Back to all guides
Security 11 min read

Detecting Honeypots and Rug Pulls

Protect yourself from scam tokens with these essential detection techniques and tools.

Detecting Honeypots and Rug Pulls

The BSC ecosystem is full of opportunities, but also full of scams. Honeypots and rug pulls have cost traders millions. This guide teaches you how to identify and avoid them.

What is a Honeypot?

A honeypot is a scam token that appears to be a legitimate investment but is designed to prevent you from selling. You can buy, but you can’t sell (or only at a massive loss).

How Honeypots Work

  1. Developers create token with selling restrictions
  2. Token appears to pump
  3. Early buyers seem to profit
  4. You buy at the top
  5. You try to sell but transaction fails
  6. Developers dump their tokens
  7. Price crashes to zero

Common Honeypot Mechanisms

  • Transfer taxes: 100%+ sell tax
  • Blacklist: Your address blocked from selling
  • Paused transfers: No one can sell
  • Owner privileges: Only owner can sell

What is a Rug Pull?

A rug pull is when developers abandon a project and steal investors’ funds, typically by:

Types of Rug Pulls

  1. Liquidity theft: Remove liquidity from pools
  2. Mint authority: Mint massive supply and dump
  3. Pause functions: Disable trading and steal
  4. Hidden minting: Hidden token creation
  5. Backdoor: Admin functions to steal funds

Warning Signs

  • Anonymous team
  • No audit
  • Excessive supply
  • Unlocked liquidity
  • Copy-pasted code

Essential Security Tools

Token Sniffer

  • Free honeypot detection
  • Score-based risk assessment
  • Contract analysis
  • liquidity verification

DexScreener

  • Trading charts and volume
  • Holder distribution
  • Recent price action
  • Pool information

BSCScan/BSCScan

  • Contract source code
  • Token holder distribution
  • Transaction history
  • Contract verification status

RugCheck

  • Comprehensive token analysis
  • Risk score
  • Mint authority check
  • Liquidity lock verification

Step-by-Step Security Check

Step 1: Check Contract

  • Contract verified on explorer
  • Source code matches token behavior
  • No hidden mint functions
  • Ownership renounced

Step 2: Analyze Liquidity

  • Liquidity locked >1 year
  • Liquidity >$10K minimum
  • Lock verified on explorer
  • No emergency withdraw functions

Step 3: Review Tokenomics

  • Fair launch or reasonable presale
  • No excessive team allocation
  • Supply distribution reasonable
  • Burn tokens if any

Step 4: Test Transactions

  • Try small test buy
  • Try selling immediately
  • Check slippage settings
  • Verify transaction succeeds

Step 5: Check Socials

  • Team doxxed or verifiable
  • Active community
  • Regular updates
  • Professional communication

Advanced Detection Techniques

Analyzing Transfer Tax

Check if sell tax is significantly higher than buy tax:

Buy tax: 0-5%
Sell tax: 50-100% → Honeypot

Checking Holder Distribution

DistributionAssessment
Top 10 wallets >80%High risk
Top 10 wallets 40-80%Moderate
Top 10 wallets <40%Better

Monitoring Buy/Sell Ratio

  • Mostly buys, few sells → Honeypot warning
  • Balanced activity → Legitimate
  • Mostly sells, no buys → Dumping

Checking Liquidity Pool Age

  • New pool (<24 hours) → Higher risk
  • Older pool (>1 week) → More established
  • Verified lock on older pools → Good sign

Red Flags Checklist

🚨 Critical (Don’t Buy)

  • Honeypot detected by Token Sniffer
  • Liquidity not locked
  • Mint authority not renounced
  • Contract not verified

⚠️ Warning (Proceed with Caution)

  • Anonymous team
  • Recent token age
  • Excessive marketing
  • Unrealistic promises

✅ Green Flags (Probably Safe)

  • Audited contract
  • Doxxed team
  • Long-term liquidity lock
  • Verified lock on explorer

Common Scam Patterns

The “Influencer” Token

  • Promoted by influencers
  • No real product
  • Anonymous developers
  • Liquidity quickly removed

The “Fair Launch” Scam

  • Claims fair launch
  • Actually has presale allocation
  • Developers dump after launch
  • No real community

The “Copy Cat” Token

  • Copies popular token name
  • Similar branding
  • Different contract
  • Designed to confuse

The “AI Trading” Token

  • Promises AI-powered trading
  • No real technology
  • High marketing budget
  • No verifiable track record

What to Do If You Get Caught

Before Buying

  1. Always do the security check
  2. Start with small amounts
  3. Set up alerts for unusual activity
  4. Monitor your positions

If You Suspect a Scam

  1. Don’t buy more
  2. Try to sell what you have
  3. Warn others in community
  4. Report to appropriate channels

After a Rug

  1. Document everything
  2. Report to authorities if applicable
  3. Learn from the mistake
  4. Move on, don’t chase

Tools Summary

ToolPurposeCost
Token SnifferHoneypot detectionFree
DexScreenerCharts and analysisFree
BSCScanContract verificationFree
RugCheckComprehensive securityFree
Honeypot.isHoneypot testingFree

Best Practices

  1. Always verify before buying
  2. Start small on new tokens
  3. Use multiple tools for confirmation
  4. Stay updated on new scam patterns
  5. Never invest more than you can lose
  6. Trust your instincts - if it seems too good…

Conclusion

Scams are unfortunately common in DeFi, but they’re not invincible. By:

  • Using proper security tools
  • Following due diligence procedures
  • Recognizing warning signs
  • Managing position sizes
  • Staying informed about new scams

You can dramatically reduce your risk of falling victim to honeypots and rug pulls.

Remember: if a project seems too good to be true, it probably is. The extra few minutes spent on security checks can save you from devastating losses.