Honeypot

Intermediate

Key Takeaways

  • In crypto, a honeypot is a scam designed to lure users into depositing funds or buying tokens that they cannot sell or withdraw.

  • Honeypots share characteristics with rug pulls but differ in that the trap is built into the contract or wallet mechanics rather than through a sudden liquidity removal.

  • The two main types are token honeypots (malicious smart contracts that allow buying but block selling) and wallet honeypots (fake seed phrases or private keys shared by scammers).

  • Free simulation tools can check whether a token allows selling before you buy, reducing exposure to this type of scam.

What Is a Honeypot?

In computer security, a honeypot is a decoy system set up to detect or study unauthorized access attempts. In the context of cryptocurrency, the term has taken on a more specific meaning: a scam mechanism designed to attract users with the promise of easy gains, while trapping their funds so they cannot be recovered. The two meanings are related by analogy, both involve bait, but the crypto version refers specifically to a fraudulent scheme rather than a defensive security tool.

How Honeypots Work in Crypto

Crypto honeypots generally fall into two categories: token honeypots and wallet honeypots. Both exploit the appearance of a legitimate opportunity to deceive users into committing funds.

Token honeypots

A token honeypot is a malicious smart contract deployed on a blockchain such as Ethereum, BNB Smart Chain, or Solana. The contract is coded to allow anyone to buy the token, but it blocks or heavily penalizes selling for all wallets except the scammer's. Common mechanisms include silently blacklisting buyer addresses, inserting hidden sell taxes of 99-100%, or reverting sell transactions through logic that only applies to non-owner addresses.

From the outside, the token may look like any other: it has a ticker, it shows trading volume on DEX trackers, and the price may be rising. Users who buy in discover only later, when they attempt to sell, that the transaction fails or that nearly all the value is taken as a fee. The scammer then drains the liquidity pool.

Wallet honeypots

A wallet honeypot involves a scammer publicly sharing a private key or seed phrase for a wallet that appears to contain valuable assets, often stablecoins such as USDT. When a user imports the phrase and attempts to move the funds, they find the wallet is either controlled through multi-signature requirements only the scammer holds, or that the token contract has blacklisted the address so transfers fail. In some variants, the wallet appears to need ETH for gas fees; the user sends ETH to cover fees, which is then automatically swept out by the scammer before any transfer can be completed.

How to Identify and Avoid Honeypots

Before buying a new token, simulation tools such as Honeypot.is or the GoPlus Security API can run a test buy and sell against the contract to check whether a sell transaction would succeed. A token that passes a simulated buy but fails on a simulated sell is a strong indicator of a honeypot. Other warning signs include anonymous development teams, unlocked liquidity, ownership not renounced, and unusually high sell taxes.

For wallet honeypots, the most reliable protection is straightforward: never import a seed phrase or private key that you did not generate yourself. Legitimate protocols and wallets do not require you to enter someone else's credentials. If an unknown party shares wallet access credentials and claims there are funds available to claim, treat it as a phishing attempt.

In both cases, the underlying principle is the same: if an opportunity requires you to commit funds before you can verify that you can recover them, verify first. Irreversible transactions cannot be recalled once confirmed on-chain.

FAQ

What is a honeypot in crypto?

In crypto, a honeypot is a scam that tricks users into sending funds or buying tokens they cannot later sell or withdraw. The term originates from classic cybersecurity, where a honeypot is a decoy system used to detect attackers. In crypto, it refers to a trap designed around a fraudulent smart contract or a manipulated wallet.

What is a honeypot in crypto and how do I spot one?

Token honeypots allow buying but block selling through hidden contract code. Wallet honeypots involve seed phrases shared by scammers for wallets that appear funded but cannot be accessed. You can check tokens using simulation tools like Honeypot.is before buying. For wallets, never import seed phrases from unknown sources.

Is a honeypot the same as a rug pull?

They are related but different. A rug pull typically involves developers removing liquidity from a token pool after attracting enough buyers, collapsing the price suddenly. A honeypot prevents selling at the contract level, so the price may continue to appear stable while individual buyers find they cannot exit. Some scams combine both mechanics.

Can lost funds be recovered from a honeypot scam?

In most cases, funds lost to a honeypot scam cannot be recovered. Blockchain transactions are irreversible by design. Some law enforcement agencies and blockchain analytics firms have successfully traced and frozen assets linked to large-scale scam operations, but this is the exception rather than the rule. Prevention through due diligence before committing funds is more effective than recovery attempts after the fact.

Further Reading


Disclaimer: This content is presented to you on an "as is" basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal, or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the content is contributed by a third-party contributor, please note that those views expressed belong to the third-party contributor, and do not necessarily reflect those of Binance Academy. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. For more information, see our Terms of Use, Risk Warning and Binance Academy Terms.
Kopīgot ierakstus
Saistītās vārdnīcas