Due Diligence and Red Flags in Web3

As the world of Web3 is constantly evolving, and new projects are popping up every day, there are a few key things you should keep an eye out for; red flags, if you will. In this article, we uncover some of the basics to be aware of when investing in Web3 projects.

Enter.art logo
@enter.artPUBLISHED 27TH MARCH 2023

Just like in the traditional investment world, doing your due diligence before aping into any Web3 project is doing yourself a big favor. Being rugged sucks, as does being left in a sea of broken promises. However, what sucks even more, is having the feeling that you could have seen this coming had you only known what signs to look out for from the start.

Similarly to making traditional investments, buying a house, or entering a new relationship, spotting the red flags early can save you from a lot of loss and heartbreak. Any NFT degen can confirm; being ditched by an NFT project is as painful as being cheated on. After all, it’s all about trust, right? 

Red Flags in Web3 

As the world of Web3 is constantly evolving, and new projects are popping up every day, there are a few key things you should keep an eye out for; red flags, if you will. As we will discuss further in this article, not all the things you might think are red flags actually are. Some projects have their reasons for choosing to do things differently than the norm, but if they do, they usually clearly communicate the whys in a transparent manner.

With that in mind, let’s take a look at what should make you go, “Hmmm… not today satan”. 

Suspiciously Ambitious Roadmaps

Communication and transparency revolving around a project’s development process are always much appreciated by supporters and investors, and everyone in Web3 loves a good roadmap to offer guidance on where a project is headed. However, it’s more than usual to see extremely ambitious roadmaps, where the project is planning to launch all kinds of products and services that may be unrealistic in terms of the resources the project actually has available. Or, the products and services planned sound nice and buzzy but seem somehow irrelevant to the actual project. 

A PFP collection planning to launch its own exchange or marketplace without having a clear reason as to why it might do so is a good clue that you should be wary to ape in unless you’re solely doing it for the artwork itself. 

On this topic, it’s important to acknowledge that as projects evolve, so do plans and strategies. A change of roadmap itself is not necessarily a red flag, but how such a change is communicated might be. 

Overconfidence in ROI and FOMO

Similarly, be wary of overconfidence when it comes to ROI (Return on Investment). We’ve all seen them when scanning for new and exciting investments or NFT projects; teams or community members that proclaim with utmost confidence that this project will do a 100x within tomorrow, so you better jump in quick… 

The stories of these wild spikes happening are many, but oftentimes based on luck, and even in bull markets, it can be very unpredictable exactly when and how a project kicks off. No investment comes without risk, and every serious founder knows this. Few who plan to stay for a while are willing to make promises they can’t keep, and that might eventually kill the project due to frustrated investors feeling tricked. 

Planned pump and dumps are unfortunately a common practice amongst money-hungry actors, so take all investment advice with a grain of salt. It would be wise to remember that in the cold world of investment, even the most friendly fellow investor might have ulterior motives, and it’s usually not to make you money.

Massive Follower Count + No Community Engagement

This one has been around for years, and just like any brand should be wary of follower counts vs. engagement when working with influencers, you should be wary of projects with a seemingly huge following but close to no engagement on social media. It’s a common practice to purchase ghost followers to pump the metrics of an account or even purchase whole accounts that have been used by another person or project previously. 

Bought accounts can often be spotted by checking when the account was created. If it’s years older than the project itself, that might be a sign that the account has been bought for the purpose. While a project can have a lot of followers that look great from a vanity perspective, it is highly likely that these are not actual supporters of the project. They’ve just stuck around for something else, forgot to unfollow, or don’t use the account anymore. 

A tip here is to observe the actual engagement of a project vs. its following. Having 1000 followers where 20 engage every day is a lot better than 1m+ and no replies at all. 

No Code Audits

This one particularly goes for cryptocurrencies or NFT projects that are connected to a certain token, and cannot be expressed enough; If you can’t read code yourself (no worries, most can’t), make sure that the smart contracts used have been audited by a reputable third-party auditing firm. A code audit can essentially be seen as a security check that ensures that a project’s smart contract is safe to use and free from vulnerabilities. Be wary of projects that haven’t undergone a code audit or that claim that they have but don’t provide proof of a report.   

