The ICO Due Diligence Field Manual

Before you can analyze anything, you need a reliable pipeline of what's launching and when. Aggregators show upcoming sales, dates, raise targets, and backers — but a listing is marketing space, not a seal of approval. Many sites accept paid placements. Use several and cross-reference; treat every entry as an unverified lead.

• ✓ Build a watchlist across 2–3 aggregators so you aren't relying on one curator's bias
• ✓ Note the sale type (ICO / IDO / IEO / launchpad / presale) and exact dates, caps, and chains
• ✓ Find the project's official site/socials from the aggregator, then verify the domain independently
• ✓ Check whether the listing is paid/promoted vs editorially vetted

The white paper is the thesis. Read it as a skeptic: what real problem does this solve, why does it need a blockchain, and why does it need a token at all? Strong papers are specific, cite prior art, and explain exactly how funds are used. Weak ones drown you in buzzwords and promises.

• ✓ Identify the core problem in one sentence — and whether a token is genuinely required to solve it
• ✓ Assess technical feasibility: is the architecture real and specific, or vague hand-waving?
• ✓ Run it through a plagiarism check and compare against similar projects' papers
• ✓ Pull older versions via the Wayback Machine to see what claims/dates quietly changed
• ✓ Confirm a clear, itemized use of funds and a realistic, dated roadmap

You're underwriting people as much as technology. The goal is to verify that the team is real, qualified, and reachable — and that they haven't left a trail of failed or fraudulent projects. Anonymity isn't automatically disqualifying, but it removes accountability and raises the bar on everything else.

• ✓ Cross-check each member on LinkedIn and confirm the claimed history independently
• ✓ Inspect GitHub: real contribution history, or empty/forked repos?
• ✓ Reverse-image-search headshots for stock photos, stolen, or AI-generated faces
• ✓ Search names against past projects — any rug pulls, exits, or lawsuits?
• ✓ Confirm listed advisors actually agreed to advise (names are often used without consent)

Map the web of parties who profit from this token existing: VCs, the launchpad or exchange hosting the sale, and the market makers providing liquidity. The relationship between the team and whoever runs the venue the token lands on is where conflicts hide — an exchange listing a project it secretly incubated, or a founder who co-owns the market maker, is structurally compromised.

• ✓ Identify named investors/VCs and confirm the round directly (not just the project's claim)
• ✓ Map which launchpads/exchanges host the sale or have committed to listing
• ✓ Probe the team ↔ venue relationship: is the exchange/launchpad an affiliate, incubator, or investor?
• ✓ Find the market maker and its terms — loan/option deals can mask fake liquidity
• ✓ Check if 'partnerships' are real integrations or just logos on a slide

Tokenomics decides whether early buyers are exit liquidity for insiders. Look at total vs circulating supply, who holds it, the vesting/unlock schedule, and whether the token has any real reason to be held. A huge insider allocation with no lockup is a slow-motion dump waiting to happen.

• ✓ Map the full allocation: team, investors, treasury, public — what % to insiders?
• ✓ Read the vesting & cliff schedule; flag short or absent lockups on team/VC tokens
• ✓ Compare market cap vs fully-diluted valuation (FDV) — a wide gap means heavy future dilution
• ✓ Verify real token utility and demand sinks (is there a reason to hold, not just sell?)
• ✓ Inspect on-chain holder distribution for whale concentration & wallet clustering

Open source lets anyone verify the logic; closed source asks for blind trust. Either way, find the audit — by a reputable firm, covering the actually deployed contract, with findings resolved rather than merely 'acknowledged.' A logo from an audit firm means nothing until you read the report.

• ✓ Confirm the contract source is verified on the block explorer and matches the audited code
• ✓ Locate the audit report from a credible firm — and read severity, scope, and resolution status
• ✓ Check the audit date vs deployment date: was code changed after the audit?
• ✓ Inspect for dangerous functions: mint, blacklist, pause, hidden owner, upgradeable proxy
• ✓ Run a honeypot / token-safety scan to confirm you can actually sell

Manufactured hype is cheap; genuine community is not. Look past follower counts to the quality of engagement. A healthy community asks hard questions and tolerates criticism. A manufactured one is bots, paid influencers, and a chat that bans anyone who isn't talking about price going up.

• ✓ Audit social engagement quality — real discussion vs copy-paste bot replies
• ✓ Run a follower/bot analysis on the main X account
• ✓ Check if critical questions get answered or if skeptics get banned/deleted
• ✓ Identify paid influencer promotion (look for #ad omissions and coordinated timing)
• ✓ Gauge whether the community discusses the product or only the price

A token's future can be decided by regulators, not markets. As of 2026, U.S. oversight shifted sharply: the SEC and CFTC issued a joint interpretive release classifying crypto assets into five categories and applying the Howey test to transactions, not just the asset itself — meaning the same token can be sold as an unregistered security even if the asset isn't inherently one. Jurisdiction, disclosures, and KYC all shape the off-ramp risk.

• ✓ Determine the issuer's jurisdiction and which regimes apply (US, EU/MiCA, elsewhere)
• ✓ Apply the Howey test to the sale: money + common enterprise + profit from others' efforts?
• ✓ Check the 2026 SEC/CFTC taxonomy: would this read as a digital commodity or a security?
• ✓ Confirm KYC/AML and any geographic restrictions (e.g., US persons blocked)
• ✓ Assess enforcement & off-ramp risk — can holders realistically exit on compliant venues?