How to Evaluate an RWA Project (Before You Get Rugged)

Knowing how to evaluate RWA projects is the most important skill you can develop in this space right now. Real-world asset tokenisation is attracting serious capital — and, inevitably, serious grifters. For every legitimate project backed by real assets, there are three that exist as nothing more than a pitch deck and a Telegram group.

I’ve sat through more RWA project pitches than I care to remember. Some were impressive. Most were mediocre. A few were outright fraudulent. What follows is the due diligence checklist I actually use — not theory, but practical steps you can take before committing a single pound to any tokenised asset project.

What Is RWA Due Diligence?

RWA due diligence is the process of verifying that a tokenised real-world asset project is legitimate, legally sound, and capable of delivering on its claims. It goes well beyond reading a whitepaper. You’re checking whether a real asset exists, whether you have a genuine legal claim to it, and — critically — whether you can actually get your money back if things go wrong.

This matters more in RWA than in standard DeFi. When a DeFi protocol fails, you lose your tokens. When an RWA project fails, there should be a real asset somewhere that retains value — unless the entire thing was theatre from the start.

For a broader understanding of the space, start with our RWA hub or our breakdown of what real-world assets actually are.

The Legal Structure: Is There an SPV?

This is where I start every single time. If there’s no legal wrapper around the asset, I walk away.

A Special Purpose Vehicle (SPV) is a separate legal entity created specifically to hold the asset. It isolates the asset from the parent company’s balance sheet. If the project team goes under, the SPV — and the asset inside it — should be protected.

What to check:

• Is the SPV registered? You should be able to look it up on Companies House, the SEC’s EDGAR, or the equivalent registry in the relevant jurisdiction.
• What jurisdiction is it in? BVI, Cayman, Luxembourg, and Singapore are common choices — each with different investor protections and enforcement track records.
• Who are the directors? If the SPV directors are the same people running the project with no independent oversight, that’s a governance risk worth noting.
• What does the SPV actually hold? Get the operating agreement or articles of association. Verify the asset is explicitly referenced, not just implied.

Projects that tokenise without an SPV are essentially asking you to trust them personally. That’s not how this should work. For more on legal risks specific to property, see our piece on tokenised real estate risks.

Asset Verification: Does the Asset Actually Exist?

Sounds obvious. But it isn’t.

I’ve seen projects claim to tokenise property portfolios where the properties either didn’t exist, weren’t owned by the entity issuing tokens, or were encumbered with liens that made the tokenisation essentially worthless. These aren’t edge cases — they’re recurring patterns.

How to verify:

1. Request proof of ownership. Title deeds, land registry records, custody statements — whatever’s appropriate for the asset class. Then verify them independently.
2. Cross-reference independently. If they claim to own a building in Manchester, check the Land Registry. If they claim treasury holdings, look for custody attestations from a recognised custodian.
3. Check for encumbrances. Is the asset mortgaged? Are there existing liens or charges? A tokenised asset with a 70% LTV mortgage against it is very different from an unencumbered one.
4. Ask for third-party valuations. Who valued the asset? When? A self-assessed valuation tells you nothing useful.

The oracle problem is relevant here too. Even after purchase, ongoing valuations need reliable data feeds — and that’s harder than most projects will admit upfront.

The Redemption Mechanism: Can You Get Your Money Back?

This is the question that separates real RWA projects from tokenised promises. If you can’t redeem your token for the underlying asset or its cash equivalent, you don’t own anything meaningful.

Questions to ask:

• What is the redemption process? Is it documented? Is it on-chain or does it require manual intervention from the team?
• What are the timeframes? Property redemptions might take months. Treasury redemptions should take days. If they can’t give you a specific answer, that’s a problem.
• Are there redemption fees? Some projects charge 5–10% to redeem. Not automatically a red flag, but you need to know upfront.
• What happens at scale? If 30% of token holders try to redeem simultaneously, can the project handle it? Or does everything grind to a halt?
• Is there a secondary market? If redemption is slow, can you sell your tokens elsewhere in the meantime? See how secondary markets work for tokenised real estate.

