it would 50x” is not a coherent story. “The team is doxed, contract is renounced, liquidity is locked for two years, FDV is reasonable, and I am sized for total loss” is.

For ongoing tracking, we publish a weekly presale risk roundup and individual teardowns on the presales index, all using the presale scoring methodology so you can see exactly how each project is graded.

Honest summary

No checklist eliminates risk in this category — presales are speculative bets on people you have never met building products that may not exist. What this list does is filter out the worst 80% of opportunities so you can make a clearer-eyed decision on the remaining 20%. If you cannot complete every section above for a given project, the answer is not to lower the bar. The answer is to skip that one and wait for the next.

Wallet shortlist for this topic: see our wallet reviews

FAQ

How long should presale due diligence actually take?
For a meaningful pass, allocate two to four hours per project. Anything faster and you are gambling, not researching. Most red flags surface only after cross-checking three independent sources.
Is an audit enough to trust a presale contract?
No. Audits cover the code submitted, not the code deployed. Always verify the deployed bytecode matches the audited commit, and check for owner privileges that audits often flag but readers ignore.
What is the single biggest red flag in 2026 presales?
Unverified contracts combined with anonymous teams holding mint or upgrade keys. The 2024-2025 rug data from Chainalysis shows this combination accounts for the majority of total losses.

Sources

Research, not advice. This article is editorial. We are not your financial adviser. Crypto presales can lose 100% of capital.