Blog
Defi Security

What is a Honeypot Scam?

Andrew Ciaccia
September 8, 2022

Broadly speaking, a honeypot scam is something in which you can put money into, but can’t get your money back out of. In the crypto space, honeypots can take many forms, but generally fall into two categories: fake platforms, and fake assets. In this article, the question of what a honeypot scam is and how to spot it will be discussed.

What is a crypto honeypot scam?

When it comes to honeypot scams, fake platforms are pretty straight forward. Scammers will set up websites that look and function like a centralized exchange or investment site, in hopes of tricking people into depositing money into their “accounts”. These sites often have scrolling price trackers, supposed testimonials and partnerships, and other elements to make the site look legitimate. Depositing money onto one of these platforms is essentially transferring funds directly into the scammer's wallet - no real services will be available on the site, and your money will be unrecoverable.

An example of a honeypot scam
honeypot scam features
honey pot scams try to trick you with features
An example of a honeypot scam website.

Fake assets, on the other hand, are a little trickier. Honeypot assets are tokens or NFTs that can be purchased, but not resold. Most commonly, a honeypot asset will have a big marketing push for a week or two leading up to its presale or mint, then the social media accounts associated with the project will disappear shortly after going live. People who put money into the presale will receive their tokens, but will not be able to sell them on any DEX, making them effectively worthless. This can happen a variety of ways, including having the sell tax set to 100%, or if the smart contract includes a allowlist/banlist function.

How can you spot a honeypot?

Fake platforms have a number of red flags to look out for, including:

  • It was sent to you via an unsolicited DM from a stranger.
  • The site was launched within the last week or two (this can be checked via ICANN lookup).
  • The site promises guaranteed returns on your investment with zero risk.
  • Investment or staking sites are offering unreasonably high returns (if it’s too good to be true…).
  • Many of the options, buttons, tabs, etc on the site are non-functional.
  • Claims about partnerships, audits, insurance, or investment activities cannot be verified.
  • The platform has no social media presence.
  • Wording on the site has numerous spelling and grammatical errors.

Fake assets can be harder to spot, but there are still some common red flags:

  • They were shilled to you via unsolicited DM from a stranger.
  • The contract address is difficult to find.
  • Social media accounts are only a week or two old, but already have thousands of followers.
  • Telegram channel has thousands of members, but very few people actually chatting or doing more than posting memes.
  • Project roadmap is unreasonably ambitious (for example, promising a P2E game, metaverse, staking, and NFT collection within the first quarter or two).
  • Claims of a contract audit can’t be verified, or the audit they make available is fake.
  • Presale has an extremely low softcap, and high (or non-existent) hardcap.
  • The wallet that created the smart contract was freshly funded from an exchange or Tornado Cash.

Additionally, tools like TokenSniffer, Scamsniper, Honeypot.is, and RugScreen can all scan a smart contract for any malicious functions that would allow the contract owner to turn the project into a honeypot. These functions include a sell tax that can be set to 100%, a banlist function that can specify only certain wallets that are allowed to sell (usually just the dev wallet), or a function that disallows transfers.

check honeypot scams

Here is also an example of when we spotted a honeypot scam, played along, and dug deep into how these work:

The Takeaway: Staying safe from honeypot scam contracts

Whether it’s a fake platform or fake asset, honeypots rely on instilling trust in the victims. Every aspect - the people advertising it, the content of the site, the social media posts - is designed to make the project look as legitimate and safe as possible. Accordingly, investors should never take things at face value. Verify all claims of audits or partnerships, and scan the contracts to see if a honeypot is possible. If it IS possible, consider whether or not you actually trust the team to not do it.

Stay Informed with Interlock's Latest News and Insights

Chainalysis Crypto Crime Report 2023: Trends and Insights on Crypto Scams
Defi Security
Chainalysis Crypto Crime Report 2023: Trends and Insights on Crypto Scams
Despite the overall drop due to the bear market, some types of scams continue to grow.
Read More
Combating Crypto Scams: A Twitter Poll Analysis
Defi Security
Combating Crypto Scams: A Twitter Poll Analysis
This article aims to analyze the results of the poll and offer insights on how to better protect yourself from crypto scams.
Read More
ThreatSlayer Security Quiz
Defi Security
ThreatSlayer Security Quiz
Taking this quiz will help you solidify your knowledge and, at the same time, play your part in keeping the community safe. The more aware you are of how scams, hacks, and exploits work — and how you can use ThreatSlayer to stop them — the stronger our community and our AI tool will be.
Read More
Explore the Latest News

Browse Safely. Earn Generously.

Checklist
Easy Install
Checklist
Earn Rewards
Checklist
AI Protection
Download ThreatSlayer