Crypto fund due diligence checklist for allocators

Byadmin
Home / Research / Due diligence checklist

Crypto fund due diligence checklist for allocators

A practical, section-by-section guide to evaluating crypto hedge funds, with specific questions to ask, red flags to watch for, and the data points that matter most.

Updated: March 2026 Reading time: 14 min Category: Industry Education
Key takeaways
  • Due diligence on crypto funds splits into two parts: investment DD (strategy, performance, risk) and operational DD (custody, counterparty risk, service providers, governance). Both matter. The operational side arguably matters more in crypto than in traditional hedge funds.
  • The FTX collapse, the Three Arrows blowup, and several smaller implosions since 2022 have made operational DD the single most scrutinized area for institutional allocators. Custody and counterparty risk are no longer afterthoughts.
  • This article includes a checklist of 50+ specific questions organized into seven sections, with notes on which data points are available in CFR’s Performance Database.
  • Crypto-specific risks (smart contract exposure, exchange counterparty concentration, private key management, on-chain governance) require questions that don’t exist in traditional hedge fund DDQs.
In this article
  1. Why due diligence on crypto funds is different
  2. Investment due diligence: strategy, performance, and risk
  3. Operational due diligence: the stuff that blows up funds
  4. Custody and key management
  5. Counterparty and exchange risk
  6. Service providers: auditors, admins, and legal
  7. Crypto-specific questions most DDQs miss
  8. Red flags that should stop your process
  9. Where to find this data
  10. FAQ

Why due diligence on crypto funds is different

If youve done due diligence on traditional hedge funds a lot of the process carries over. Manager background checks, strategy documentation, performance verification, fee analysis, legal review. That part is familiar. But crypto adds a layer of operational complexity that catches allocators off guard.

Traditional hedge funds hold assets at a prime broker, typically one of the major banks. The custodial chain is well understood, heavily regulated, and has decades of precedent behind it. Crypto funds don’t have that luxury. Assets might sit on centralized exchanges, in self-custodied wallets, in DeFi protocols, spread across multiple chains, or some combination of all four. Each arrangement has a different risk profile, and most of them are harder to verify than a standard prime brokerage statement.

The industry learned this the hard way. When FTX collapsed in November 2022, funds that had assets on the exchange lost access to billions in customer deposits. Some were wiped out entirely. Three Arrows Capital’s implosion showed what happens when leverage, poor risk controls, and concentrated counterparty exposure all collide. More recently, several smaller fund failures have reinforced the same lesson: operational failures kill more crypto funds than bad trades do.

The SBAI (Standards Board for Alternative Investments) published a dedicated framework for operational due diligence on digital asset funds, and industry groups like AIMA and the Crypto Insights Group have all built out crypto-specific DDQ templates. That’s a sign of how different this is from traditional ODD. You can’t just bolt a crypto section onto your existing questionnaire and call it done.

What follows is a practical, section-by-section guide. We’ve organized it the way most allocators actually work through a due diligence proces with specific questions you can ask and the data points that correspond to fields in our Performance Database.

Investment due diligence: strategy, performance, and risk

Start here. Even though operational DD gets the headlines in crypto, you still need to understand what the fund actually does before you evaluate how it does it.

Strategy and mandate

What is the fund’s stated strategy? Is it long-only, long/short, market-neutral, quantitative, multi-strategy, or something else? How narrow or broad is the investment mandate? A fund that describes itself as “multi-strategy crypto” could mean anything from a disciplined quant shop to a PM who trades whatever looks interesting on a given Tuesday.

Ask for the investment mandate in writing. Compare it to what the portfolio actually looks like. If the mandate says “liquid large-cap digital assets” but the fund has 30% in illiquid DeFi tokens, that’s a problem regardless of how the returns look.

Strategy and mandate checklist
What is the fund’s investment strategy classification? In CFR Database
What asset types does the fund trade (spot, derivatives, DeFi, tokens, equity in crypto companies)?
What is the fund’s universe? Top 10 coins only, or does it go into mid/small-cap tokens?
Are there formal position limits and concentration restrictions?
What is the fund’s approach to leverage? How much, and through what instruments?
Does the fund participate in staking, lending, or yield farming? If yes, with what protocols and what limits?
Has the strategy drifted from the original mandate? If so, why?

Track record and performance

Performance data in crypto funds can be surprisingly hard to pin down. Unlike mutual funds with daily NAVs, most crypto hedge funds report monthly, and the quality of that reporting varies a lot. Some funds have audited returns from reputable firms. Others provide self-reported numbers that nobody has independently verified.

