The Honeypot Scam: What is it, and how to avoid?

“Relax, “ said the contract, “We are programmed to receive. You can check-out any time you like, But you can never leave! “

The Honeypot Scam — you can buy, but you can never sell

You see it again. You’d seen it at the start of the week but thought better of buying. “It’s already gone up 5x, surely I’m too late”. That was 25x ago. Your hand is shaking as you hover over the buy button in PancakeSwap. The promise of untold crypto riches is too alluring. You trade your 1 BNB.

Congratulations, you’re now the newest holder of Squid Games. You rejoice as the chart continues to go up. 2x, then 5x, then 10x. 50x! Not being greedy, you decide it’s time to sell. You hit Swap, and you’re met with:

The dreaded TRANSFER_FROM_FAILED error, the hallmark of the honeypot scam

Welcome to the deep, dark world of DeFi and it’s most notorious scam, the Honeypot.

So what is a Honeypot anyway?

A Honeypot is a type of scam where you are able to buy into a DeFi token but you are not able to sell. This is done by code in the contract that prevents everybody but a very small subset (usually only the contract owner) from selling their tokens.

There exists an even more nefarious version of the scam — the Delayed Honeypot, where users are able to sell initially, up until the trap is triggered by the contract owner, disabling any future selling. The initial selling is designed to lull users into a false sense of security, attracting more buys than the standard Honeypot.

Ok, so how do we detect a Honeypot?

As it turns out, it’s not so easy to catch a Honeypot, which is why it is such an effective scam. Some options are:

Test Buy and Sell

The most rudimentary approach is to try a small amount of tokens (e.g. a 1 USD worth) and try to sell. If you can sell, you can be confident that it’s not a Honeypot. But this won’t work for the Delayed Honeypots. Also, it’s costly and very inefficient. We can do better.

Look at the buys and sells

Another naive approach is to look at the buys and sells in a charting tool like Poocoin or Dextools, and see if there are any sells. This is also ineffective against Delayed Honeypots, and often the sells are from the owner’s wallet to lure you into thinking it is safe. No good.

This Honeypot token has a sell from the owner’s wallet

A better approach is to look at the unique sellers in Poocoin. If a contract has been trading for a while, a healthy spread of sellers is a good sign that it is safe. This is again ineffective against Delayed Honeypots and also isn’t much help if the token was just newly released.

Only one wallet has been selling, indicating that it’s a Honeypot

Read the Contract

If you’re confident, you can attempt to read the contract. This is a robust method but requires a lot of experience and skill, and isn’t an option for most people. Even if you are comfortable reading code, it’s take a lot of time and scammers go to great lengths to hide their scams.

Rug Checkers

Rug checkers (software that analyses the contract code) can do a decent job at detecting basic scams, however they’ll never be able to pick up on all scams and will struggle with even moderately sophisticated scams. They’re also prone to mistakenly classifying safe contracts as potential scams.

This is all so hard! Is all hope lost?

Not so fast. There is one approach that can help detect Honeypots with a high level of accuracy (though they often fail on contracts with anti-bot) — simulating a buy and sell.

It’s possible to tell the blockchain to attempt to buy and sell a token as any address, and see what the result of the transaction would be, without actually performing the transaction. This is the basis of automated Honeypot detectors.

The problem? Most Honeypot detectors require you to manually copy and paste a contract address into a website to check if it is safe.

Agents of I.N.U. Token Tracker with inline Honey Detection

We felt the pain. Our aim at Agents of I.N.U. is to streamline the process of vetting tokens. That’s why we built our Honeypot Detector directly into our Token Tracker, making it easy to see which tokens to avoid.

We update the results every 5 minutes, allowing you to safely avoid any token that might have turned into a Honeypot! Watch below to see how it works:

What’s next?

Curious to know more? Some questions that we haven’t addressed:

  • Why Honeypot Detectors struggle with anti-bot contracts, and how we can work around this limitation
  • What are the different types of Honeypots
  • How to simulate buys and sells

If you’d like to learn more on the above, anything else about Honeypots, or anything DeFi, drop us a comment below!

Who are the Agents of I.N.U.?

Start by checking out our web app!

We’re building a suite of products to help you find the best and safest tokens to buy in DeFi.

Join us on Telegram, follow us on Twitter and of course, subscribe to our blog here on Medium!

Web App | Telegram | Twitter | Brand Site | Youtube Channel

Any feedback is good feedback — we’d love to know what you think.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store