How to Spot a Scam Token (Honeypot Detection)

Red Flags in Token Contracts

The crypto wild west is full of scam tokens designed to steal your money. Every day, hundreds of new tokens launch — and a significant percentage are outright scams. Before you ape into that "100x gem" someone shilled in a Telegram group, learn to spot the red flags.

• Unverified contract: If the contract source code isn't verified on Etherscan/block explorer, that's a massive red flag. Legit projects verify their contracts.
• Hidden mint functions: The owner can mint unlimited tokens and dump on you. Look for mint() or _mint() functions callable by the owner.
• Blacklist/whitelist functions: Functions like setBlacklist() or setWhitelist() mean the owner can prevent you from selling.
• Modifiable tax: If the owner can change buy/sell tax to 99%, they will. Look for setFee() or setTax() functions with no upper limit.
• Proxy contracts: Upgradeable proxies mean the owner can change the entire contract logic after launch. The token could be legit today and a honeypot tomorrow.
• No renounced ownership: If the owner hasn't renounced (or at least locked via multisig), they retain full control.

How Honeypots Work

A honeypot is a token you can buy but cannot sell. The contract contains hidden logic that blocks sell transactions for everyone except the deployer. Here's how they typically work:

• Token launches with attractive tokenomics and fake hype
• People buy in, price goes up (looks legit!)
• When you try to sell, the transaction reverts or charges 99% tax
• The deployer is the only one who can sell — they dump everything and disappear
• You're left holding worthless tokens you can never sell

Some honeypots are more sophisticated — they allow small sells initially to build trust, then activate the trap once enough liquidity is in the pool. Absolutely devious.

Tools to Check Before Buying

Never buy a token without running it through these tools first:

• TokenSniffer (tokensniffer.com): Scans contract code for known scam patterns. Gives a trust score from 0-100. Anything below 70 is sus.
• GoPlus Security (gopluslabs.io): API-based token security checker. Detects honeypots, hidden owners, and dangerous functions. Many DEX aggregators integrate this.
• DexScreener (dexscreener.com): Check trading activity. If a token has buys but zero sells, it's a honeypot. Also check if liquidity is locked.
• Honeypot.is: Simulates a buy and sell transaction to check if selling is actually possible. Quick and reliable.
• BubbleMaps (bubblemaps.io): Visualizes token holder distribution. If one cluster holds 80% of supply, it's a rug waiting to happen.

Checklist Before Buying Any Token

DYOR isn't just a meme — it's the difference between making money and getting rugged. Run through this checklist EVERY time.

• Is the contract verified on the block explorer?
• Is ownership renounced or locked in a multisig?
• Is liquidity locked (and for how long)?
• Does TokenSniffer/GoPlus show any red flags?
• Can you actually sell? (Check honeypot.is)
• Is there organic trading activity (both buys AND sells)?
• Does the team have a public identity (doxxed)?
• Is there a real website, whitepaper, and community?
• Has the contract been audited by a reputable firm?
• Is the token holder distribution reasonable (no single wallet with 50%+)?

Common Scam Patterns

Here are real patterns scammers use repeatedly:

• The "Elon" Token: Named after celebrities or trending topics. Launched within hours of a viral tweet. 99% are scams.
• Fake Liquidity: Deployer adds liquidity, waits for buyers, then removes all liquidity (rug pull). Check if LP tokens are burned or locked.
• Clone Tokens: Copies of legitimate project names with slightly different contract addresses. Always verify the official contract address from the project's official channels.
• Slow Rug: Team gradually sells their allocation over days/weeks while posting "bullish" updates. Watch insider wallets.
• Fake Audit: Scammers create fake audit PDFs or reference audits that don't exist. Always verify audits directly on the auditor's website.

The golden rule: if it seems too good to be true, it probably is. No legitimate project needs to shill in random Telegram groups promising 1000x returns. Stay safe out there, anon. The money you save by avoiding one scam is worth more than the "gains" you might miss by being cautious.