A lot of shady projects planning to rug from the beginning have particular malicious mechanics coded into their contracts, which can affect you in numerous ways. It can involve enabling the deployer of the contract to prohibit purchases or sells whenever they wish, contracts that approve access to your wallet, LP contracts allowing you to add LP but not withdraw, or contracts designed to send your tokens to a specific set of wallets owned by malicious actors. 

If you don’t know how to spot malicious smart contracts yourself, it might be wise to stay away from investing until you’re sure that the contracts have been audited and deemed safe by a reputable third party.  

Shady Giveaways and Airdrops

NFT airdrops and giveaways are widely popular marketing tools for Web3 projects and a brilliant way to give back to supporters. However, it is also becoming an increasingly popular method for malicious actors to access unknowing users' funds. There are a couple of different ways these scams can pan out, but all lead to harvesting your personal information or draining your wallet for funds. 

A common method, just like on traditional social media, is using giveaways and promises of airdrops to make you click malicious links, aka phishing. The link will often allow spyware to compromise your computer in various ways. In other instances, the account hosting a “giveaway” might prompt you to connect your wallet to a website, which may give access to keylogging your seed phrases and access your wallet. Make sure to double-check any link you receive on social media, e-mail, and the like. 

If you’ve randomly received an NFT in your wallet for no specific reason, that might also be a red flag, and you should be wary of how you approach the NFT. Randomly airdropped NFTs are often used to lure users onto a phishing site through the description of the NFT - be extremely wary of clicking any links in such a situation. 

Beware of Copycats!

With the rise of immensely popular NFT projects like BAYC and Cryptopunks, as well as meme tokens riding the hype of the bull market, a sea of copycats looking to capitalize on the success made by others closely follows. Navigating what to invest in is a challenge itself when it comes to researching the project team, the goals of the project, community support, and so on. Adding to that list is making sure that you’re actually in the right project and not a copy of it. 

Here, investigating the details closely is key. As we’ve already discovered, checking out an account's following and traction, as well as when the account was created, can give you a good pointer. If the project has an official website, you should always cross-reference any social media and community links; Any serious project will have all their official media, the smart contracts used, and contact information clearly stated on the website. 

With NFT projects, an important factor is also investigating the collection artwork. There are plenty of copycats out there that mimic the branding, design, and art of known projects, or even worse, they blatantly steal the artwork and mint it themselves. Reverse image searching is your best friend here, and so is checking out if the artist has any official links to the project. 

Concluding Thoughts

As we’ve now discovered, there are plenty of red flags you should be aware of when you navigate the jungle of Web3. Hype revolving around a great project is of course bound to happen, but overconfidence of ROI and hype without any real products, events, or innovation to show for is usually a bad sign. So is a lack of documentation, security audits, and empty social media handles.  

Most importantly, though, taking the time to acquire knowledge and experience is key to making fruitful choices, whether you are investing in art for the long term, PFPs for a quick flip, or crypto to buy yourself a lambo. The more educated you are on the technology, philosophy, and mechanics of Web3, the easier it will be to filter out the noise and trust your gut feeling instead of relying on friends or strangers on the internet to tell you what it’s wise to invest in. 

Stay Safu & Take Care 

Crypto & Learning

Hungry for knowledge? Here you can get acquainted with blockchain, wallet security, DeFi and much more.

View all


Crypto Investment Strategies

Thinking of investing in cryptocurrency? Getting started can be intimidating, but understanding the way others trade makes it easier.


Account Abstraction With Ethereum’s ERC-4337 Standard

In this article, we take a closer look at account abstraction on Ethereum and how the concept can help improve wallet security, add new exciting features related to gas, as well as the risks associated with it.


Decline In Gaming Activity On Ethereum: Minor Blip or Game Over?

Gaming activity has plunged more than 96% on Ethereum. In this article, we take a closer look at the state of GameFi on Ethereum and discuss whether this decline is merely a minor blip, or whether it poses serious concerns for the future of GameFi.