When we collect performance data for our database, we track whether returns are reported net or gross of fees, whether they’re audited, and how many months of history exist. These details matter more than the headline return number. A fund showing +200% returns over three years means very little if those returns are gross of a 2/20 fee structure, unaudited, and concentrated in a single month.

Performance checklist
What is the full monthly return history? In CFR Database
Are reported returns net or gross of fees? In CFR Database
What is the Sharpe ratio over the full track record? In CFR Database
What was the maximum drawdown, and how long did recovery take? In CFR Database
How did the fund perform during the May 2021 crash, the FTX collapse (Nov 2022), and the 2022 bear market? In CFR Database
What is the correlation to Bitcoin? In CFR Database
Has the fund changed its reporting methodology during its history?
Are the returns audited? By whom? In CFR Database

Fees and terms

The classic 2-and-20 structure is common in crypto, but there’s more variation than you’d expect. Some funds charge a 3% management fee. Others have no performance fee but take a higher management fee. High-water marks are standard but not universal. Lockup periods range from none to three years.

Our database tracks all of these for 300+ funds, and we’ve published a separate deep dive on crypto hedge fund fee structures if you want the industry benchmarks. For DD purposes, the key is understanding the total cost of ownership over your expected holding period, not just the headline fee rate.

Fees and terms checklist
What is the management fee? In CFR Database
What is the performance fee? In CFR Database
Is there a hurdle rate or high-water mark? In CFR Database
What is the minimum investment? In CFR Database
What is the lockup period? In CFR Database
What are the redemption terms (notice period, frequency, gates)?
Are there side pockets for illiquid positions?
Performance Database

All of these data points, for 300+ crypto funds

Our Performance Database includes fees, lockups, minimums, auditors, custodians, and 60+ risk metrics for crypto hedge funds. It’s the due diligence starting point for institutional allocators.

Explore the Database → Try the Free Demo

Operational due diligence: the stuff that blows up funds

This is where crypto diverges most sharply from traditional hedge fund due diligence. In traditional finance, ODD covers things like fund administration, valuation procedures, compliance, and governance. Those are all relevant in crypto too. But the operational risk profile of a crypto fund is fundamentally different because of how digital assets are held, traded, and settled.

A 2021 study by PwC found that about one-fifth of all hedge funds had some crypto exposure. By 2025, multiple surveys put that number above 50%. But the operational infrastructure for holding and trading crypto is still maturing. The gap between how much capital is in the space and how robust the operational plumbing is creates real risk for allocators.

Governance and team

Who runs the fund? What’s their background? Traditional finance allocators know how to evaluate a PM’s track record at Goldman or Citadel. Crypto fund managers often come from a wider range of backgrounds, including engineering, academic research, early-stage crypto communities, or DeFi protocol development. None of those backgrounds are inherently better or worse, but the evaluation process is different.

Check FINRA BrokerCheck records and SEC IAPD filings if the managers have traditional finance backgrounds. For crypto-native managers, look at their history in the space. Were they early contributors to reputable protocols? Do they have a public track record of analysis or research? Have they been involved in any projects that failed or attracted regulatory scrutiny?

Governance and team checklist
Who are the principals and what are their backgrounds?
Does the fund manager have personal capital invested (skin in the game)?
Is the fund registered with relevant regulators (SEC, FCA, MAS, etc.)? Even if exempt, what filings exist?
Are there documented compliance policies for AML/KYC, conflicts of interest, and personal trading?
Does the fund have an independent board or advisory committee?
Have any principals been involved in regulatory actions, litigation, or fund closures?

Custody and key management

After FTX, this became the single most important section in any crypto fund due diligence process. Who holds the private keys? Where are the assets? Can you verify it independently?

There are three basic custody models in crypto funds. Third-party institutional custody (Coinbase Custody, BitGo, Anchorage, Fireblocks, Copper, Zodia) is the gold standard. The fund’s assets sit with a regulated custodian, separate from the fund manager’s operational accounts. Self-custody means the fund holds its own private keys, typically in hardware wallets or multi-signature setups. Exchange custody means assets remain on centralized exchanges, which is common for active trading strategies but carries the highest counterparty risk.

Most institutional-grade funds use some combination. They might custody the bulk of assets with Coinbase Custody but keep a working balance on exchanges for trading. The question is how much, on which exchanges, and what controls exist around moving assets between them.