A project with no clear redemption path isn’t tokenising an asset. It’s selling a token and hoping you never ask to exercise your rights.

Team and Governance: Who Is Behind This?

Anonymous teams building DeFi protocols is one thing. Anonymous teams claiming to manage real-world assets is entirely another category of risk.

Non-negotiables:

• Doxxed team. Full names, LinkedIn profiles, verifiable work history. If the team is anonymous, you’re trusting strangers with real assets.
• Relevant experience. Tokenising property requires property expertise, legal expertise, and crypto expertise simultaneously. A team of three Solidity developers is not sufficient.
• Governance structure. Who makes decisions about the underlying assets? Is there a board? Independent directors? Clear accountability?
• Track record. Have they managed assets before? Completed a tokenisation project? First-time teams aren’t automatically disqualified, but the risk profile is higher.

Red flags:

• Pseudonymous founders for a project holding real assets
• No legal counsel listed anywhere in the documentation
• Advisory board made up of crypto influencers with no relevant domain expertise
• Team photos that reverse image search to stock photo sites (yes, this actually happens)

Smart Contract and Technical Audit

The smart contracts governing an RWA token need to be audited by a reputable firm. This is table stakes — a baseline requirement, not a differentiator.

What to look for:

• Who did the audit? Trail of Bits, OpenZeppelin, Certik, Consensys Diligence — recognisable names matter here.
• When was it done? An audit from two years ago on code that’s been updated seventeen times since is not worth much.
• Were issues found and fixed? A completely clean audit is actually suspicious — good auditors always find something. What matters is that identified issues were properly addressed.
• Is the code verified on-chain? Can you read the deployed contracts on Etherscan or the relevant block explorer?

Beyond the smart contract audit, check whether the project has had a legal audit of its token structure. Securities law doesn’t care about your Solidity code — it cares about what rights you’re selling.

Token Economics: Follow the Money

Bad tokenomics kill good projects. And in RWA, the relationship between the token and the underlying asset needs to be crystal clear — not aspirational, not implied.

Evaluate:

• What does the token represent? Equity? Debt? Revenue share? Usage rights? Each has very different risk and return profiles.
• How is yield distributed? On-chain automatically, or does someone manually send payments? The latter introduces counterparty risk every single time.
• What is the supply schedule? Can more tokens be minted? Under what conditions? Who controls minting?
• How do token economics align with asset economics? If the underlying asset yields 5% annually but the token promises 20%, be very specific about where the extra 15% is supposed to come from.
• Vesting and unlock schedules. If insiders hold 40% with a six-month cliff, expect selling pressure when that cliff hits.

Understanding yield sources is critical. Our comparison of RWA yield versus DeFi yield breaks down where returns actually originate.

Financial Audit and Reporting

Legitimate RWA projects should publish regular financial reporting — ideally audited by a recognised accounting firm.

Check for:

• Audited financials. Annual at minimum, quarterly preferred.
• NAV reporting. How often is Net Asset Value calculated and published? Monthly? Daily? If they can’t tell you, that’s telling.
• Reserve attestations. For projects holding reserves, are there Proof of Reserve attestations? See how oracles handle this infrastructure.
• Transparency reports. Does the project publish regular updates on asset performance, occupancy rates, default rates, or whatever metrics are relevant to that asset class?

If a project managing millions in real assets can’t produce basic financial statements, that tells you everything you need to know.

The Red Flags Checklist

Let me be direct. If you see any of these, proceed with extreme caution — or don’t proceed at all.

