Crypto scams have grown into a multi-billion-dollar global problem. For agencies, publishers, media partners, and influencers working with Web3 projects, verifying legitimacy is no longer optional – it’s the most important brand protection.
This guide outlines how we at Bitmedia.io analyze new projects before agreeing to promote them and how your team can run similar checks to avoid scams, reputational damage, or legal risks.
How many crypto scams happened in 2024-2025?
FBI (IC3) reported that in 2024, U.S. citizens alone lost $9.3 billion to crypto-related fraud. Multiple cybersecurity and blockchain analytics reports by CertiK, Immunefi, Chainalysis say that the total global losses from hacks + scams in 2024 are estimated at $10–12 billion, including incidents still under investigation.
According to Immunefi, in the first half of 2025, crypto investors already lost over $2.5 billion to theft, scams, and protocol exploits. Analysts note that fraudsters increasingly use AI agents, deepfake KOLs, automated bots, and pig-butchering operations, which leads to harder-to-detect scams.
Bottom line: crypto fraud is no longer a series of isolated incidents – it is a scalable, industrialized business, and every Web3 service provider must adapt.
Why this matters for agencies, media & publishers
The rise in scams has made exchanges, ad networks, journalists, and influencers much more careful. Promoting a fraudulent project, even unintentionally, can result in:
- Severe reputation damage
- Legal liability (especially if investors lose funds)
- Payment disputes
- Chargebacks
- Ad-account suspensions
- Loss of long-term trust from partners
As a Web3-focused advertising ecosystem, Bitmedia applies strict internal due diligence to protect our publishers, advertisers, and partners.
How Bitmedia evaluates whether a project is legit or a potential scam
Below is the exact process we use at Bitmedia before accepting a Web3 project for advertising.
1. Team verification: Who is behind the project?
Founders are the #1 indicator of legitimacy. We check:
- LinkedIn profiles — their work history, real activity, mutual connections.
- X (Twitter) — consistency, professional reputation, posting history.
- Photo authenticity — reverse-image search to detect AI-generated or stolen pictures.
- Account age — newly created founder accounts appearing simultaneously are a major red flag.
Tip: Real founders have years of digital footprints.
Fake teams appear online suddenly, with AI faces, empty feeds, and suspicious engagement.
2. Whitepaper & Roadmap analysis
A legitimate project has:
- A detailed whitepaper
- Technical documentation
- Clear explanation of token utility
- A realistic roadmap
If the whitepaper is vague, generic, or copied → we request revisions or decline.
3. Tokenomics & Unlock schedule
We examine:
- Allocation percentages
- Founder/team supply
- Vesting schedule
- Unlock cliffs
- Reward mechanics
If founders hold too much token supply with no lockup, the project becomes a high-risk dump scenario.
4. Smart contract & Code review
We verify:
- Contract deployment history
- GitHub activity
- Public audits (CertiK, Hacken, PeckShield, Halborn)
- Whether the token is renounced or controlled by insiders
No audit → we ask why.
Suspicious admin privileges → immediate red flag.
5. On-Chain wallet diagnostics
Using tools like Etherscan, Solscan, Nansen, and Arkham:
- We check for whale concentration
- Insider-controlled liquidity
- Sudden movements before announcements
- Known scam-associated wallets
6. Liquidity check (DEX)
A major rug-pull pattern:
- Liquidity is unlocked
- Liquidity is controlled by a single wallet
- Sudden liquidity removals
We require liquidity-lock verification for DeFi projects.
7. Community & Social proof
We assess:
- Organic engagement vs bot activity
- Discord growth patterns
- Comment-to-follower ratios
- Repetitive “scripted” comments
Fake communities are easy to detect through engagement quality.
8. Product reality check
We verify whether:
- There is a real MVP
- Demo works
- GitHub shows consistent commits
- There is a functional website or DApp
Many scams claim features that don’t exist.
9. Marketing claims
A legitimate project never promises:
❌ Guaranteed returns
❌ “10x soon”
❌ Risk-free staking
❌ Daily passive income
❌ “Only up” charts
Projects using these tactics are rejected immediately.
10. Partnership verification
Many scam projects list fake partners. We check:
- Does the partner confirm the relationship?
- Is there a real announcement?
- Are logos used without permission?
If any partner cannot confirm, we will stop all cooperation.