Custody checklist
Who is the fund’s custodian? In CFR Database
What percentage of assets are held with a qualified third-party custodian vs. on exchanges vs. self-custodied?
If self-custody is used, what is the key management procedure? Multi-sig? HSM? Who are the signers?
Are client assets segregated from the fund manager’s operational accounts?
Can the custodian provide independent verification of asset balances (proof of reserves)?
Does the custodian have insurance coverage? What does it cover (hacks? internal theft? insolvency?)?
Is the custodian regulated? Under which jurisdiction and framework?
What is the maximum percentage of assets the fund may hold on any single exchange at any time?
Post-FTX reality check: Some crypto funds still keep significant assets on centralized exchanges because certain trading strategies require it (market-making, for example, needs capital on-exchange for execution speed). The question isn’t whether any assets are on exchanges. It’s whether the fund has limits on exchange exposure, diversifies across multiple exchanges, and uses off-exchange settlement solutions like Copper’s ClearLoop or Fireblocks’ network to reduce time that assets sit on exchange.

Counterparty and exchange risk

This section overlaps with custody but goes further. Every exchange the fund trades on is a counterparty. Every OTC desk, every lending platform, every DeFi protocol the fund interacts with is a counterparty. In traditional finance, counterparty risk is managed through central clearing and well-capitalized prime brokers. Crypto doesn’t have equivalent infrastructure yet, though it’s getting closer.

The practical question for allocators: if one of the fund’s counterparties fails tomorrow, what happens? How much of the portfolio is at risk? Does the fund have documented procedures for managing that scenario?

Counterparty risk checklist
Which exchanges does the fund trade on? Is there concentration risk on any single exchange?
Does the fund use OTC desks? Which ones, and what settlement arrangements exist?
Does the fund lend assets or participate in lending protocols? What is the maximum lending exposure?
Has the fund ever had assets frozen or inaccessible on an exchange? How was it handled?
Does the fund have a documented counterparty risk policy with exposure limits per counterparty?
How does the fund manage margin and collateral on leveraged positions?
Does the fund use stablecoins? Which ones, and is there concentration risk in a single stablecoin?

Service providers: auditors, admins, and legal

The quality of a fund’s service provider lineup tells you a lot. Established auditors, reputable fund administrators, and experienced legal counsel are signals that the fund takes governance seriously. A fund with no independent auditor and no third-party administrator is a red flag. Full stop.

That said, the universe of service providers who specialize in crypto funds is smaller than in traditional finance. A handful of auditors dominate: Cohen & Company, RSM, Deloitte (for larger funds), KPMG, Grant Thornton, and a few others. On the admin side, names like NAV Consulting, MG Stover (now part of Carta), and A4 Funds show up frequently. If a fund uses a provider you’ve never heard of, it doesn’t automatically mean something is wrong, but it does mean you should dig deeper.

We track auditors and custodians across our database, so you can see which service providers are most common among the 300+ funds we cover.

Service provider checklist
Who is the fund’s auditor? In CFR Database
Who is the fund administrator? In CFR Database
Who is the fund’s legal counsel? In CFR Database
Does the fund have an independent third-party administrator, or are NAV calculations done in-house?
What is the fund’s valuation policy for illiquid or hard-to-price assets (early-stage tokens, locked positions, DeFi LP tokens)?
When was the most recent audit completed? Were there any qualifications or material findings?
Does the fund produce SOC 1 or SOC 2 reports?

Crypto-specific questions most DDQs miss

This is the section that separates a generic hedge fund DDQ from one that’s actually useful for crypto. Traditional questionnaires don’t ask about smart contract risk, on-chain governance participation, bridge exposure, or MEV. But these are real risks that can and do cause losses.

Smart contract and protocol risk

If a fund uses DeFi protocols, it’s exposed to smart contract risk. A bug in a protocol’s code, a governance attack, or an exploit can drain funds instantly. It has happened repeatedly: the Ronin bridge hack ($625M), the Wormhole exploit ($320M), and dozens of smaller DeFi exploits. Allocators should understand which protocols the fund interacts with and what due diligence the fund has done on those protocols.

On-chain and blockchain risk

Funds that operate across multiple blockchains face chain-specific risks. L2 sequencer downtime, bridge failures, chain reorganizations, and hard forks can all affect positions. A fund running a basis trade between spot on L1 and perps on an L2 is exposed to risks that don’t exist in traditional markets.

Crypto-specific DD checklist
Does the fund interact with DeFi protocols? If so, which ones, and what is the maximum protocol exposure?
Has the fund experienced any losses from smart contract exploits or protocol failures?
Does the fund use cross-chain bridges? What controls exist around bridge exposure?
Does the fund participate in on-chain governance (voting on protocol proposals)? Are there policies around governance participation?
What is the fund’s exposure to MEV (maximal extractable value) risk? Does the fund run its own validators or bots?
Does the fund hold tokens with vesting schedules or lockup restrictions? How are these valued?
How does the fund handle airdrops, forks, and protocol-level events?
Does the fund have exposure to token launches, SAFTs, or SAFEs? How are pre-liquid positions marked?

