Every week, a new crypto project launches via IDO — and every week, investors lose money on projects they didn't properly vet. The difference between a 50x gain and a total loss often comes down to one thing: due diligence.
In 2026, the market has evolved. Scams are more sophisticated. Legitimate projects are harder to distinguish from polished fakes. This guide gives you a systematic, repeatable framework for vetting any IDO project — the same process experienced launchpad investors use.
Why IDO Due Diligence Matters More in 2026
The crypto fundraising landscape has changed. IDO launchpads now process thousands of applications, but their vetting varies wildly. Some do deep audits; others rubber-stamp for volume. The question of whether launchpads can prevent scams is still very much open.
Key shifts in 2026 that make DD harder (and more necessary):
- AI-generated pitch decks — convincing materials created in minutes, zero substance behind them
- Synthetic team identities — fake LinkedIn profiles, fabricated advisory boards
- Fabricated audit reports — forgeries of real audit firms' templates
- Liquidity "fakery" — wash-traded volume on DEXes to create false demand signals
The tools that worked in 2021 — "does it have a whitepaper?" — are useless now. You need a deeper framework.
The 7-Step IDO Due Diligence Framework
1. Team — Who's Really Behind This?
This is the single most important step. A project with a strong team can pivot when things go wrong. A project with a fake team will rug without hesitation.
Checklist:
- LinkedIn verification: Do the founders have genuine employment history? Do their previous roles match what they claim? Look for newly created profiles with zero network.
- GitHub activity: Does the lead developer have a history of commits? Is the codebase public and active?
- Video presence: Have they done AMAs, podcasts, or on-camera interviews? An unwillingness to show face is a major red flag.
- Previous projects: What have they built before? Search their names + "rug" or "scam" on-chain.
- Advisors: Are the claimed advisors genuinely involved? DM them on LinkedIn or Twitter to confirm.
Compare with real launchpad case studies to see how legitimate teams present themselves.
2. Tokenomics — Follow the Supply
Always ask: who gets tokens, when can they sell, and at what price?
Critical metrics to analyze:
- Total supply & initial circulating: A tiny circulating supply against a massive total supply means massive sell pressure from unlocks.
- Vesting schedule: Team & investor tokens should vest over 12-24 months minimum, with a cliff of 3-6 months. If the team unlocks everything at TGE, run.
- TGE unlock percentage: For a fair launch, 10-25% of total supply at TGE is normal. Above 40% is concerning.
- Token sale price vs. public price: If private sale investors got tokens at 90% discount to IDO price, the public is exit liquidity.
- Use of funds: At least 40% should go to product development, not marketing or "liquidity provision."
For a deeper look at token launch mechanics, read our guide on what a TGE actually involves.
3. Smart Contract & Security Audits
An audit doesn't guarantee safety — but no audit guarantees a scam.
What to check:
- Who audited it? Top firms: Trail of Bits, OpenZeppelin, Certik, Hacken, SlowMist. Each has a public audit database where you can verify reports.
- Is the audit report real? Scammers forge audit PDFs. Cross-reference the report number on the auditor's official site.
- What was the finding severity? Minor gas optimizations are OK. Critical or high-severity findings in the final report? That's a red flag.
- Has it been re-audited after fixes? Fix commits should have a follow-up audit or at least a verification letter.
- Does the project have a bug bounty? Active programs on Immunefi or Hackenproof show commitment to security.
See our security audit checklist for more details on what to look for.
And check our guide on choosing a proper audit service for presale platforms.
4. Launchpad Tier & Due Diligence Standards
Not all launchpads are equal. Some perform thorough vetting; others are factory lines for token sales.
Evaluate the launchpad itself:
- Track record: How many projects from their past IDOs are still trading above IDO price after 90 days?
- KYC/AML process: Does the launchpad require KYC for both projects and participants?
- Refund policy: If the project fails to launch or gets exploited, what happens to your funds? Read their security and refund policy carefully.
- Allocation & tier system: How tier allocations work reveals a lot about who they prioritize — whales or retail.
- Community reputation: What are people saying on Twitter, Telegram, and forums? Check for patterns of complaints.
5. Community & Social Proof (Real vs. Bots)
Fake engagement is cheap. A project can buy 50,000 followers, 10,000 Telegram members, and daily tweet engagement for under $500.
How to detect bot armies:
- Telegram member-to-active ratio: If they have 30,000 members but only 50 active chatters, that's a bot farm.
- Twitter engagement patterns: Are replies generic ("GM," "LFG," rocket emojis)? Real communities have substantive discussions.
- Discord quality: Active voice channels, genuine questions, and developer presence are good signs.
- Timezone distribution: Bot armies tend to post at uniform intervals. Real communities follow natural timezone curves.
How launchpads leverage community support gives you a benchmark for what healthy engagement looks like.
6. Product & Technology — Does It Exist Beyond a White Paper?
A white paper is a marketing document. A working product is proof of execution capability.
Verification steps:
- GitHub or GitLab: Is there active development? Check commit frequency, number of contributors, and code quality.
- Testnet/Mainnet: Can you interact with a live or test version of the product? A project with nothing deployable 30 days after TGE is a warning sign.
