The BSC Scam Playbook

Every scam follows a pattern. Learn the patterns, spot them early.

Short on time? Read Before You Trade: The Non-Negotiables for the quick version.

The reality: Scammers aren’t creative. They run the same playbooks over and over because they work. This guide breaks down those playbooks — rug pulls, honeypots, phishing, approval exploits — so you can recognize them before you become a statistic.

In this article:

• Why BSC is a Target
• The Anatomy of a Rug Pull
• Honeypot Contracts
• Phishing & Social Engineering
• Smart Contract Approval Risks
• The Verification Workflow
• Incident Response
• Quick Reference Checklist

Why BSC is a Target

BNB Chain processes millions of transactions daily with gas fees often under $0.10. This accessibility is a double-edged sword.

For users: Low barrier to entry, fast transactions, affordable DeFi participation.

For scammers: Cheap to deploy malicious contracts, easy to create convincing-looking projects, high volume of potential victims.

The good news: BNB Chain’s security has improved dramatically. Security-related losses dropped 67% year-over-year in 2024, according to ecosystem reports. The network isn’t inherently unsafe—but the low cost of launching tokens means more projects exist, and that includes more scams.

The pattern is consistent across all chains: Where there’s opportunity, there are bad actors. Your defense is knowledge.

The Anatomy of a Rug Pull

A rug pull occurs when project developers abandon a project after extracting value from investors. The name comes from “pulling the rug out” from under token holders.

How Rug Pulls Work

There are two primary mechanisms:

1. Liquidity Removal

When a token launches on a DEX like PancakeSwap, liquidity is added to a pool (e.g., TOKEN/BNB). This liquidity enables trading. In a rug pull:

1. Developers create hype around a new token
2. Users buy the token, increasing its price
3. Developers remove all liquidity from the pool
4. Token holders can no longer sell—there’s no liquidity to trade against
5. Developers walk away with the BNB

2. Hidden Mint Functions

Some contracts contain hidden functions that allow the deployer to:

• Mint unlimited new tokens (diluting existing holders)
• Disable selling for all addresses except their own
• Transfer tokens from any wallet
• Modify fees to 100% (taking everything on each transaction)

Red Flags to Watch For

How to Check on BscScan

1. Go to BscScan.com
2. Enter the contract address
3. Check the Contract tab:
   • Is the source code verified?
   • Look for owner() function—is ownership renounced?
   • Search for mint functions—who can call them?
4. Check the Holders tab:
   • Does one wallet hold a suspiciously large percentage?
   • Are top holders the LP contracts (normal) or unknown wallets (concerning)?

Use our Security tools to access trusted verification tools in one place.

Honeypot Contracts: Can’t Sell What You Buy

A honeypot is a contract designed to let you buy but not sell. The name comes from traps that attract victims but don’t let them escape.

Deep dive: Our Honeypot Detection Guide covers advanced detection techniques and real-world examples.

How Honeypots Work

The contract contains code that:

• Allows buy transactions from any address
• Blocks sell transactions except for whitelisted addresses (usually just the deployer)

When you try to sell, the transaction fails. Meanwhile, the developers can sell freely, draining the liquidity pool.

Why approvals don’t help: Even if you revoke the contract’s approval to spend your tokens, the sell function itself is blocked. The tokens are stuck in your wallet.

Honeypot Detection Methods

1. Use TokenSniffer

• Visit tokensniffer.com
• Enter the BSC contract address
• Look for the “Audit” section—it flags honeypot characteristics

2. Use Honeypot.is

• Visit honeypot.is
• Select “BSC” and enter the contract
• It simulates a buy/sell and tells you if selling works

3. Test Transaction Approach If you’re determined to try a suspicious token:

1. Buy the absolute minimum amount possible
2. Immediately try to sell a portion
3. If the sell fails, you’ve lost a small amount but confirmed it’s a honeypot
4. If the sell works, proceed with caution—some honeypots allow initial sells but block later ones

Common Honeypot Patterns

Phishing & Social Engineering

Not all scams are smart contract-based. Many target you directly through deception.

Fake Websites (Typosquatting)

Scammers create websites that look identical to legitimate platforms but have slightly different URLs:

• pancakeswap.finance (real) vs pancakeswap.com (fake)
• bscscan.com (real) vs bscscan.io (fake)
• trustwallet.com (real) vs trust-wallet.com (fake)

These sites prompt you to enter your seed phrase or connect your wallet, then drain your funds.

Defense: Bookmark official sites. Never click links from emails, DMs, or search results. Type URLs manually or use bookmarks.

Fake Support on Telegram/Discord

A common pattern:

1. You ask a question in a project’s Telegram/Discord
2. Someone DMs you claiming to be “support” or an “admin”
3. They ask you to connect your wallet to a “validation” site
4. The site drains your wallet

Reality: Legitimate support will never DM you first. They will never ask for your seed phrase. They will never ask you to “verify” or “sync” your wallet.

Airdrop Scams

You see tokens appear in your wallet that you didn’t buy. The token name might be a URL like Free-BNB.com. These are designed to:

1. Get you to visit the URL
2. Prompt you to “claim” or “sell” the tokens
3. Ask for a wallet connection that grants malicious approvals

Defense: Ignore unexpected tokens. Don’t visit URLs that appear as token names. Don’t try to sell or interact with unknown tokens.

