Mutuum Finance (MUTM) Due Diligence Report 2026

Section 00

Executive Summary

ScamHoundCrypto — Analyst Summary

Mutuum Finance (MUTM) is a decentralized lending and borrowing protocol currently in Phase 7 of an 11-phase presale, having raised $20.6 million as of March 2026. It is the most credible project ScamHoundCrypto has reviewed in this presale cycle — and that distinction matters, because the bar set by the competition is extremely low.

MUTM has done what almost no other presale project does: it commissioned real security audits from reputable firms (CertiK and Halborn), deployed a clean non-upgradeable ERC-20 token contract, partially doxxed its team, and registered a legal entity. These are not guarantees of success, but they are the minimum viable signals of a project that intends to build something.

The primary risk is not fraud. It is execution. The DeFi lending space is dominated by Aave and Compound — protocols with years of battle-tested code, billions in TVL, and deep liquidity networks. MUTM is entering that market from a presale with no mainnet deployment, no public GitHub, and a team that is only partially transparent. The question is not whether MUTM is a scam. It is whether MUTM can compete.

■ Medium Risk

Not a scam. Legitimate audits. Real execution risk in a competitive market.

Part I — Pillar Analysis

Pillar 1 — Infrastructure Reality Check

1.1Infrastructure Claims vs. Evidence

■ Low Risk

MUTM's infrastructure claim is straightforward and verifiable: it is a DeFi lending protocol with two operational models. The Peer-to-Contract (P2C) model pools liquidity from lenders and makes it available to borrowers against collateral — the same fundamental architecture used by Aave and Compound. The Peer-to-Peer (P2P) model allows direct lending arrangements for more speculative or illiquid assets, which is a legitimate differentiation from the dominant P2C-only protocols.

Unlike the other presales reviewed in this cycle, MUTM is not making extraordinary infrastructure claims. There is no "500,000 TPS" figure, no "Quantum AI Consensus," no unaudited bridge design. The project claims to be building a DeFi lending protocol, and the technical architecture described in its documentation is consistent with what a DeFi lending protocol actually looks like. This is a low bar, but it is a bar that most presales fail to clear.

The V1 protocol has been activated on testnet, which provides a meaningful signal of development progress. A live testnet means there is actual code running, not just a whitepaper. The Halborn audit, conducted in November 2025, confirms that EVM smart contracts exist and were reviewed. ^[3] This is a significant step beyond the zero-evidence projects in the rest of this report's portfolio.

The infrastructure claims are plausible, proportionate, and partially verified by a live testnet and third-party audit. This is what legitimate DeFi development looks like at the presale stage.

Evaluation Point	Finding	Risk Level
Protocol Type	DeFi Lending & Borrowing (P2C + P2P)	■ LOW
Infrastructure Claims	Reasonable, consistent with standard DeFi architecture	■ LOW
Testnet Status	V1 protocol activated on testnet	■ LOW
TPS / Performance Claims	None — no extraordinary performance claims made	■ LOW
Centralization Risk	Standard DeFi architecture; no single-sequencer dependency	■ LOW

Pillar 1 Risk Score: LOW

Part I — Pillar Analysis

Pillar 2 — Code Over Whitepapers

1.2Smart Contract Security & Code Transparency

■ Medium Risk

The Token Contract

The MUTM token contract at 0x26BdEe9E66575319D5599569dFB39f543cFA8721 is clean. It is a standard ERC-20 implementation with no minting functions, no pausing mechanisms, and no admin backdoors. The entire supply of 4 billion tokens was minted at deployment and transferred to the owner's address. Ownership has not been renounced — the owner address retains control — but the absence of privileged functions means that control is limited to token distribution, not supply manipulation. ^[2]

CertiK's Token Scan gives MUTM a score of 90/100. ^[4] For context, a score of 90 is strong for a presale token. The deductions are typically for factors like centralized ownership (which is expected at this stage) rather than critical vulnerabilities.

