With thousands of new tokens launching every week, distinguishing legitimate projects from scams has never been harder. Scammers have become sophisticated — they build real websites, hire community managers, and even produce fake audit reports. This guide gives you 8 concrete verification steps you can complete in under 30 minutes for any token.
Step 1: Verify the Contract on a Block Explorer
Go to Etherscan (Ethereum), BSCScan (BNB Chain), or the relevant explorer for the chain. Search the contract address. A legitimate token will have verified source code (green checkmark), a meaningful contract name, and a clear deployment history. If the source code is not verified, you cannot audit the logic — treat it as high risk.
Step 2: Check the Token's Age and Deployment History
Look at when the contract was deployed. Tokens less than 30 days old carry significantly higher risk. Also check if the deployer wallet has a history of other token deployments — serial ruggers often reuse the same deployer address across multiple scam projects.
Step 3: Analyze Token Holder Distribution
Click the 'Holders' tab on Etherscan. If the top 10 holders (excluding the liquidity pool and burn address) control more than 30% of the supply, the token is vulnerable to a coordinated dump. Healthy projects have broad distribution with no single non-LP wallet holding more than 5–10%.
Step 4: Verify Liquidity Lock Status
Unlocked liquidity is one of the strongest rug pull indicators. Check Unicrypt, Team.Finance, or PinkLock to confirm LP tokens are locked. A lock of less than 6 months is insufficient — look for 12+ months or a permanent lock. Also verify the lock covers a meaningful percentage of the total liquidity (>80%).
Step 5: Research the Team
Search the team members' names on LinkedIn, GitHub, and Twitter/X. Verify their claimed credentials — do their GitHub repositories show real development activity? Do their LinkedIn profiles have endorsements and work history that predate the project? Anonymous teams are not automatically scams, but they require extra scrutiny on the other verification steps.
Step 6: Read the Whitepaper Critically
A legitimate whitepaper explains the technology, use case, tokenomics, and roadmap in specific, verifiable terms. Red flags: copy-pasted content from other projects (run sections through a plagiarism checker), vague promises without technical detail, missing tokenomics breakdown, or a roadmap with no past milestones marked as completed.
Step 7: Check Community Authenticity
Join the Telegram or Discord and observe for 10 minutes. Legitimate communities have organic conversations, questions, and debates. Bot-driven communities show identical messages posted at regular intervals, excessive price speculation with no technical discussion, and aggressive moderation that deletes critical questions.
Step 8: Run an Automated Risk Scan
Use GoldenBit.ai to run a 6-pillar automated risk analysis. This covers smart contract vulnerabilities, tokenomics health, team credibility signals, liquidity integrity, community sentiment, and regulatory compliance — all in one score. Use it as your first filter before doing manual research.