• “Guaranteed returns.” Nothing in investing is guaranteed. Especially not the 15–25% APY some projects advertise.
• Anonymous team managing real assets. Unacceptable. Full stop.
• No legal wrapper. No SPV, no trust structure, no legal entity holding the asset.
• No redemption mechanism. You can buy in but you can’t get out.
• Vague asset descriptions. “A portfolio of premium real estate” with no specific addresses or verifiable details.
• Pressure to invest quickly. “Only 48 hours left” is a sales tactic, not a feature.
• No smart contract audit. Or an audit from a firm nobody has heard of.
• Mismatched yield claims. Returns that don’t match the underlying asset class’s typical performance profile.
• Token price detached from NAV. If the token trades at 3x the value of the underlying assets, something is structurally wrong.
• No regulatory compliance. Operating in jurisdictions that require licensing, without having it. Our RWA regulation guide covers what compliance actually looks like.

My Due Diligence Process: Step by Step

Here’s the order I personally evaluate a project, without exception:

1. Read the legal docs first. Not the whitepaper — the actual legal documentation. Operating agreements, subscription documents, terms of service.
2. Verify the entity. Look up the SPV and parent company in the relevant registries. Confirm they exist.
3. Verify the asset. Independent confirmation that the asset exists and is owned by the correct legal entity.
4. Check the team. LinkedIn profiles, previous projects, any legal or regulatory history.
5. Read the smart contract audit. The full report, not just the executive summary.
6. Model the economics. Do the yield numbers make sense given the asset class and market conditions?
7. Test the redemption process. If possible, start small and try to redeem before committing meaningful capital.
8. Check the community. Telegram, Discord, Twitter. What are existing investors saying? Are questions being answered or deflected?
9. Talk to the team. Legitimate projects will take a call. Scams typically won’t.
10. Wait. There is no rush. Good projects will still be there next month. If the urgency is artificial, that’s worth knowing.

Why This Matters More in 2026

The RWA space is growing fast — and fast growth attracts both genuine innovation and exploitation. As more retail investors enter, projects that can’t withstand basic due diligence will be exposed. But not before causing damage.

The projects that survive and build lasting track records will be the ones that welcome scrutiny. If a team gets defensive when you ask for proof of asset ownership, that tells you something useful. If they happily share SPV documents, audit reports, and financial statements without being pushed, that tells you something too.

For a view on where the space is heading and which projects are likely to endure, read our RWA predictions for 2026.

FAQ

How do I know if an RWA project is legitimate?

Check for a registered legal entity (SPV), verify the underlying asset exists through independent sources, confirm the team is doxxed with relevant experience, review smart contract audits from reputable firms, and ensure there is a documented redemption mechanism. If any of these are missing, treat the project with extreme caution.

What are the biggest red flags in tokenised asset projects?

The biggest red flags are anonymous teams managing real assets, guaranteed return promises, no legal wrapper around the underlying asset, no clear redemption path, and yield claims that don’t match the asset class’s typical performance. Any one of these should give you pause.

Do RWA projects need smart contract audits?

Yes. Any project tokenising real-world assets should have smart contracts audited by a recognised security firm. But a smart contract audit alone isn’t sufficient — you also need legal audits of the token structure and financial audits of the underlying asset management.

What is an SPV in the context of RWA?

A Special Purpose Vehicle (SPV) is a separate legal entity created to hold a specific asset. In RWA tokenisation, the SPV owns the real-world asset while the tokens represent claims on that SPV. This structure protects the asset from the parent company’s liabilities and gives token holders a clearer legal claim to enforce.

How important is the redemption mechanism for RWA tokens?

It’s arguably the most important feature. A token with no redemption mechanism isn’t a claim on a real asset — it’s just a token. The ability to convert your token back to the underlying asset or its cash equivalent is what makes RWA tokenisation meaningful rather than cosmetic.

Further reading: Tokenized Real Estate: The Complete Guide for 2026, The RWA Market Map: Every Asset Class Being Tokenized Right Now, Tokenized Treasuries: Why BlackRock and Franklin Templeton Are On-Chain.

How to Evaluate an RWA Project (Before You Get Rugged)