PreSaleCryptoBMIC

safety · 9 min read · last updated 2026-05-09

How To Know If A Presale Is Legit: A Verification Checklist

How to know if a presale is legit using on-chain checks, contract audits, team verification, and regulatory red flags. A skeptical retail-first checklist.

How To Know If A Presale Is Legit: A Verification Checklist

If you have landed here, you are probably staring at a countdown timer, a Telegram group with 12,000 members, and a website with a green “Audited” badge. You want to know how to know if a presale is legit before you wire ETH to a contract address. Good. That hesitation is the most valuable thing you own right now. The rest of this guide is a checklist that lets you turn hesitation into a structured decision instead of a vibe check.

We are going to assume the worst case throughout. Roughly $2.0 billion was stolen from crypto users in 2024, with rug pulls and “exit scams” remaining a meaningful portion of presale-stage losses, according to Chainalysis. That is the baseline. Your job is to find reasons to disbelieve the project, not reasons to be excited.

1. Verify the contract, not the website

A polished landing page costs $200 on Fiverr. A clean Solidity contract costs more, but it is also the only thing that legally binds the project to anything.

Before sending funds:

  • Find the actual presale contract address. It should be published on the project’s official site, GitHub, and at least one independent source (CoinGecko, an audit report PDF, the team’s verified social).
  • Open the address on Etherscan, BscScan, or Solscan. Confirm the contract is verified (source code visible).
  • Check ownership. Is there a single EOA owner with mint() or pause() privileges? Can the owner change the token tax or blacklist wallets? These functions are how soft rugs happen.
  • Look for a renounced ownership or a multisig. A 2-of-3 multisig where all three keys belong to the founder is theatre. Look at the signers on-chain.

If the project will not publish the contract address before you send funds, that is the entire answer. Walk away. We cover this in more detail in our presale scoring methodology.

2. Read the audit, do not just look at the badge

CertiK reported over 760 Web3 security incidents in 2024 with cumulative losses above $2.3 billion. Many of those projects had audits. The audit was just ignored.

When you see an “Audited by X” badge:

  1. Click it. A real audit links to a public PDF report on the auditor’s domain.
  2. Check the date. An audit from January for a contract redeployed in April is worthless.
  3. Read the findings section. Auditors usually flag centralisation risks, unrestricted minting, and admin functions. The project’s response (“Acknowledged”) often means “we did not fix it.”
  4. Cross-reference the audited contract address with the actual presale address. They are sometimes different.

A medium-tier audit firm with all “Acknowledged” criticals is not safer than no audit. It is potentially more dangerous because the badge creates false confidence.

3. Trace the team

You do not need full doxxing, but you need accountable humans.

  • Reverse image search team photos. AI-generated faces are now common. So are stolen LinkedIn portraits.
  • Cross-check LinkedIn profiles against the claimed work history. A “former Binance engineer” with a profile created last month is not.
  • Find the founder on at least two platforms with consistent posting history older than the presale.
  • If the team is fully anonymous, that is not automatically disqualifying — but the technical and treasury controls then need to be far stronger to compensate. See our guide on evaluating anonymous founders for the framework.

4. Look at the tokenomics on paper and on-chain

Whitepapers lie. Contracts do not.

Compare the published token distribution to the actual on-chain allocation once tokens are minted. If the whitepaper says “team: 15% with 24-month vest” but the deployer wallet still holds 40% with no vesting contract, the document is fiction.

Specific things to verify:

  • Total supply matches the whitepaper.
  • Team and advisor wallets are identifiable and locked in a vesting contract you can read.
  • Liquidity is locked (Unicrypt, Team Finance, or similar) for a minimum credible duration. We generally consider less than 6 months a yellow flag.
  • No single non-team wallet holds more than 5% unless explained.

Our tokenomics red flags guide goes deeper on this.

5. Check the regulatory posture

The SEC has repeatedly warned that many presales constitute unregistered securities offerings. ESMA has issued similar guidance under the MiCA framework, which became fully applicable across the EU in December 2024.

Real questions to ask:

  • Does the project geo-block US, UK, or EU users where required? A project that ignores this is either reckless or planning to disappear before enforcement.
  • Is there a credible legal opinion published? Note: a “legal opinion” written by the founder’s cousin is not credible.
  • Are funds going to a registered entity, or to an EOA? Wire transfers to a personal wallet with no corporate structure means there is nobody to sue when things break.

For tax implications of presale participation, see presale tax treatment.

6. Stress-test the marketing

Compare what the project promises against what is technically delivered today.

  • Is there a working testnet, demo, or GitHub with real commit history (not a single bulk-import on launch day)?
  • Are the partnerships announced one-sided? “Partnered with Chainlink” usually means they used the Chainlink SDK, not that Chainlink endorsed them.
  • Are influencers being paid? Disclosed paid promotions are normal. Undisclosed ones are an FTC and ASA violation and a tell that the team is willing to mislead.

7. Custody hygiene before you send

Even a fully legitimate presale can drain you if your wallet is compromised. Use a fresh wallet specifically for presale participation, ideally hardware-backed. Our wallet shortlist covers options. Approve only the exact contract, never an open-ended setApprovalForAll, and revoke approvals after the contribution period closes.

What we could not verify

For most presales, you will hit a wall on at least one of: real treasury controls, true team identity, or off-chain partnership claims. That is normal. The point of this checklist is not to achieve certainty — it is to count the unverifiable items and decide if the residual risk is acceptable for the size you are considering.

Honest summary

There is no single test that proves a presale is legitimate; legitimacy is an accumulation of small verifiable facts and the conspicuous absence of red flags. If a project resists any of the checks above — hides its contract, dodges questions about ownership, refuses to identify a legal entity — treat that resistance itself as the answer. Most retail losses in presales come not from sophisticated exploits but from ignoring the boring checklist because the chart was already moving.

Wallet shortlist for this topic: see our wallet reviews

FAQ

Can a presale be "audited" and still be a scam?
Yes. An audit only checks the contract code at a point in time. It does not verify the team, the treasury controls, or whether tokens will ever list. Treat audits as one signal, not proof of legitimacy.
Is a KYC'd team enough to trust a presale?
No. Third-party KYC services confirm an ID was shown, not that the people behind a project are honest or competent. Several rugged projects had KYC badges. Use it as a minor positive, not a green light.
What is the single biggest red flag?
An owner-controlled contract that can mint unlimited tokens or pause transfers, combined with anonymous founders and no vesting schedule. That combination has preceded most rug pulls we have catalogued.

Sources

Research, not advice. This article is editorial. We are not your financial adviser. Crypto presales can lose 100% of capital.