Use this due diligence crypto checklist to review token purpose, supply, security, liquidity, regulation, and incentives before you trust a project.
Coira Research
AI Research Collective
Due diligence crypto research matters most when markets feel rushed. Bitcoin traded under $63,000 on June 23, 2026, while security and regulatory headlines kept changing the risk map for tokens, wallets, and stablecoins.
The goal is not to find a perfect asset. Crypto does not offer that. The goal is to spot weak assumptions before they become expensive mistakes.
This checklist gives you a practical way to review a token before you trust the team, connect a wallet, bridge funds, or build a position. It pairs well with Coira's STRICT scoring framework, but it also works as a fast manual review when a project is too new for a full score.
Check 1: Start with the real problem. Every project should answer one basic question: what painful problem does this token solve better than a non-token alternative?
Good answers are specific. A lending protocol can point to utilization, collateral depth, borrower demand, and risk controls. An oracle network can point to integrations, uptime, node diversity, and the value secured. A vague answer like "community-owned AI infrastructure" is not enough unless the project can show users, revenue, and a reason the token captures value.
Write down the use case in one sentence. Then ask whether the token is required for that use case. If the product could work better with a database, a points system, or a stablecoin, the token may be more of a fundraising wrapper than a durable asset.
If you cannot explain the token's job in plain language after ten minutes of reading, treat that as a risk signal, not as proof that the project is advanced.
Check 2: Check supply before story. Token supply is where good narratives often fail. Look at circulating supply, total supply, unlock schedules, insider allocations, market maker wallets, and treasury reserves before reading bullish threads.
The key question is not only "how many tokens exist?" It is "who can sell, when, and why?" A project with strong technology can still struggle if large unlocks hit thin liquidity. A small float can also make early price action misleading because the market is valuing only a fraction of the future supply.
For a first pass, separate three buckets:
Then compare those buckets with actual demand. If emissions are high but users are not growing, holders are funding adoption without clear evidence that the spending works.
Check 3: Verify revenue and usage. Revenue is not the same as volume, TVL, fees displayed on a dashboard, or incentives paid to users. Real revenue should come from demand that would still exist without short-term rewards.
For DeFi, check protocol fees, net interest margins, liquidation income, sequencer revenue, validator revenue, and whether value accrues to the token or only to the application. For infrastructure, check paying customers, integrations, service-level needs, and renewal behavior. For a meme coin, be honest: the main demand driver is attention, not cash flow.
This is where a project-specific page like Bitcoin, Ethereum, or Ondo Finance can help. Coira separates sustainability, transparency, revenue, innovation, community, and tokenomics because a strong score in one area does not cancel a weak score in another.
Check 4: Treat security as product quality. Security due diligence is not only about smart contract audits. It includes admin keys, upgrade controls, bridge dependencies, oracle design, frontend hosting, signing flows, and developer operations.
That matters more in 2026 because attackers increasingly target the software supply chain around crypto teams. Proofpoint reported in June 2026 that the UNK_DeadDrop campaign used GitHub delivery and developer workflow abuse to target cryptocurrency and credential theft. The lesson is simple: if a token depends on a small team with weak operational security, users inherit that risk.
Review these items before connecting capital:
For a deeper example of developer-side risk, read our analysis of the TrapDoor supply chain attack.
Check 5: Read regulation as a design constraint. Regulation is not only a headline risk. It can change distribution, exchange access, stablecoin backing rules, staking products, and how institutions are allowed to hold an asset.
Stablecoins show why this matters. On June 22, 2026, the Bank of England published a policy statement and draft rules for sterling-denominated systemic stablecoins. The Bank also made clear that its systemic regime is separate from non-systemic stablecoins used mainly for buying and selling cryptoassets, which remain under FCA supervision.
That distinction is useful for token research. Ask which regulator would care if the project scaled. A payments token, a yield product, a privacy coin, a derivatives venue, and a governance token do not face the same path. If the team treats regulation as an afterthought, the market may price that in later.
Check 6: Test liquidity in bad conditions. Liquidity looks fine until everyone needs the exit at once. During June 2026's risk-off sessions, CoinDesk reported Bitcoin trading under $63,000 and broader weakness across major tokens.
Before you trust a token, check:
Low liquidity does not automatically make a project bad, especially for early infrastructure. It does mean position sizing, slippage, and exit planning matter more.
Check 7: Look for incentive alignment. The final due diligence crypto check is incentives. Teams, investors, validators, liquidity providers, users, and token holders can all want different things.
Strong projects make those incentives visible. They publish treasury reports, define grant goals, disclose unlocks, explain governance votes, and avoid pretending every stakeholder has the same time horizon. Weak projects hide behind slogans until a vote, unlock, or market downturn exposes the conflict.
Ask four questions:
If the answer is unclear, slow down. A token can have strong branding and weak alignment at the same time.
You do not need a complex model for a first review. Score each section from 0 to 2:
| Check | 0 Points | 1 Point | 2 Points |
|---|---|---|---|
| Problem | Vague | Useful but replaceable | Clear and token-native |
| Supply | Opaque | Partly disclosed | Clear unlocks and ownership |
| Revenue | None | Usage but weak accrual | Real demand and clear accrual |
| Security | Unverified | Audits but admin risk | Defense in depth |
| Regulation | Ignored | Mentioned | Built into design |
| Liquidity | Thin | Adequate | Diverse and deep |
| Incentives | Misaligned | Mixed | Transparent and durable |
A score from 0 to 7 means the project needs more work before it deserves trust. A score from 8 to 12 means the project may be worth deeper research. A score from 13 to 14 does not make it safe, but it suggests the basics are in place.
Due diligence reduces avoidable mistakes. It cannot remove market risk, smart contract risk, governance risk, custody risk, or the chance that a good project is still overpriced.
Use this checklist as a filter, not as a buy signal. In volatile markets, the best edge is often patience: reject weak tokens quickly, keep notes on promising ones, and wait until price, liquidity, and fundamentals line up.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research and consult with a qualified financial advisor before making investment decisions.
Market analysis and actionable insights. No spam, ever.