- Real users: Do they have actual user metrics they can share? TVL, daily active users, transaction volume?
- Roadmap realism: Is the roadmap achievable with their current team size and funding? Overly ambitious timelines are a red flag.
7. Exit Strategy & Liquidity Plan
So the IDO succeeds. What happens after?
Key questions:
- Initial DEX listing: Which DEX? Is the liquidity pool locked? Use a locker like Unicrypt or Team Finance to verify lock duration (minimum 6-12 months).
- CEX listing plans: Are there confirmed exchange listings? "In talks with Tier 1 exchanges" without names means nothing.
- Market making: Is there a professional market maker? Without one, price discovery is erratic and vulnerable to manipulation.
- Sell pressure management: How are sell orders from unlocks managed? Some projects coordinate with market makers to absorb sell pressure.
Quick Red Flag Reference Table
| Red Flag | Severity | Action |
|---|---|---|
| No audit or fake audit | Critical | SKIP |
| Team anonymous / no video presence | Critical | SKIP |
| Team unlocks >30% at TGE | High | Deep dive required |
| Private sale >80% discount to IDO | High | Deep dive required |
| Bots >90% of community | High | Deep dive required |
| Overly complex tokenomics | Medium | Ask questions |
| No product before TGE | Medium | Ask questions |
| Low liquidity lock duration | Medium | Monitor closely |
Due Diligence Template (Copy & Use)
Use this template for every IDO you research. If any critical item is missing or red, skip the project.
Project name: _________ Network: _________ Launchpad: _________ IDO date: _________ TEAM (pass/fail): ☐ Doxxed with verifiable LinkedIn ☐ Previous projects verifiable ☐ Video AMA or interview done ☐ GitHub presence TOKENOMICS (pass/fail): ☐ Team vesting >= 12 months ☐ Initial circ supply <= 25% total ☐ Private sale premium clear ☐ Use of funds breakdown SECURITY (pass/fail): ☐ Audit by top-5 firm (verified) ☐ No critical findings ☐ Bug bounty active ☐ Liquidity locked >= 6 months COMMUNITY (pass/fail): ☐ Engagement matches member count ☐ Substantive discussions ☐ No bot pattern PRODUCT (pass/fail): ☐ Working demo / testnet ☐ Active GitHub ☐ Real roadmap VERDICT: INVEST / SKIP / WATCH
Tools & Resources for Deeper Research
- Chain analysis: Etherscan, BscScan, Solscan — check token holder distribution. Top 10 holders holding >60% is centralization risk.
- Smart contract verification: Verify on block explorer that the deployed contract matches the audited code.
- DEX screener: DexScreener, GeckoTerminal — track early price action and detect wash trading patterns.
- Wallet tracking: Look at team wallets on-chain. Do they dump tokens after launch?
- Due diligence forums: Crypto Twitter, Reddit (r/cryptocurrency, r/ethdev), and specialized Telegram groups for early warnings.
- Rug check tools: Honeypot.is, RugDoc, Token Sniffer — basic but useful first-pass screening.
- Legal entity lookup: Cross-reference the project's registered entity against the promised jurisdiction. If they claim to be a UK company but aren't registered at Companies House, that's a flag.
Final Word: FOMO Is Your Enemy
The best due diligence decision you can make is patience. No IDO is worth investing in if you haven't run through this checklist. The project that looks like a once-in-a-lifetime opportunity today will look different tomorrow after a few hours of research.
Every project that turned out to be a scam looked great on launch day. The difference is what the research revealed before the token price dropped 80%.
Take 48 hours minimum between first hearing about a project and committing funds. Talk to people who've done their own research. Cross-reference everything.
And if something feels off? Trust your gut. The next good IDO is always coming.
Frequently Asked Questions
Q1: Is KYC on a launchpad enough to trust a project?
No. KYC verifies that the team members exist, but it doesn't verify their competence, honesty, or long-term commitment. Many scammers have passed KYC. Treat KYC as a baseline, not a guarantee.
Q2: How can I verify if an audit report is real?
Go directly to the auditor's website, find their audit reports section, and search for the project name. Most top auditors publish all reports publicly. If you can't find it there, email the auditor directly to confirm.
Q3: What's the minimum vesting period for a safe investment?
Team tokens should vest over at least 12 months with a 3-6 month cliff. Investor tokens should have 6-12 month vesting. Longer is better. Anything under 6 months for the team is a red flag.
Q4: Are launchpad tier systems fair?
Tier systems prioritize loyal stakers, which can be fair, but check the allocation distribution. Some launchpads allocate 80% to top-tier members, leaving almost nothing for smaller participants. Compare with how different tier allocations work before committing.
Q5: What should I do if I find red flags after investing?
Realistically, once funds are sent, recovery is difficult. Document everything, report to the launchpad and relevant authorities, and share findings publicly to warn others. Consider it a lesson — and run your full DD before the next investment.
Disclaimer
This guide is for educational purposes only and does not constitute financial advice. Always do your own research (DYOR) before investing in any crypto project. The crypto market is highly volatile and carries significant risk of loss.