Digitap's SolidProof audit identified a medium-severity vulnerability: the contract owner can whitelist addresses to transfer tokens before trading is enabled, allowing presale wallets to dump tokens on the market before regular investors can sell. The team is fully anonymous, the project domain was only 163 days old when the first scam report was filed, and multiple Trustpilot reviewers report unreceived confirmation emails, unresponsive support, and suspicious token transfer mechanics. Despite raising $5.14M, no verifiable core smart contract development exists on GitHub.
Digitap positions itself as an "omni-bank" โ a platform that merges traditional banking and blockchain for both fiat and crypto management. The project has raised approximately $5.14M across three presale rounds and claims to have a functional beta application available on desktop, Apple App Store, and Google Play Store.
The existence of a beta app is a genuine positive differentiator from many presales in this sweep. However, the project's anonymous team, a critical audit finding regarding owner whitelisting privileges, and multiple community scam reports significantly undermine confidence in the project's legitimacy.
When the first Reddit r/CryptoScams thread was filed in October 2025, the digitap.app domain was only 163 days old. A project claiming to be building an "omni-bank" that merges traditional banking with blockchain โ a heavily regulated, complex undertaking โ launched its domain less than 6 months before community members began flagging it as a potential scam. Legitimate fintech companies typically have years of development before public launch.
SolidProof's audit identified a medium-severity issue: the contract owner can whitelist specific addresses to transfer tokens without enabling public trading. This means the project team can arrange for their own wallets (or affiliated wallets) to sell tokens on the open market before regular presale investors are able to sell. This is a documented mechanism used in rug pulls and coordinated dumps.
| Feature | Status | Risk |
|---|---|---|
| Ownership Renounced | โ NOT Renounced | Owner retains full control |
| Minting Function | โ No Mint Function | Fixed supply โ positive |
| Owner Whitelisting | โ Can Whitelist Before Trading | MEDIUM โ allows early dump by insiders |
| ETH Withdrawal | โ Owner Can Withdraw ETH | Owner can drain ETH from contract |
| Token Withdrawal | โ Owner Can Withdraw Stuck Tokens | Centralization risk |
| Trading Enable | โ Owner Enables Once | One-time action โ cannot be reversed |
| SolidProof TrustNet Score | 52.77 โ Poor | Below average security rating |
| Factor | Finding | Assessment |
|---|---|---|
| Public Team Identities | Not disclosed in whitepaper or website | FAIL |
| LinkedIn Profiles | None found for team members | FAIL |
| Prior Projects | Reddit: "unidentified, unverified, and uncredentialed people behind Digitap" | FAIL |
| GitHub Core Development | github.com/digitapeu โ 8 repos, mostly forks/SDKs; no core contract repo | FAIL |
| Team Token Lock | 1% (20M TAP) locked for 5 years | POSITIVE |
| KYC Verification | None found | FAIL |
| Legal Entity | Not disclosed | FAIL |
| Platform | Finding | Key Complaints |
|---|---|---|
| Trustpilot | 3.9/5 โ 22% one-star | Unreceived confirmation emails; unresponsive customer support; lack of regulatory registration; fake online information; suspicious token transfer mechanics |
| Reddit r/CryptoScams | Active thread (Oct 2025) | Young domain age; unverifiable ApplePay/Visa affiliations; owner whitelisting for early token transfers |
| GitHub | Mostly forks/SDKs | No core smart contract development visible; most recent activity on unrelated SDK |
Digitap's marketing materials reference affiliations with ApplePay and Visa. Reddit community members specifically flagged these claims as unverifiable โ neither Apple nor Visa has publicly confirmed any partnership with Digitap. Falsely implying partnerships with major financial institutions is a common tactic used by fraudulent fintech projects to establish false credibility.
| Pillar | Rating | Key Finding |
|---|---|---|
| 1. Team & Transparency | FAIL | Fully anonymous; no LinkedIn; no KYC; Reddit calls team "unidentified and uncredentialed" |
| 2. Technology & Product | PARTIAL | Beta app exists on App Store/Google Play โ genuine positive; but no core contract GitHub |
| 3. Tokenomics & Security | FAIL | Owner whitelisting exploit; ownership not renounced; SolidProof TrustNet 52.77 (Poor) |
| 4. Regulatory & Legal | FAIL | No legal entity; no banking licenses; "omni-bank" claims require heavy regulation |
| 5. Community & Track Record | CONCERN | Trustpilot 3.9/5 with 22% one-star; active Reddit scam thread; unverifiable partnership claims |
Digitap's $5.14M raise and functional beta app distinguish it from pure vaporware projects. However, the owner whitelisting exploit identified by SolidProof, the fully anonymous team, the young domain age, and the active Reddit scam thread create a HIGH risk profile that cannot be ignored.
The "omni-bank" concept โ merging traditional banking with blockchain โ requires banking licenses, regulatory compliance, and established financial partnerships. None of these have been demonstrated. The unverifiable ApplePay/Visa claims are a significant credibility concern.
ScamHound recommends extreme caution. The owner whitelisting mechanism alone is sufficient reason to avoid this project until the team is publicly identified and the contract vulnerability is addressed.
Sources: SolidProof audit (digitap.app), Coinsult audit, Reddit r/CryptoScams (Oct 2025), Trustpilot (digitap.app), AMBCrypto (Feb 11, 2026), CaptainAltcoin review, BTCC analysis, ScamHound Jan-Feb 2026 Presale Sweep.