Below is the set of checks we perform before agreeing to promote or advertise a Web3 project.
| Verification Area | What We Look For / Why It Matters |
| Team (Doxxed or Undoxxed) | Anonymous founders are the #1 predictor of rug pulls. We verify LinkedIn, past employment, previous failures, and whether team members actually exist. |
| Whitepaper / Roadmap | Missing, vague, or generic documents are a red flag. Real projects have detailed tech descriptions and a realistic roadmap. |
| Tokenomics & Unlock Schedule | If founders hold too much supply or there is no vesting → high dump risk. We evaluate token distribution and unlock patterns. |
| Smart Contract Audit | A legit Web3 product should have a verified contract and ideally a third-party audit. If there’s no audit, we ask why. |
| On-chain Wallet Analysis | We check if the token is heavily concentrated in a few wallets, if there are suspicious movements, or if liquidity is controlled by insiders. |
| Liquidity (Locked or Not) | Unlocked liquidity is one of the most common rug-pull indicators. |
| Community Health | We analyze Twitter, Telegram, Discord — looking for signs of bots, fake engagement, or scripted comments. |
| Product Reality Check | Does the product actually exist? MVP? Demo? GitHub commits? Many scams advertise features that don’t exist. |
| Claims & Marketing Promises | Guaranteed returns, “passive income”, or “10x soon” = scam pattern. |
| Partnership Verification | We directly check if claimed partnerships are real. Many scams list fake partners (Google, Binance, Ledger). |
What to do if a project raises concerns
If red flags appear:
- We request additional audits, token unlock schedules, and founder KYC.
- Senior specialists review on-chain and off-chain data.
- We pause or fully decline the collaboration.
- We document all findings — screenshots, links, wallet hashes.
- During campaigns, we continue monitoring on-chain activity.
Transparency is our foundation — we never publish misleading information or unrealistic claims.
How to detect suspicious projects: Recommended scam-alert monitors
These accounts frequently expose fraudulent founders, rug pulls, exploits, and scam tokens.
Twitter / X Accounts
| Handle | Description |
| @zachxbt | Leading on-chain investigator exposing large-scale fraud. |
| @peckshield | Real-time alerts on hacks, exploits, abnormal transactions. |
| @CertiKAlert | Incident alerts from CertiK’s auditing and monitoring systems. |
| @ScamSniffer | Tracks phishing, scam sites, malicious wallets. |
| @WuBlockchain | Reports major security incidents and hacks. |
| @SolanaFloor | Monitors suspicious Solana mints and rugs. |
Note: Because Twitter/X’s verification and listing systems changed, many scam accounts now hide behind legitimate-looking profiles. That’s why community-driven trackers remain key factors.
Reddit Communities
| Subreddit | Focus |
| r/CryptoScams | Reports of scam projects, rug pulls, phishing, and fake tokens. |
| r/cryptocurrency scam-alert megathreads | Community discusses suspicious tokens and fake founders. |
| r/scams | Broader scam coverage, including crypto cases. |
| r/web3dev | Technical discussions where developers expose malicious code. |
These Reddit threads often include detailed user testimonials, wallet addresses, transaction hashes — sometimes revealing scam mechanisms one can replicate in a due diligence checklist.
Instagram (cross-posted alerts)
- scamalerts.crypto
- web3crimewatch
- defi.fraud.alerts
Telegram Channels
- Crypto Scams Radar
- Rug Pull Detector
- DeFi Hack Updates
How to use scam-alert sources
Monitoring scam-alert accounts, Reddit threads, and investigative researchers is not just for curiosity, but a key part of our agency’s due diligence. Here’s why these sources are important:
- Early Detection. Scam-alert accounts or vigilant Reddit users often surface warnings before major losses occur, including rug pulls, hacks, or fake token launches. Monitoring these alerts gives you a head start in risk avoidance.
- Community-Level Vetting. When multiple independent users flag a project as suspicious, this acts as a social verification failure, signaling the project may not be trustworthy.
- On-Chain Transparency & Public Pressure. Many scam hunters provide wallet addresses, transaction IDs, and other evidence that can be cross-checked for audits or compliance purposes.
- Cross-Check & Corroboration. By combining multiple sources, like X, Reddit, Telegram, and on-chain data, agencies can confirm or disprove suspicious claims rather than relying on a single “hype” or unverified source.
As an agency, we can’t rely on trust alone — we must systematically evaluate every project before promoting it. What we should keep in mind:
- Not every flagged project is a guaranteed scam. Some may simply be risky or early-stage. Always combine social warnings with technical checks (audits, liquidity, tokenomics).
- Scam-alert accounts or Reddit threads may include false positives or FUD. Treat claims critically, and always require proof — on-chain data, audit reports, or contract inspections.
- Some scammers impersonate legitimate wallets/accounts. Always double-check handles, contract addresses, and token details before trusting them.
Quick scam check you can do yourself
Part 1. Check founders and company representatives
One of the strongest early indicators of project legitimacy is who stands behind it. Many scams hide behind fake identities, AI-generated photos, or stolen LinkedIn profiles.
1. Verify social media presence (X, LinkedIn, YouTube)
Legitimate founders generally have:
- LinkedIn with employment history, endorsements, and connections
- Active X (Twitter) account with organic interactions
- Verified participation in podcasts, AMAs, conferences, or talks
- Mentions in reputable media
- Real photos from events or industry meetups
If a “well-known founder” exists, you should find multiple traces of their work before the token launch.
