Honeypot scams are elaborate cyberattacks conducted through decentralized smart contracts. These contracts were originally meant to facilitate decentralized transactions on the blockchain, but are not being misused by scammers. They design some clauses in them to defraud innocent people after luring them with the prospect of unbelievably high returns. The people who buy such coins find themselves unable to sell them later and end up being stuck with them.
In this article, we’ll tell you all we know about it and how you can protect yourself, but first, let’s start with a real-life honeypot scam and see how it unfolded.
Introducing Honeypots: The Case of the Fake MetaMask Token
MetaMask is perhaps the biggest crypto wallet provider in the world. With more than 10 million monthly active users, MetaMask has grown by leaps and bounds over the last few years. Its ease of use, versatility, and integration with most coins on popular exchanges make it a good choice for anyone looking for a reliable online crypto wallet.
Hence, it came as no surprise when MetaMask announced the launch of its native token, MASK, on exchanges. People were sold. They were eagerly waiting to lap up MASK tokens as soon as they arrived in the market.
Seeing the anticipation and enthusiasm of buyers, a few scammers decided to whip up a fake token on the popular DeFi trading platform DEXTools and advertise it as the real deal. They exploited a loophole in the platform’s code to convince people of the token’s legitimacy.
Buyers began buying up the token in no time, only to discover that in a while that they weren’t able to sell them. This is precisely what a honeypot scam looks like.
Honeypot scams involve a lure and a catch. Unsuspecting people become party to the smart contract, only to later realize that their funds have been illegally drained by the creator of the contract. Before they know it, the money is siphoned into an account that is unrelated to the project and inaccessible to users.
In the case of the MetaMask token, the scammer coded the smart contract to prevent people from selling their tokens as soon as the WETH/MASK pair hit more than $1 million in liquidity. Once it did, unfortunate buyers who were still holding tokens found themselves out of their money.
By the end of it, the scammer transferred over 475 ETH (worth more than $1.8 million at the time) to an unconnected address. That was it. The authorities are still looking for the perpetrators but it’s been four months, and there are no leads yet.
A scam of this nature involves luring investors into becoming parties to smart contracts that look promising at a glance but contain hidden traps at the backend. That’s why they’re called honeypots.
Stages of a Honeypot Scam
The reason why honeypot scams are so common is that an attacker does not need specialized knowledge to make a smart contract of this sort. A regular blockchain user with average skills could also pull this off. A honeypot operation usually consists of a computer, a bunch of pre-designed smart contracts, and a public network.
Here’s how a typical honeypot scam works:
- The attacker creates a fraudulent smart contract and legitimizes it to attract users. This could be done by running an ad campaign, launching the scam on trusted platforms, or making use of pop-ups to convince users.
- These smart contracts are usually baited with incentives for buyers. For instance, in the MetaMask scam, the incentive was easy money in case there was a huge short-term rally.
- Only after buyers put their money into the honeypot do they realize that they’ve been taken advantage of, because their capital becomes inaccessible shortly. They are stuck as they can’t sell the tokens or get their coins back into their wallets without the permission of the creator.
- The attacker uses the increasing liquidity to pump prices and eventually sell a large percentage of their holdings at a huge profit.
The act of pumping prices illegitimately before selling a large holding and disappearing with the funds is called a “rug pull.” Buyers are generally left with a valueless asset when creators pull the rug without warning.
A rug pull is usually the most integral component of a honeypot scam. While there are other types of scams that don’t involve a rug pull, most do. It is very important for investors to know what this looks like and try to stay as safe as they can.
Tips To Avoid Honeypot Scams
One of the main characteristics of a honeypot scam is the inability of buyers to sell the tokens purchased. The smart contracts used are designed to prevent selling as soon as a preset threshold in liquidity is achieved. Hence, one of the most basic tests buyers can perform before purchasing a token is to check its trading history.
If buyers have been able to sell or buy the coin at any price point in the past, the project is one step closer to being genuine. Other steps include:
- Gauging whether the project “guarantees” unrealistic returns.
- Checking if the token has a significant social media presence across open platforms like Reddit or Twitter.
- Making sure that the official website of the token is secure.
If a URL begins with https:// instead of http://, it is generally considered safe to use. This, however, does not guarantee absolute protection.
Honeypot scams are becoming more common as more and more people are beginning to dip their toes into crypto waters. Reliable exchanges like CoinSwitch offer an easy way to buy cryptocurrencies directly through INR without compromising on security but do your own research in any case.
Download the CoinSwitch app now!
Disclaimer : Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. The information provided in this post is not to be considered as investment/financial advice from CoinSwitch. Any action taken upon the information shall be at user's own risk.
Table of content
Subscribe to Our Newsletter with exclusive content.