Honeypots, Rug pulls, and TokenSniffer (For Dummies)
Identifying scams and resources to help you avoid them.
Welcome, Crypto Dummies!
If you’re new, this substack is focused on educating those of you that know nothing about crypto and blockchain technology.
For those that tuned in last week, we went through an overview of Etherscan, one of the most important tools to master as you get into the crypto universe.
Last week I mentioned we would take another look at IPFS part 2, but after covering Etherscan there is a more important topic at hand.
Honeypots, Rugpulls, Crypto Scams, and how to identify/avoid them.
Note: Don’t worry we will get back to covering IPFS next week. After the post on Etherscan, the next step is learning what crypto scams are out there, how to identify them, and how to use Etherscan to find and avoid scams.
With that being said, let’s get started.
First things first, what in the world is a honeypot?
If you’re familiar with the hype that came with the $SQUID coin last year you’ll be somewhat familiar with honeypot scams.
A honeypot scam is essentially a crypto project where your money gets stuck in the ‘honeypot’ and you cannot get it out.
Token creators insert a piece of code into the token contract that will only allow them and the wallets they verify to sell tokens.
Once the token launches people start buying, and inevitably the price of the coins go up. This attracts other buyers, they see the coin going up and think “Wow this is amazing, let me get in on this while I can.”
As the coin goes on its run there are typically none or very few sell orders. Traders will stay in the coin on the ride up and will try to cash out when they feel like it’s enough.
This is when they realize, they can’t sell. Unless your wallet address has been specified in the contract, you’re out of luck.
This exact thing happened with the $SQUID coin. Despite having only an option to buy and no option to sell, the hype surrounding the Netflix series, and a promised opportunity to play the virtual squid games attracted many innocent buyers. Once the price hit just over $2800 the developers took the money and ran leaving nothing but worthless tokens behind.
Okay, so what’s a Rug pull?
Imagine yourself standing in the living room on top of a carpet. Suddenly your brother/sister comes along and pulls out the rug from underneath your feet. You lose your balance and fall face first.
This is a rug pull, you have essentially lost the support where you were standing.
The same rules apply to crypto projects.
When you buy into a newly launched token or project, these are usually supported by a liquidity pool on a DEX (decentralized exchange).
This liquidity pool is a collection of funds locked into the protocol/contract to provide a pool for traders to buy and sell coins rather than waiting for orders to be filled.
When scammers launch a rug pull (rug for short). They attach a liquidity pool to it and wait for people to start buying in. Once the token has gained enough traction and enough people have bought in, the contract creator will pull the liquidity pool, run off with the money and leave everyone with a completely worthless token.
How can I protect myself against Honeypots and Rugs?
One of the first things you want to do, if you haven’t already, is checking out the latest post covering Etherscan and familiarize yourself with how to navigate, find, and track wallets and tokens on Etherscan.
Link:
Research, research, research. Cannot stress this enough.
Before buying into any new crypto projects do your due diligence.
Find the Token address for the coin you are considering buying. Track the token on Etherscan and be on the lookout for one of a few red flags:
Whale holders. If you search through Etherscan and find that only a handful of holders have the majority of the keys, stay away. This can be an indicator of a rug and the developers are just waiting for their chance to dump on buyers.
No audit. If a project is audited by a well-known auditing company, the chance of it being a rug can be eliminated.
Familiarizing yourself with how to navigate and track wallets and tokens on Etherscan will give you a competitive edge, and help you sift through the scams to find real projects with utility.
Let’s introduce one more resource to help you avoid scams.
Token Sniffer
Token Sniffer is much easier to use than Etherscan.
Simply enter the token address in the top right corner and Token Sniffer will provide information regarding exploits and contract audits.
Keep an eye out for the ‘Smell test’ (Automated Audit)
The Automated audit will give you a quick summary of the most important information to tell if the token is safe.
Token Sniffer also has a section of the latest Scams & Hacks, you can search through the list and see if a token you considered buying appears on there.
Wrapping it up, and more food for thought
Scams, Honeypots, Rugs.
None of these are new concepts in the crypto universe.
As cryptocurrencies and blockchain technology gain more traction and attention, more opportunities for malicious developers also come with it. Scam coins, rugs, and honeypots will continue to pop up throughout the blockchain space, and the best way to protect yourself is to do your due diligence, research, take advantage of the public ledger and actively monitor wallets and tokens.
Oh, and one more thing.
Be aware of ‘slow rugs.’
These are projects where developers will create a legitimate token and distribute large amounts of the tokens across wallets that only they have access to.
These can be VERY hard to detect, but your most reliable method is to search through Etherscan for wallets that have the same percentage amount of tokens. (This can be a dead giveaway that the contract creator is planning to ‘slow rug’)
Avoiding scams is not easy, and can be even more challenging when new scams pop up nearly every hour.
Your best line of defense is to do your research, learn how to use the tools available, and learn how to decipher between projects with utility and pump and dump scams.
That’s it for today Crypto Dummies!
Do your research and stay safe out there!