Not sure what a seed phrase is? Your seed phrase (12-24 words) is the master key to your wallet. Anyone who has it controls your funds.

Smart Contract Approval Risks

When you interact with DeFi protocols, you grant token approvals. These allow contracts to spend tokens on your behalf. The risk comes from over-permissive approvals.

How Approval Exploits Work

The scenario:

1. You use a new DEX and approve it to spend your USDT
2. The approval is set to “unlimited” (the default on most sites)
3. You swap successfully and forget about it
4. Months later, the contract is exploited or turns malicious
5. The attacker uses your existing approval to drain your USDT

The problem: Unlimited approvals remain active forever unless you revoke them. If the contract has a vulnerability or the developers turn malicious, your tokens are at risk.

The Revoke.cash Workflow

Revoke.cash lets you see and revoke all your token approvals.

Monthly audit process:

1. Visit revoke.cash and connect your wallet
2. Select “BNB Chain”
3. Review all active approvals
4. Revoke approvals for:
   • Contracts you no longer use
   • Unknown contracts you don’t recognize
   • Contracts with unlimited allowances (set limits instead)
5. Pay gas fee for each revocation (small cost for security)

Approval Best Practices

Before You Interact: The Verification Workflow

Before buying any token or interacting with any contract, follow this systematic process.

5-Step Verification Process

Detailed Breakdown

Step 1: Is the contract verified on BscScan?

• Go to BscScan → Enter contract address → Click “Contract” tab
• “Verified” badge = source code is public and auditable
• Unverified contracts are immediate red flags

Step 2: Has it been audited?

• Search on CertiK, Hacken, or PeckShield
• Audit doesn’t guarantee safety, but it’s better than none
• Read the audit—look for “Critical” or “High” severity findings
• Check if findings were resolved

Step 3: Is ownership renounced?

• On BscScan, read the contract for owner() function
• If ownership is renounced, it usually shows 0x0000...0000
• If not renounced, the owner retains control

Step 4: Is liquidity locked?

• Check Team.Finance or Unicrypt for the LP token address
• Locked liquidity can’t be removed until the lock expires
• Verify the lock duration—short locks are meaningless

Step 5: What’s the community saying?

• Search Twitter for the token/project name
• Join the Telegram/Discord and observe
• Red flags: bot-like engagement, censored criticism, excessive shilling
• Green flags: technical discussions, acknowledged issues, transparent team

Save time: Use our security tools to access these verification tools from one page.

Incident Response: You’ve Been Scammed

If you’ve been victimized, quick action can limit the damage.

Immediate Steps (First 10 Minutes)

1. Revoke all approvals for the malicious contract

   • Use Revoke.cash immediately
   • This prevents further drainage

2. Move remaining funds to a new wallet

   • If your seed phrase was compromised, ALL funds in that wallet are at risk
   • Create a completely new wallet and transfer everything
   • The compromised wallet should never be used again

3. Don’t interact with “recovery” services

   • Scammers monitor victimized wallets and offer fake “help”
   • There are no legitimate services that can recover stolen crypto

Document Everything

For any potential legal action or community warnings:

• Screenshot all transactions on BscScan
• Save the contract address
• Save any communications with the scammers
• Note URLs of fake sites

Report the Scam

Accept the Reality

This is difficult but important: most stolen crypto is not recoverable.

• Blockchain transactions are irreversible
• Scammers often use mixers or bridge to other chains
• “Recovery services” that guarantee results are usually scams themselves

The best outcome is that your report helps prevent others from being victimized.

Quick Reference Checklist

Print this or save it for quick reference before any new interaction.

Before Buying a New Token

• Contract verified on BscScan?
• Checked on TokenSniffer/Honeypot.is?
• Ownership renounced or multi-sig?
• Liquidity locked for reasonable duration?
• Security audit exists and is clean?
• Real community activity (not bots)?
• Team is known or at least doxxed?
• Project has actual utility beyond speculation?

Before Approving a Contract

• Is this a known, reputable protocol?
• Am I approving a limited amount (not unlimited)?
• Do I understand what I’m approving?
• Have I verified I’m on the official site?

Before Connecting Your Wallet

• Am I on the correct URL? (Check carefully)
• Did I navigate here myself (not via link)?
• Is this a trusted site I’ve used before?
• Am I using my trading wallet (not my main holdings)?

Monthly Security Audit

• Review and revoke unnecessary approvals
• Check for unknown tokens (ignore them)
• Verify bookmarks are still correct
• Consider moving unused funds to cold storage

Related Resources

Start Here:

• Before You Trade: The Non-Negotiables — Quick security checklist

BSC.app Guides:

• Honeypot Detection Guide — Advanced detection techniques
• Getting Started with BSC Trading — New to BSC? Start here

External Security Tools:

• Revoke.cash — Manage token approvals
• TokenSniffer — Contract analysis
• Honeypot.is — Honeypot detection
• BscScan — Block explorer

Last updated: January 2026

Key Takeaways:

1. Rug pulls drain liquidity or use hidden functions—verify contract ownership and liquidity locks
2. Honeypots let you buy but not sell—test with TokenSniffer before investing
3. Phishing targets you directly—bookmark sites, never share seed phrases
4. Approvals are permanent until revoked—audit monthly with Revoke.cash
5. Verification is a workflow—use the 5-step process before every new interaction

Your best defense is skepticism. If something seems too good to be true, it probably is.