Red flags that should stop your process

Every allocator has their own deal-breakers. But there are a few that come up consistently in crypto fund diligence, and any one of them is enough to pause and reconsider.

No independent auditor. If a fund can’t or won’t name an independent audit firm, walk away. This is non-negotiable. Audited financials are the minimum standard for institutional-grade funds.

No third-party custodian. Some funds have legitimate reasons for partial self-custody (certain DeFi strategies require it). But if the majority of assets are self-custodied and the fund won’t explain why, that’s a problem. Post-FTX, institutional allocators expect qualified custody for the bulk of fund assets.

Opaque or self-reported performance. If you can’t independently verify the fund’s returns through an administrator or auditor, the numbers may not mean what you think they mean.

Strategy drift without disclosure. A fund that started as a quant crypto fund and is now doing DeFi yield farming hasn’t just changed strategy. It has changed risk profile, and probably without updating its offering documents.

Concentrated exchange exposure. A fund that keeps 80% of its assets on a single exchange is one headline away from a catastrophic loss. Ask about exchange exposure limits and take them seriously.

Principal background issues. Regulatory actions, litigation, prior fund closures without clear explanation, or involvement with projects that failed under suspicious circumstances. The crypto space has historically attracted some bad actors, and background checks are more important here than in traditional finance.

Conflicts of interest with related entities. The FTX/Alameda structure was an extreme case, but related-party transactions, proprietary trading by the management company, and advisory relationships with portfolio companies are common enough to warrant scrutiny.

Where to find this data

We built the CFR Performance Database specifically to give allocators a head start on this process. It’s not a substitute for direct engagement with a fund’s IR team and legal documents. But it gives you the structured data to screen, compare, and identify which funds are worth that deeper diligence work.

Here’s what maps directly from this checklist to our database:

DD category Data fields in CFR Performance Database
Strategy classificationFund type, strategy, category, investment focus
PerformanceMonthly returns (Jan 2017 to present), annual YTD, since-inception return, best/worst month
Risk metricsSharpe ratio, Sortino ratio, max drawdown, volatility, BTC correlation, alpha, beta, VaR, and 60+ additional metrics
Fees and termsManagement fee, performance fee, hurdle/HWM, minimum investment, lockup period, distributions, eligible investors
Service providersAuditor, custodian, administrator, legal counsel
Fund documentsFactsheet PDFs (where available), monthly reports

For the full fund universe (800+ crypto hedge funds, VC funds, and index funds), the Crypto Fund List gives you the directory-level data: company info, contacts, AUM, geography, and investment focus. If you’re at the screening stage rather than the deep DD stage, start there. You can download a free sample to see the format.

Start your due diligence

Screen 300+ crypto funds with institutional-grade data

Fees, lockups, minimums, auditors, custodians, 60+ risk metrics, and full monthly performance history. The data you need before the first meeting.

Explore the Performance Database → Download Free Sample

Frequently asked questions

How long does due diligence on a crypto fund typically take?
It depends on the allocator’s process and the fund’s responsiveness. For most institutional allocators, initial screening takes a few days. The full DD process, from first meeting through legal review and operational site visit, usually runs 4 to 12 weeks. Some family offices move faster. Large institutional allocators with formal investment committees can take six months or longer.
Is a DDQ (due diligence questionnaire) the same as due diligence?
No. The DDQ is a document. Due diligence is a process. Most funds have a standard DDQ they send to prospective investors, but the best allocators treat the DDQ as a starting point, not the finish line. Follow-up calls, reference checks, onsite visits, and independent verification of claims all matter.
What changed after FTX for crypto fund due diligence?
Custody and counterparty risk moved from “a section in the DDQ” to “the first thing allocators ask about.” The standards for what counts as acceptable custody have tightened considerably. Self-custody is viewed more skeptically. Exchange counterparty diversification became a hard requirement for many institutions. And questions about proof of reserves, asset segregation, and custodial insurance are now standard rather than optional.
Should I use a third-party ODD provider for crypto funds?
If you can afford it, yes. Firms that specialize in operational due diligence for alternative investments (Albourne, Cartesian, Castle Hall) have been building out crypto capabilities. The SBAI also provides a framework specifically for digital asset ODD. For smaller allocators or family offices without in-house ODD teams, a third-party review adds significant credibility to the diligence process.
How can CFR’s Performance Database help with due diligence?
It gives you the structured data layer. You can screen funds by strategy, geography, AUM, performance, and risk metrics before deciding which funds deserve deeper diligence. For each fund, you get fee structures, service providers (auditor, custodian, admin, legal), and 60+ risk metrics. It’s the screening and comparison step, not a replacement for talking to the fund directly.

Similar Posts