A structured crypto due diligence checklist is the most reliable tool for verifying any investment, exchange, or recovery service before you transfer funds. Quick Answer: Before depositing funds with any crypto platform, work through six checks in order: verify its regulatory status, research the team behind it, check the domain and company age, search independent complaint sources, stress-test its claims, and start small if you proceed. A failure at any early step is usually reason enough to stop.
This guide covers everything about crypto due diligence framework so you can make informed decisions. This checklist is the detailed version of the framework referenced in our guide to avoiding crypto scams. Use it as a working tool: go in order, and stop as soon as something fails to check out rather than continuing because everything else looks fine.
Crypto due diligence framework: 1. Verify Regulatory Status
Start here because it is the fastest, most objective check available. If a platform claims to be a registered exchange, broker, or investment firm, that claim is verifiable in minutes through public regulator databases – the SEC’s EDGAR and Investment Adviser Public Disclosure systems, FINRA BrokerCheck, the CFTC’s registration lookup, or the equivalent regulator in the platform’s claimed jurisdiction (the FCA register in the UK, for example).
Search for the exact legal entity name, not just the brand name – scam operations frequently borrow a real, registered firm’s name while operating as a completely separate, unregistered entity. If the entity name on the registration doesn’t match the entity name you’re actually sending funds to, that mismatch is itself a red flag. No registration where one is claimed, or a registration that doesn’t cover the activity being offered, is generally enough to stop here.
2. Research the Team
Look up the named founders, executives, or “senior analysts” individually. A legitimate financial platform’s leadership typically has a consistent, verifiable public history: LinkedIn profiles with a real work history that predates the platform, mentions in independent press, or a track record at named prior employers that can themselves be verified.
Be skeptical of profile photos that appear only on the platform’s own site and nowhere else (reverse image search can help), biographies that are heavy on credentials but light on verifiable specifics, and teams that are anonymous or use only first names. A platform handling other people’s money with no identifiable, accountable humans behind it is a structural problem, not a minor gap.
3. Check Domain & Company Age
A WHOIS lookup shows when a domain was registered. Many scam platforms run on domains that are only weeks or months old, regardless of how established the branding claims to be – a “10-year-old firm” with a domain registered three months ago is an immediate inconsistency worth investigating further.
Cross-check the claimed company registration against the actual corporate registry for its stated jurisdiction (state Secretary of State databases in the US, Companies House in the UK, and equivalents elsewhere). A real, currently active registration with a filing history is a positive signal; no record at all, or a status of dissolved or revoked, is not.
4. Search Independent Complaint Sources
Search the platform or company name alongside terms like “scam,” “review,” “withdrawal,” and “complaint” across independent sources – the SEC’s and CFTC’s public complaint and enforcement databases, the Better Business Bureau, Trustpilot, and relevant subreddits or forums. Pay particular attention to a pattern of complaints specifically about being unable to withdraw funds, since that is the most common failure mode in crypto scams.
Treat an absence of any independent mentions at all with the same caution as negative ones – a platform claiming a large user base or years of operation should generally have left some footprint somewhere outside its own marketing.
5. Stress-Test the Claims
Run the platform’s advertised returns through basic sanity checks. Guaranteed or “low-risk” returns that are well above what comparable, regulated investment vehicles offer are a near-universal marker of fraud – genuine investment returns fluctuate and carry disclosed risk, not guarantees. If a referral or “account manager” is pushing you toward a specific figure, ask what happens if you want to withdraw a large amount; pressure, delay, or a request for additional fees in response is itself the answer.
6. Start Small If You Proceed
If a platform passes the checks above, the final test is operational rather than reputational: deposit a small amount, and – separately – test a withdrawal of a small amount before committing more. A platform that handles a small deposit and withdrawal smoothly has cleared a meaningfully higher bar than one that has only been evaluated on paper. Continue increasing exposure gradually rather than all at once, and treat any new friction around withdrawals at any stage as a reason to stop and withdraw everything you can immediately.
Frequently Asked Questions
Do I need to complete all six steps for every platform?
Yes, ideally, but the steps are ordered by speed and objectivity for a reason. Regulatory status and domain age take minutes to check and are the most likely to disqualify a platform outright. If a platform fails either of those, you can reasonably stop without spending time on the remaining steps.
What if a platform is too new to have much of an independent track record?
Genuine new platforms do exist, so newness alone isn’t disqualifying. But it does mean steps 1, 2, and 3 carry more weight, since there’s less independent complaint history to lean on in step 4. A new platform with verifiable regulatory status, an identifiable team, and a consistent company history is a different risk profile than a new platform with none of those.
I already deposited funds before doing any of this. What now?
This checklist is meant for before you deposit; if you’ve already sent funds and now have concerns, that’s a different situation. See our guide on what to do immediately after being scammed and on where to report it.
For official reporting, visit the FTC scam reporting center or the FBI Internet Crime Complaint Center (IC3).
