Security
What Is a Honeypot Token, and How Do You Spot One Before Buying?
A honeypot token lets you buy but never sell. Learn how these scam contracts work at a high level, which warning signs to check before buying, and what to do if you are already stuck.
If you spend time around newly launched tokens, you have probably heard a story like this: someone spots a token that has been climbing all day, buys in, and watches their position "double" on paper. Then they try to sell — and the transaction fails. The chart keeps going up, everything looks normal, but their sell order never goes through. This is a honeypot token: a scam contract designed so that ordinary buyers can buy, but cannot sell.
The core of a honeypot is simple. The token's smart contract contains hidden restrictions that block normal selling, or take almost everything as a "fee" when you try. The scammer manufactures a rising chart to attract buyers, and once enough money has flowed in, they drain the liquidity. The gains you see in your wallet were never withdrawable in the first place.
To be clear: this article is about recognizing and avoiding honeypots. We will not discuss how such contracts are built. Understanding that they exist, and how they look from the outside, is one of the first self-defense lessons for anyone trading on-chain.
Why you can buy but cannot sell
On a decentralized exchange, buying and selling are both on-chain interactions with a liquidity pool, and a normal token treats both directions the same. A honeypot contract sabotages the selling path. At a conceptual level, the common patterns include:
- Blacklists or whitelists. The contract keeps a list of addresses. Regular buyers get restricted after buying, while only the deployer or approved addresses can sell.
- Extreme sell taxes. The buy tax looks reasonable, but selling triggers a 90% or even 100% "fee" — technically you can sell, practically you get nothing back.
- A pause switch. The deployer keeps a control that can disable transfers or sells at any moment.
- Rules that change after launch. The contract lets the deployer modify taxes or limits later. It behaves normally at launch, then turns into a trap once enough money is inside.
What these tricks share is that the rules live inside the contract, where a casual buyer never looks. That is why checking before you buy matters so much more than complaining afterward — once you are in, there is essentially no way out.
Warning signs to check before buying
No single indicator proves a token is a honeypot, but when several of these stack up, the risk is very high:
- The contract is not verified. Legitimate projects usually verify their source code on Etherscan, BscScan, or the relevant explorer. If the code is unreadable, you cannot know what rules are inside.
- Buys only, almost no sells. Look at the token's trade history on the explorer or the DEX. If a "hot" token shows an endless stream of buys but few or no successful sells — or sells only from a handful of fixed addresses — that is the classic honeypot fingerprint.
- Highly concentrated holdings. Check the holder distribution. If a few addresses hold most of the supply, the deployer can dump or drain at will.
- Tiny or unlocked liquidity. A shallow pool, or liquidity tokens that are not locked, means the team can pull the pool at any time.
- Suspicious promotion. The token is pushed only through DMs, group chats, and comment sections by strangers, with no verifiable website, docs, or community — just urgency to "get in now."
- A chart that only goes up. Real markets fluctuate. A curve that climbs with almost no pullbacks often means nobody is able to sell.
Public tools that can help
A few minutes of checking filters out most honeypots:
- Block explorers. Search the contract address on Etherscan, BscScan, or the chain's explorer. Check whether the contract is verified, review the holder distribution, and read the actual transfer history.
- Honeypot checker sites. Some public tools simulate a buy and a sell to test whether the token can actually be sold and what the effective taxes are. They are not guarantees — contracts can be built to evade simulations — but they work as a first filter.
- DEX trade history. Look directly at recent trades on the pair and confirm that successful sells exist from multiple ordinary addresses, not just one or two insiders.
- Token security scanners. Some tools flag risky contract properties automatically, such as modifiable taxes, blacklist functions, or ownership that has not been renounced.
Remember: a clean scan result does not mean the token is safe. Scammers study these tools too. Automated checks rule out the obvious traps; they do not replace your own judgment about where the token came from.
Already bought and cannot sell — now what
If your sell keeps failing, first rule out ordinary causes: slippage set too low, or not enough gas. Try a very small sell with higher slippage. If nothing goes through under any settings, you are likely holding a honeypot. In that case:
- Stop putting money in. Ignore claims that buying more will "unlock selling" or that paying a tax will release your funds. These are second-round scams aimed at victims.
- Avoid "support agents" and "recovery tools." Anyone who claims they can sell a honeypot token for you is almost certainly phishing for the rest of your wallet.
- Check and revoke related approvals. If you granted any approvals to the suspicious contract or site during the process, revoke them so your other assets are not exposed.
- Accept the loss. On-chain transactions are irreversible, and recovery is extremely unlikely. Treat it as tuition and focus on protecting what remains in your wallet.
- Report it. You can flag the contract on the block explorer and report the accounts that promoted it, which may spare the next person.
Pre-buy checklist for new tokens
- Is the contract source code verified on the block explorer?
- Do the trades show successful sells from multiple ordinary addresses?
- Is the supply concentrated in a few wallets?
- Is the liquidity reasonable in size, and is it locked?
- Have you run the token through a honeypot checker?
- Did you find the project through a verifiable official channel, or through a stranger's DM?
- Can you afford to lose this money entirely?
If any answer gives you pause, stop. There is always another token; missing one costs you nothing, while buying into a honeypot leaves almost no way back.
FAQ
Is a honeypot the same as a rug pull? They overlap but are not identical. A rug pull broadly means the team drains liquidity or disappears with funds; a honeypot specifically means the contract prevents you from selling. Many honeypots end with a rug pull anyway.
If a honeypot checker says the token is safe, can I trust it? No. Checkers only simulate the contract's current state. Some contracts change their rules after launch, and some are built to fool simulations. Use checkers as a first filter, not a guarantee.
Does a failed sell always mean a honeypot? No. Low slippage, insufficient gas, or a token with transfer taxes you have not accounted for can all cause failures. Test with a tiny amount and adjusted slippage first; suspect a honeypot only when nothing works.
Someone says I can sell after paying an "unlock fee." Is that real? No. That is a follow-up scam targeting victims. Refuse anything that asks you to send more funds or sign new approvals to "unlock" or "recover" your money.
Related reading
- How to Check a Web3 Project Before Connecting Your Wallet
- What Is a Token Approval, and How Do You Check and Revoke It?
- What Is a Wallet Drainer, and How Can Beginners Avoid It?
- What Is a Crypto Airdrop, and How Do You Claim One Safely?
- What Does DYOR Mean, and How Do Beginners Actually Do It?
References
- Etherscan: Verified Contracts - https://etherscan.io/contractsVerified
- MetaMask Help Center: Staying safe in Web3 - https://support.metamask.io/stay-safe/
- Ethereum.org: Ethereum security and scam prevention - https://ethereum.org/en/security/