The Halborn Protocol Audit

The more significant security review is the Halborn audit of the EVM smart contracts, conducted in November 2025. ^[3] Halborn is a reputable blockchain security firm — not a rubber-stamp audit shop. Their findings are worth examining in detail:

Severity	Count	Status
Critical	0	■ None Found
High	1	■ Addressed
Medium	4	■ Addressed
Informational	1	■ Addressed

Zero critical vulnerabilities and all findings addressed is a strong result. For comparison, Bitcoin Hyper's Coinsult audit identified a high-risk issue that was never publicly disclosed. MUTM's transparency here is meaningfully better.

The high-severity finding that was addressed is not publicly detailed in the available audit summary. Investors should request the full Halborn report to understand what was found and how it was remediated. A "addressed" status without disclosure of the finding's nature is not the same as full transparency.

The GitHub Problem

This is the most significant transparency failure in the MUTM profile. The project's website describes itself as "open source," but there is no public GitHub repository for the protocol's core smart contracts. The code has been audited by Halborn, which means it exists — but the community cannot independently review it, fork it, or verify that the deployed contracts match the audited code.

In mature DeFi, open-source code is not optional. Aave, Compound, Uniswap, and every other credible DeFi protocol publishes its code publicly. The argument that publishing code creates a security risk is not accepted by the DeFi security community — security through obscurity is not security. The absence of a public repository is a meaningful transparency gap that MUTM needs to close before mainnet launch.

The ScamHound Test: Show us the GitHub commits. Show us the contract addresses on mainnet. Show us the deployment transaction. If a project cannot answer those three questions at mainnet launch, the audit is a credential, not a guarantee.

Evaluation Point	Finding	Risk Level
Token Contract	Clean, non-upgradeable ERC-20, no minting functions	■ LOW
CertiK Score	90/100 Token Scan	■ LOW
Halborn Audit	0 critical, 1 high (addressed), 4 medium (addressed)	■ LOW
Public GitHub	No repository for protocol contracts — "open source" claim unverified	■ MEDIUM
Audit Transparency	High-severity finding addressed but not publicly detailed	■ MEDIUM

Pillar 2 Risk Score: MEDIUM — Audits are legitimate and results are strong. The GitHub gap is the primary concern.

Part I — Pillar Analysis

Pillar 3 — Team & Legal Structure

1.3Team Transparency & Accountability

■ Medium Risk

MUTM has a partially doxxed team — a meaningful distinction from the fully anonymous teams behind IONIX Chain, DeepSnitch AI, Bitcoin Hyper, and ZKP. Several individuals are publicly named in connection with the project:

Name	Role	Verifiability
Amir Sohail	Active Director	■ Named, limited public profile
Anton Osika	Co-founder & CEO	■ Named, some public presence
Jürgen Matthias Lotz	Business Co-founder	■ Named, limited public profile
Wojciech Czyz	Business Co-founder	■ Named, limited public profile
Alberto Gómez	Business Co-founder	■ Named, limited public profile

The distinction between "named" and "fully doxxed" matters. A named team member with a verifiable LinkedIn profile, a documented professional history, and a public track record is meaningfully more accountable than a name on a website. Not all of the MUTM team members have extensive verifiable public profiles. This is a partial improvement over anonymity, not a complete solution.

The project is registered as Mutuum Finance Technology Ltd., which provides a legal entity that can be held accountable in a way that an anonymous team operating from an offshore shell company cannot. This is a positive signal. The jurisdiction of registration is not prominently disclosed, which is worth investigating before committing significant capital.

A named team with a registered legal entity is the minimum viable accountability structure for a DeFi protocol. MUTM meets this bar. The question is whether the named individuals have the technical and operational depth to execute a competitive DeFi lending protocol.

