How can you tell if a crypto company is safe? How to evaluate the safety of crypto platforms.

How can I tell if a crypto company is safe?

Crypto platforms require a lot of trust. Unlike with traditional finance, there is no government insurance that covers your funds. If a crypto company goes bankrupt, or gets hacked, or implements malicious code – all of which have happened in crypto, and recently – your money could be gone forever.

So… how can you tell if a crypto company is safe?

Unfortunately, there is no one infallible method, no x + y = z. Instead, you’ll have to look at several factors and assess the balance of probabilities.

This article will review some general questions you can ask about any company to determine its reputability and trustworthiness.

As always in crypto, do your own research and come to your own conclusions. Trust me, bro – but also verify.

Questions to ask about a company

Questions to ask about crypto companies to assess if they’re trustworthy. Keep in mind that no one answer will prove a company safe or unsafe. It’s best to assess the company holistically, and make decisions based on a balance of probabilities. Never risk more money in crypto than you can afford to lose.

How old is the company?

Older companies tend to have a better track record.

Look for crypto companies that have been around for a few cycles, and have a history of not scamming their customers.

How big is the company?

Bigger companies have more stakeholders. More stakeholders, and more eyes, means there are more people more interested in keeping their jobs, thus keeping your funds safe.

This doesn’t always apply – look at FTX, where the mismanagement was conducted by a few people at the top. Most FTX employees were trying to build a company in good faith, but were rugged by founders and executives.

Where is the company located?

Companies located in heavily regulated jurisdictions, such as the US, Canada, and the EU, tend to have more rules to follow, thus more oversight.

However, keep in mind that lots of crypto companies are located offshore because crypto regulations are unclear. So just because a crypto company is located in an offshore region doesn’t necessarily mean it’s untrustworthy.

Is the company private or public?

Public companies generally provide more visibility into their inner workings by releasing quarterly reports and shareholder letters. They also have to follow more stringent guidelines.

Is the team anonymous or doxxed?

Anonymous teams abound in crypto, and just because a team is anonymous doesn’t mean the company is disreputable. However, a doxxed team is putting their names and reputations on the line.

To find out who is involved in a company, you can look at their website. You can also look up crypto companies on LinkedIn.

Is their code open source?

Open-source code is easily auditable.

However, this doesn’t mean that if a company has open-source code, it’s guaranteed to be safe forever. Code can be changed at anytime.

There are also a few legitimate reasons why a company would choose to not open-source their code. One is intellectual property, and the other is to prevent phishing clones. 

And then there is one illegitimate reason for companies to not open-source their code – so they can change the code to be malicious and steal your money.

Has their code gone through an external security audit?

Companies, smart contracts, and dapps get hacked all the time.

If a crypto company is safe, it will have completed external security audits to ensure their code is ready to ship to customers.

Does the company have access to customer funds?

If you keep crypto on a centralized platform, you don’t really own your crypto, because centralized platforms control all private keys. This makes it possible for centralized platforms to mismanage customer funds.

Self-custodial platforms like crypto wallets don’t have any access to your crypto, because you control your secret recovery phrase and private keys.

Does the company have internal security practices? What are they?

It’s hard to tell how companies run from the outside. Do they have checks and balances for their code? Do they ship code without it going through an audit? How do you know if they take security seriously?

If a crypto company is safe, they’ll have internal security practices, and either communicate them publicly or tell you when you ask.

Does the company have a bug bounty program?

If so, is the bug bounty program listed on a reputable platform? And how much is the bounty?

For example, is the bounty large enough that a hacker would choose to submit their findings in order to collect the bounty? Or would they rather exploit the vulnerability?

What public communication channels do they use?

Smaller companies might not have a presence on every social media platform, but beware the company that has no presence at all.

Look for a company’s Twitter account, official Reddit page, and Discord channel.

Other public communication channels include newsletters, YouTube channels, Telegram, Facebook, and Instagram.

Is there any public documentation available?

If there is public documentation, how is it presented?

Watch out for AI-generated content and grammatical errors. A team who doesn’t put a lot of effort into documentation probably doesn’t care much about the long-term health of the company.

How are the reviews?

Don’t trust everything you read on the internet. Reviews can be bought.

However, there are a few sites that you can look at to assess a company’s reputation with its customers.

One site is Reddit. On Reddit, look for multiple posts with a variety of sentiments.

Another site is Trustpilot. Trustpilot is a website that posts customer reviews of companies. Companies can’t pay to add positive reviews or get rid of negative reviews, so you can be reasonably certain you’re getting an unbiased view. 

How is their support?

How a company responds to you is a good way to assess if you can rely on them to help you if something goes wrong.

Do they answer within the day? The week?

Crypto is notorious for poor support experiences, so just because a company takes forever to get back to you doesn’t necessarily mean they can’t be trusted.

However, it’s a good indication of how much they value your business.