How to compare APY and risk: a 5-check framework for picking a yield platform

Open any crypto yield aggregator and your hand instinctively reaches for one move: sort by APY, take the top row. It's the most common and most expensive mistake in this market. This guide walks you through a 5-check framework — the same methodology YieldScope uses to grade platforms from A to F — so you can apply the logic yourself, with or without our table.

The biggest mistake: sorting by APY and picking the top row

APY is a price. It's what a platform pays to rent your money. When a platform pays significantly above the market, there is always a reason, and it's never "we just like our users more." Either capital is expensive for them to attract (weak reputation, thin liquidity), or the rate is a temporary subsidy from a marketing budget, or your deposit is being routed into riskier strategies than the landing page admits.

A high rate is someone paying you for taking on risk. The only question is whether you understand which risk. Celsius paid up to 17% and marketed itself as safer than a bank. Anchor paid a "stable" 20% on UST. Depositors of both found out exactly what they were being paid for on the day withdrawals stopped.

Sorting by APY with no risk filter is a lottery where the ticket costs your entire deposit. The correct order is the reverse: first filter platforms by reliability, then compare rates among the survivors. The rest of this guide is about how to do that filtering.

The 5-check framework

This is the methodology behind YieldScope's A–F grades. Five checks, each one binary — a platform either passes or it doesn't. No vibes, no "trust score" black box. Here is each check in human language, and why it earns its place.

Check 1: A real regulator's license

Does the platform hold a license in a jurisdiction with actual supervision — MiCA in the EU, US state licenses, VARA in Dubai, MAS in Singapore? A license isn't a sticker. It means mandatory audits, capital requirements, segregation of client funds, and a regulator you can file a complaint with. Without it, your only escalation path when something goes wrong is tweeting at the platform and hoping.

A license doesn't make a platform honest. It makes dishonesty harder, slower, and more punishable — which is the most you can ask from any single check.

Check 2: Proof-of-Reserves

Does the platform publish regular cryptographic proof that client assets actually sit in its wallets? Proof-of-Reserves is imperfect — it shows assets but not liabilities, and a determined fraudster can window-dress a snapshot. But it rules out the single deadliest failure mode in CeFi: a platform quietly trading or lending out client money, FTX-style, while the dashboard shows you a healthy balance.

No PoR means the platform's answer to "where is my money?" is "trust us." That answer has a bad track record.

Check 3: Flexible withdrawal

Can you take your money out at any time, without a penalty? Flexible withdrawal isn't a convenience feature — it's your exit mechanism. The first sign of trouble at a yield platform is almost never an announcement; it's rumors, slowing withdrawals, a delisted asset. With flexible terms you can act on early signals. With a 90-day lock-up you're a passenger with no door handle for 90 days.

Locked products typically pay a 1–3% premium over flexible ones. That's a remarkably low price for a platform to buy your right to leave.

Check 4: An insurance fund

Is there a dedicated fund or insurance coverage for the hack scenario? Hacks happen to well-run platforms too — security is a probability game, not a binary. The difference between "we are deeply sorry" and "losses covered from the fund" is the difference between Bybit, which made users whole after a $1.5B hack in 2025, and the long list of platforms that simply shut the doors.

An insurance fund doesn't prevent the incident. It changes who absorbs it.

Check 5: Incident history — 2+ years without loss of user funds

Has the platform operated for at least two years without a single episode of users losing money — no frozen withdrawals, no haircuts, no "temporary pauses" that became permanent? Time is the most honest auditor in this market. Two years of operation includes at least one market stress period, and surviving one without touching client funds is a stronger signal than any whitepaper.

Note the precise wording: without loss of user funds. A platform can get hacked, pass this check anyway — if users were fully reimbursed — and that's intentional. We measure outcomes for depositors, not headlines.