Evaluation Point	Finding	Risk Level
Team Anonymity	Partially doxxed — multiple named individuals	■ MEDIUM
Verifiable Backgrounds	Some public presence; not all fully verifiable	■ MEDIUM
Legal Entity	Registered as Mutuum Finance Technology Ltd.	■ LOW
Jurisdiction	Not prominently disclosed	■ MEDIUM
Prior Track Record	No documented prior project failures or regulatory actions	■ LOW

Pillar 3 Risk Score: MEDIUM — Significantly better than anonymous teams. Not yet at the full transparency standard of a mature DeFi protocol.

Part I — Pillar Analysis

Pillar 4 — Liquidity Traps & Tokenomics

1.4Token Distribution & Vesting Analysis

■ Medium Risk

The MUTM tokenomics are reasonable by presale standards. The total supply is fixed at 4 billion tokens, minted at deployment with no mechanism for additional issuance. The presale allocation of 45.5% (1.82 billion tokens) is large but not unusual for a project at this stage — it reflects the project's reliance on presale funding for development capital.

Allocation	Percentage	Tokens	Risk Assessment
Presale	45.5%	1.82 billion	■ MEDIUM — Large presale allocation; price pressure at listing
Team & Founders	4.5%	180 million	■ LOW — Conservative team allocation
Liquidity	Undisclosed %	—	■ MEDIUM — Locking mechanism not specified
Ecosystem / Incentives	Remaining %	—	■ MEDIUM — Distribution schedule not fully disclosed

The 4.5% Team Allocation

A 4.5% team allocation is notably conservative. For context, many presale projects allocate 15–25% to the team, creating immediate sell pressure at listing. A 4.5% allocation signals either genuine confidence in the protocol's long-term value, or a team that has structured the tokenomics to appear investor-friendly. The distinction matters, and it is resolved by the vesting schedule — which is not publicly disclosed.

The Vesting Gap: The team's token vesting schedule is not publicly available. This is a meaningful transparency failure. A 4.5% team allocation with a 1-month cliff and 3-month linear vest is very different from a 4.5% allocation with a 2-year cliff and 4-year linear vest. Without this information, the team allocation cannot be properly evaluated. Investors should demand this disclosure before committing capital.

Presale Mechanics

The presale is conducted on-chain, which means purchases are verifiable on Etherscan. This is a positive signal — it means the presale cannot be fabricated or manipulated in the way that off-chain presales can be. The 11-phase structure with escalating prices creates a standard FOMO dynamic, but the on-chain transparency mitigates the risk of the presale itself being fraudulent.

The $20.6 million raised across 7 phases is a meaningful data point. It suggests genuine retail demand, not a fabricated raise. However, it also means that a significant number of retail investors are now holding presale tokens at various price points, all of whom will be looking for liquidity at listing. The listing price dynamics will be critical.

Evaluation Point	Finding	Risk Level
Total Supply	4 billion (fixed, no minting)	■ LOW
Team Allocation	4.5% — conservative	■ LOW
Team Vesting	Not publicly disclosed	■ MEDIUM
Presale Mechanism	On-chain, verifiable on Etherscan	■ LOW
Presale Raise	$20.6M across 7 phases — genuine retail demand	■ LOW
Listing Price Risk	Large presale allocation creates sell pressure at listing	■ MEDIUM

Pillar 4 Risk Score: MEDIUM — Conservative team allocation is a positive signal. Vesting non-disclosure is the primary concern.

Part II

Red Flags vs. Green Flags

🚩 Red Flags

🚩 No Public GitHub. The core protocol code is not open-source despite the website's claims. Community cannot independently verify the contracts.

🚩 Vesting Schedule Not Disclosed. The team's token vesting schedule is unknown. This is a critical gap for evaluating dump risk at listing.

🚩 Partial Team Doxxing. Named individuals, but not all have fully verifiable professional backgrounds or public LinkedIn profiles.

🚩 No Mainnet Deployment. The project is testnet-only. Execution risk remains until mainnet launch and real TVL is established.

🚩 Undisclosed Jurisdiction. The legal entity's registration jurisdiction is not prominently disclosed on the website.

