Honeypots
How Do Crypto Honeypot Scams Work?
To understand how these scams work, let's break it down into steps:
1. Create a Malicious Token: The scammer develops a token smart contract with a blacklist feature, allowing them to restrict wallet addresses that purchase the token. This can be automated through smart contracts, and a whitelist function enables specified addresses to sell the token.
Another common tactic involves imposing a high tax on token sales, which benefits the token creator.
2. Launch the Token on a Decentralized Exchange: The scammer lists the token on a decentralized exchange (DEX), such as Dexscreener or Dextools, where meme coins with liquidity are often found.
3. Run DEX Ads or Promote Via Social Media: To attract initial buyers, scammers may run ads or promote the new coin on social media platforms or Telegram. This can include a simple website, a fresh X account, and a Telegram group to create the illusion of legitimacy. However, these channels often disappear once the scam is complete.
4. Trigger Token Function: As buyers swap ETH (assuming an ETH-based platform) for the token, their wallet address is logged and blacklisted by the contract. Whitelisted addresses may sell tokens into the liquidity pool, making trading appear more natural with occasional pullbacks on a bullish chart. Without this, the chart would likely go straight up.
Baiting Traders with a Bullish Chart
A seemingly promising chart is the hook that lures traders into buying into the next leg up of what appears to be a moonshot. But beneath the surface, scammers are cooking up a scheme.
The Liquidity Pool Trap
DEX tokens rely on a liquidity pool, which allows traders to swap ETH for other tokens in the pool. As more buyers enter the market, the pool fills with ETH, increasing the token's market cap. However, scammers have a ticking clock. They use auditing tools like GO+ Security, Quick Intel, and Token Sniffer to scan token contracts, knowing that eventually, their token will be flagged as a honeypot.
The Scam Unfolds
Once the token is identified as a scam, scammers sell their stash into the liquidity pool, draining it of ETH. Alternatively, they might simply close the pool and withdraw the ETH. Savvy traders may catch on to this tactic, so scammers might lock or burn the liquidity to maintain the illusion of legitimacy.
The Outcome: Worthless Tokens and Gone ETH
In either scenario, the scam tokens are rendered worthless, and the ETH is gone. Traders are left with nothing but a bitter taste of disappointment and financial loss.