Turning checks into a decision: what the grades mean

Count the passed checks and you get a grade. Here's how to actually use it:

• A (5/5) — your conservative base. These platforms have passed everything we can verify. This is where the core of a yield portfolio belongs.
• B–C (3–4/5) — a compromise. Acceptable for a slice of the portfolio if the rate premium is real and — critically — you know which check failed and why you're okay with it. A missing insurance fund and a missing license are very different holes.
• D–F (0–2/5) — only money you're genuinely prepared to lose. Not "probably won't lose." Prepared to watch go to zero. If imagining that loss changes your sleep, the position is too big.

One caveat we put in bold everywhere: even grade A does not mean "insured." None of this is a bank deposit. There is no FDIC, no government deposit-insurance scheme standing behind any crypto yield product. Grade A means "passed every verifiable reliability check," not "risk is zero." The full methodology, with sources for every check, lives on our transparency page. And if you want a deeper dive into the risk these checks are built to catch, read the companion guide on counterparty risk in crypto.

The second axis: the coin itself

The platform grade is half the picture. The other half is the asset your APY accrues in — and this axis catches people just as often.

• Stablecoins. Yield in dollars on a non-moving price. 8% APY is roughly 8% real return, minus depeg risk (USDT has touched $0.95, USDC $0.87 — briefly, but it happened).
• Volatile majors (BTC, ETH). 3% APY on ETH is 3% denominated in ETH. If ETH drops 30%, your yield didn't save you — you earned 3% on the way down. Staking majors makes sense only if you'd be holding the asset anyway; the yield is a bonus on a position, not a reason to open one.
• Small-cap tokens with floating rates. A 200% APY on a fresh token is almost always paid in emissions of that same token. The rate is floating in the strictest sense: yesterday's 200% is not tomorrow's 200% — it dilutes as deposits flow in, and the token itself often loses value faster than the yield drips in. The advertised number is a photograph of a melting ice cube.

The rule: decide what asset you want your return in first, then compare rates. 12% on a small-cap token and 6% on USDC aren't "twice as good" versus "half as good" — they're different instruments answering different questions.

A practical 5-step algorithm

Putting both axes together, here is the full routine:

1. Define your amount and risk tolerance. How much are you deploying, and what fraction could go to zero without changing your life? Write the numbers down — vague tolerance always inflates under the glow of a big APY.
2. Filter platforms by grade. Grade A only for the base; allow B–C for the aggressive slice if step 1 left room for one.
3. Compare rates only within one grade. This is the step people skip. Comparing 15% at grade D against 7% at grade A is comparing a price against a lottery ticket. Within the same grade, the higher rate is genuinely the better deal — that's the whole point of grading first.
4. Check availability in your country. The best rate on the list is worthless if the platform doesn't serve your jurisdiction or you can't pass its KYC. Check before you plan an allocation around it, not after.
5. Diversify. Even within grade A, split across two or three platforms. Grades measure the probability of an incident; diversification caps the damage of one. You want both layers.

The live comparison table with current rates and grades is on the YieldScope home page, and if you're weighing crypto yield against classic options like bank deposits, see the alternatives page.

FAQ

Is a higher APY always riskier?

Almost always it reflects at least one of three things: higher risk, lower liquidity (lock-ups), or a temporary subsidy. Genuine exceptions exist — a newly licensed platform buying market share, a short-lived rate dislocation — but they're rare enough that the rational default is to treat an anomalously high rate as compensation for something you haven't spotted yet. Find the something before you deposit, not after.

Can I trust a platform just because it's big?

No. Celsius held $25 billion at its peak; FTX was the second-largest exchange in the world. Size buys liquidity and brand recognition, not honesty. The upside is that big platforms are easier to run through the five checks — there's more public data, more audit history, more regulatory paper trail. Use their size as a research advantage, not as the conclusion.

How often should I re-check platforms?

Rates: every week or two — they float, and the gap between platforms shifts constantly. Grades: quarterly is enough in calm conditions, but re-check immediately on trigger events — a jurisdiction change, a paused PoR report, withdrawal delays, key executives leaving. Any one of those is a reason to reassess the position the same day, not at the next quarterly review.

None of this is investment advice. This guide describes an evaluation methodology; the decisions — and the risks — are yours.