🚩 High-Severity Audit Finding. Halborn found 1 high-severity issue. It was addressed, but the nature of the finding is not publicly detailed.

✅ Green Flags

✅ Legitimate Dual Audits. Audited by both CertiK (90/100) and Halborn — two reputable, independent security firms.

✅ Clean Token Contract. No minting, no pausing, no admin backdoors. Zero critical vulnerabilities found by Halborn.

✅ All Audit Findings Addressed. The 1 high and 4 medium findings from Halborn have all been remediated.

✅ Conservative Team Allocation. 4.5% team allocation is well below the industry average of 15–25%.

✅ Live Testnet. V1 protocol is running on testnet — actual code exists and is being tested.

✅ On-Chain Presale. All presale transactions are verifiable on Etherscan. The $20.6M raise is real.

✅ Registered Legal Entity. Mutuum Finance Technology Ltd. provides a degree of legal accountability absent in anonymous projects.

✅ No Extraordinary Claims. The project does not claim impossible TPS figures, fake AI, or unaudited bridge designs.

Part III

The Verdict

Is MUTM a Scam?

No. MUTM is a legitimate DeFi project with real development, third-party audits from reputable firms, and a partially doxxed team operating under a registered legal entity. It does not exhibit the hallmarks of a presale extraction operation: there are no anonymous founders, no extraordinary unverifiable claims, no rug-pull mechanisms in the token contract, and no documented history of prior project failures by the team. Compared to every other project reviewed in this presale cycle, MUTM is in a different category entirely.

Is MUTM a Safe Investment?

No investment in a presale is safe. MUTM is a medium-risk speculative investment. The risks are real and specific: the project has not launched on mainnet, the core protocol code is not publicly available, the team vesting schedule is undisclosed, and the DeFi lending market is dominated by entrenched competitors with years of battle-tested infrastructure and deep liquidity networks. These are not scam risks — they are execution risks. The distinction matters, but it does not eliminate the risk.

ScamHoundCrypto Verdict: Medium Risk — Legitimate Project, Real Execution Risk MUTM passes the basic legitimacy test that most presales fail. It has real audits, a clean contract, a partially accountable team, and a live testnet. It is not a scam. The investment thesis depends entirely on whether the team can execute a competitive DeFi lending protocol in a market where Aave and Compound have years of head start, billions in TVL, and established trust. That is a hard problem. The three things that would materially improve MUTM's credibility before mainnet: publish the protocol contracts on GitHub, disclose the team vesting schedule, and provide full professional backgrounds for all named team members.

For Different Investor Profiles

Investor Profile	Assessment	Recommendation
Retail / Speculative	MUTM is among the most credible presales available in this cycle. Audits and partial doxxing provide a floor of legitimacy.	■ Acceptable with position sizing discipline
Serious DeFi Investor	No public GitHub is a deal-breaker for code review. Wait for mainnet and public contract publication.	■ Wait for mainnet + GitHub publication
Institutional	Undisclosed vesting, partial doxxing, and no public code are disqualifying at this stage.	■ Not suitable pre-mainnet

Part IV

ScamHoundCrypto Framework Summary

Infrastructure

■ LOW

Code / Audits

■ MEDIUM

Team & Legal

■ MEDIUM

Tokenomics

■ MEDIUM

Overall

■ MEDIUM

Pillar	Risk Score	Key Finding	What Would Improve It
Infrastructure Reality Check	■ LOW	Standard DeFi protocol, live testnet, no extraordinary claims	Mainnet deployment
Code Over Whitepapers	■ MEDIUM	CertiK 90/100, Halborn 0 critical — but no public GitHub	Publish protocol contracts on GitHub
Team & Legal	■ MEDIUM	Partially doxxed, registered legal entity, no prior failures	Full professional backgrounds, jurisdiction disclosure
Liquidity & Tokenomics	■ MEDIUM	4.5% team allocation (conservative), on-chain presale — vesting undisclosed	Publish team vesting schedule

Part V

Competitive Context — DeFi Lending Landscape

The DeFi lending market is not a greenfield opportunity. It is a mature, competitive space with entrenched leaders that have survived multiple market cycles, major exploits in adjacent protocols, and regulatory scrutiny. Any honest evaluation of MUTM must account for what it is entering.

