What is a Honeypot?
A honeypot is a malicious smart contract disguised as a legitimate investment opportunity — usually a new token on a DEX. The trap: you can buy the token but you cannot sell it. Your funds are locked forever.
The name comes from cybersecurity, where a “honeypot” is a decoy system designed to attract and trap attackers. In crypto, the honeypot traps regular investors.
How a Honeypot Works
1. Attacker creates a new token contract with a hidden function
2. Attacker adds liquidity to a DEX pool (makes it tradeable)
3. Users buy the token — this works fine
4. Users try to sell — the contract reverts the transaction
5. Attacker removes the liquidity ( rugs the pool)
6. Users are left with worthless, unsellable tokensThe Hidden Code
The contract’s transfer() or sell() function contains a condition like:
function transfer(address to, uint256 amount) public {
require(msg.sender == owner, "Not authorized");
// Only the owner can sell — everyone else is trapped
}Or more subtly:
function _transfer(address from, address to, uint256 amount) internal {
if (to == DEX_PAIR_ADDRESS) {
revert(); // Can't sell back to the DEX
}
// Normal transfers between users still work
}The second pattern is sneakier — you can transfer tokens between your own wallets (making the token look functional) but you can never sell on a DEX.
Red Flags of a Honeypot
| Red Flag | Why It Matters |
|---|---|
| No code audit | No independent verification of safety |
| Contract not verified | Source code hidden — can’t inspect for traps |
| Can buy but nobody seems to sell | Check etherscan — if all sells fail, it’s a honeypot |
| Extremely high “token price” | Artificial price with no real exit liquidity |
| Token promoted in Telegram/Discord | Social pressure + urgency tactics |
| Very new contract with sudden volume | Often the setup phase before the rug |
How to Check for Honeypots
1. Use Honeypot Checkers
| Tool | URL | How It Works |
|---|---|---|
| Token Sniffer | tokensniffer.com | Automated contract analysis + trust score |
| Honeypot.is | honeypot.is | Simulates buy + sell transaction |
| GoPlus Security | gopluslabs.com | API-based token security data |
| DexScreener | dexscreener.com | Shows security warnings on token pages |
| RugCheck | rugcheck.xyz | Analyzes token + liquidity for red flags |
2. Check on Etherscan
- Find the token contract on Etherscan
- Verify the contract is open source (verified ✓)
- Read the
transfer()function — look for unusualrequire()orrevert()conditions - Check if there’s a
maxTxAmount,maxWalletAmount, ortradingEnabledflag - Check transaction history — are there successful sell transactions?
3. Check Liquidity
- Is the liquidity locked? Use Unicorn Ultra (UNCX) or PinkSale to verify.
- Is the liquidity sufficient relative to market cap?
- If liquidity = $10k and market cap = $2M, even without a honeypot you can’t exit.
Honeypot vs Rug Pull
| Aspect | Honeypot | Rug Pull |
|---|---|---|
| Mechanism | Contract blocks sells | Liquidity is removed |
| When it happens | From the start (designed to trap) | After building trust |
| Token remains | Yes (unsellable) | Yes (worthless, but tradeable) |
| Detection | Simulate sell transaction | Check if liquidity is locked |
A honeypot is often combined with a rug pull: the attacker traps buyers AND removes liquidity.
Frequently Asked Questions
Q: Can I recover funds from a honeypot? A: Almost never. The contract is designed to prevent exactly that. Some white-hat hackers can exploit bugs in the honeypot contract itself, but this is rare.
Q: Are honeypots illegal? A: Creating a honeypot is fraud. But in DeFi, there’s no authority to prosecute. The contract creator is often anonymous.
Q: Do honeypots happen on centralized exchanges? A: No. CEXes list tokens after review. Honeypots only exist on permissionless DEXes like Uniswap where anyone can create a token.
Q: What’s the difference between a honeypot and a sell tax? A: A legitimate sell tax (e.g., 5%) reduces your output but still allows selling. A honeypot blocks selling entirely. Some honeypots disguise themselves with a “99% sell tax” that’s effectively the same as blocking.