2. Run reverse image searches
Check profile images via:
- Google Reverse Image Search
- Yandex Image Search (good for face similarity)
- TinEye
- AI-image detectors (Hive, Illuminarty)
Red Flags:
- No matching images online
- Appears on stock-photo or modeling sites
- AI artifacts (asymmetric eyes, distorted backgrounds, unnatural hands)
- Same image used under different names
In nearly all legitimate companies, founder photos have a discoverable history.
3. Validate name & Career history
Search for:
- <Name> + crypto
- <Name> + LinkedIn
- <Name> + conference / keynote
- <Name> + scam
- <Name> + investor
What to look for:
- Past startups or companies
- University background
- Articles, interviews, GitHub contributions
- Crunchbase / AngelList mentions
Red Flags:
- No digital footprint
- Brand-new LinkedIn
- Unverifiable work history
- AI-generated corporate titles like “Head of Web3 Innovations Global Division”
4. Ask for a live call
Before signing agreements, request at least one video call with a founder or senior representative. Scammers tend to:
- Delay calls
- Claim timezone issues
- Insist on text-only communication
- Turn off cameras
Legitimate teams embrace calls to build trust.
Part 2. Check social media account creation dates & activity patterns
Another critical signal is the timing of when the founders’ accounts were created. Scam projects often build their online presence very quickly and in a coordinated way. As a result, the founders’ X (Twitter), LinkedIn, Telegram, and even Discord accounts appear within the same short time frame as the project itself.
1. Look at when their accounts were created
Legitimate founders typically have:
- Years-old LinkedIn histories
- X accounts created long before their project existed
- Earlier posts unrelated to the new token or startup
- Industry engagement that predates the launch
Scam founders often show:
- LinkedIn was created in the same month as the project website
- X account was created a few weeks before the token listing
- No posts before the project’s marketing campaign
- A sudden burst of activity to make the profile look “alive”
If all founders suddenly appeared online at the same time, this is a major red flag.
2. Compare activity patterns
Check if:
- All founders started posting during the same week
- Their posts are too polished or too generic (“Excited for our journey!”)
- They interact only with each other’s accounts
- Followers look like bots or were purchased recently
This “synchronized growth” typically indicates that the profiles were created as part of a pre-planned scam operation rather than genuine industry participation.
Below, we showcase two example accounts belonging to individuals presented as a founder and a company’s CEO. Both profiles were created within the same narrow time frame and displayed identical posting dates with strikingly similar AI-generated content. These coordinated patterns allowed us to determine that the accounts were fabricated. Moreover, the profile photos were confirmed to be AI-generated as well.
We also draw your attention to the included screenshot from an X (Twitter) user who identified the real appearance of the building that the alleged founders claimed as their company’s location. The actual building at that address looks entirely different from the one shown in their posts, further confirming that the visuals were fabricated.
On the other photos — posted around the same time on both accounts — the “founders” suddenly switch to nearly identical lifestyle content featuring lunches, breakfasts, and casual food shots. This is followed by a series of images allegedly taken in their “office,” which, as our verification shows, does not actually exist.
3. Match account history with claimed experience
Suppose a founder claims: “10 years in fintech”, “Previously at Binance / Coinbase”, “Serial entrepreneur since 2015,” …but their LinkedIn was created in 2023 with no past colleagues, no endorsements, and no old posts. In that case, the story doesn’t add up.
Gaps between claimed experience and actual account history are one of the easiest ways to uncover fake founders.
Part 3. Use Google to spot early scam signals
One of the fastest ways to perform an initial scam check is simply to run a basic search. Before you start any cooperation, go to Google (or any search engine) and type:
“[Project Name] + scam”
“[Project Name] + legit”
This simple step can immediately reveal:
- Forum discussions on Reddit or Bitcointalk
- Complaints from users who already interacted with the project
- Warning threads from scam-alert communities
- Screenshots and testimonies shared on social media
You can also search via hashtags on X (Twitter), for example:
#ProjectName + scam
Often, community members flag suspicious behavior long before media outlets or regulators notice anything. Someone may have already lost funds or documented odd interactions with the team.
This method is quick, free, and takes less than a minute, but it can save your company from major reputational and financial risk.
Naturally, not every negative comment means a project is a scam. Small issues, misunderstandings, or customer-service delays can be easily blown out of proportion by individual users. But these early signals are still extremely useful and should prompt deeper due diligence, not immediate judgment.
As Bitmedia, we strongly recommend paying attention to these basic, self-service checks before agreeing to collaborate with any Web3 project. They help you avoid unnecessary risks and protect your brand from becoming associated with fraudulent actors.
Related Posts