Protocol	TVL (approx.)	Years Live	Audits	GitHub
Aave v3	$15B+	5+	Multiple (OpenZeppelin, Trail of Bits, etc.)	■ Fully public
Compound v3	$3B+	5+	Multiple (OpenZeppelin, ChainSecurity, etc.)	■ Fully public
Spark Protocol	$2B+	2+	Multiple	■ Fully public
MUTM	$0 (pre-launch)	0 (testnet)	CertiK + Halborn	■ Not public

MUTM's differentiation claim rests on its P2P lending model, which allows direct lending arrangements for assets that pooled liquidity protocols won't support. This is a legitimate niche — there is demand for P2P lending of long-tail assets. But it is also a niche that carries higher credit risk, requires more sophisticated liquidation mechanisms, and has historically been difficult to scale. The P2P model is not a moat; it is a feature that larger protocols could add.

The honest question for MUTM investors is not "is this a scam?" — it is "can this team build a DeFi lending protocol that attracts meaningful TVL in a market where Aave exists?" That is a much harder question, and the answer is not obvious.

Part VI

Watchlist — What to Monitor Post-Launch

If you hold MUTM tokens or are considering a position, these are the specific milestones and warning signs to track after the presale closes and the protocol moves toward mainnet.

Milestone / Signal	What It Means	Timeline
GitHub Publication	Protocol contracts made public — enables community audit and verifies "open source" claim	■ Before mainnet — non-negotiable
Vesting Schedule Disclosure	Team token lock-up terms published — resolves dump risk uncertainty	■ Before listing — high priority
Mainnet Launch	Protocol goes live — real TVL begins accumulating, real liquidation risk begins	■ Per roadmap — watch for delays
TVL at 30 / 90 / 180 days	Organic TVL growth is the primary indicator of protocol health and competitive viability	■ Post-launch — key metric
First Liquidation Event	Tests whether the liquidation mechanism works under real market stress	■ Watch carefully — historical failure point
Team Token Unlock	When team vesting cliff hits — watch for sell pressure	■ Depends on undisclosed vesting schedule
Security Incident	Any exploit or vulnerability disclosure — DeFi lending protocols are high-value targets	■ Ongoing — monitor continuously

The Liquidation Risk Reality Check: DeFi lending protocols fail in one of two ways — either the team doesn't deliver (execution risk) or the liquidation mechanism fails under stress (protocol risk). The history of DeFi is littered with protocols that passed their audits and still lost user funds when market conditions moved faster than their liquidation bots. Cream Finance, Venus Protocol, and Euler Finance all had audits. Euler lost $197 million in a single exploit in 2023. Audits reduce risk; they do not eliminate it.

07

References

Mutuum Finance — Official Website
mutuum.com · Accessed March 01, 2026
MUTM Token Contract — Etherscan
etherscan.io · Contract: 0x26BdEe9E66575319D5599569dFB39f543cFA8721
Halborn Security Audit — Mutuum Finance EVM Contracts (November 2025)
halborn.com · November 2025
CertiK Skynet — Mutuum Finance Security Score (90/100)
skynet.certik.com · Accessed March 01, 2026
Aave Protocol — DeFi Lending Market Leader
aave.com · Competitive context reference
Compound Finance — DeFi Lending Protocol
compound.finance · Competitive context reference
Rekt News: Euler Finance — $197M Exploit (March 2023)
rekt.news · March 2023 · DeFi lending protocol risk reference
Rekt News: Cream Finance — Flash Loan Exploit
rekt.news · DeFi lending protocol risk reference