Cryptocurrency scams are happening daily in the crypto world, affecting thousands of users like you. In part I of this mini-series we talked about the importance of due diligence and some important tools like TokenSniffer and BscScan/Etherscan which can be used to investigate a token’s legitimacy and help you avoid being rugged.
If you haven’t read part one of this article, we suggest you read that first as it’s got lots of great information. Find part I here.
In part II we’ll take a more in-depth look at some tools, ideas, and strategies you can apply to detect and avoid scams whilst trading new token releases on DEXs such as PancakeSwap and UniSwap.
Table of contents
- Scam Tokens
- Some More Tools to Examine the Contracts
- Check the Liquidity Pool
- Look at the Holders
- Top receivers (from developer wallets)
- Scam coin or not? Do a test (dip your toe in)
- The Most Ideal Situation… and Tying it all Together
When searching for best new crypto to buy, your modus operandi for all tokens should be to ASSUME it’s a scam unless otherwise proven so, as the vast majority of new small-cap tokens will probably be scams. Therefore, it’s safest to just adopt the mindset of assuming that up to 99% of new tokens will be scams, and that most projects are just vehicles to siphon money out of your wallet.
New cryptocurrency launch is always exciting, but can be extremely dangerous for crypto users. Quick and easy money is the reason why some developers and crypto scammers are releasing new tokens and coins so often. It is easy and can bring huge profits for these scam devs.
So ALWAYS do your due diligence before aping in!
Some More Tools to Examine the Contracts
The token contract AKA “smart contract” is basically the “rules” of how the token works, and scammers can write all sorts of nasty tricks into them, such as mint functions or limiting the ability to sell (honeypots).
An excellent tool to check out is BSCheck– it’s easy and free to use, just paste the token contract address into their website and it’ll do a health check on the requested contract and alert you of any potential issues.
BSCheck (http://www.bscheck.eu) looks for common scams and issues like:
- Honeypot code: The scanner will detect if only certain wallets(dev wallets) are allowed to sell.
- Contract owner: If there is still a contract owner, that person could modify the code at any-time. Renouncing ownership over the contract is a common way to show that the owner isn’t up to anything devious.
- Developer wallet info: How much of the token supply do the developers and team members hold? This is important because, if they hold a large percentage of the tokens they could potentially “rug” the project by dumping their tokens on the open market.
NOTE– Just because developers and team members hold a large portion of the tokens, does not always mean it’s a scam, but it’s just something to be aware of.
Manually Examine the Contract
Head over to BscScan or Etherscan and check out the contract source code
The first thing you’ll want to check is the “Compiler Version”- MOST scams will have an older compiler version, typically v0.5.17 (for BEP-20 tokens).
Note that in the future this may change, just be aware that scams may be using older compiler versions. Furthermore, just because it’s made on the newest, or a newer compiler version, does not mean it isn’t a scam!
As you can see in the picture above, PUG_DADDY used v0.6.12, but it turned out to be a scam.
The most recent compiler for Solidity Compiler that ETH and BSC tokens use is v.0.8.10 at the time of writing this.
Scam tokens very often have v.0.5.17 (likely to 100% be a scam) and v.0.6.12 (90% possibility of a scam)being the most common versions found in scam contracts. If you see a token with these compiler versions, avoid them!
Manually Search Through the Contract
What you’ll want to type in when searching the contract is:
- “function mint”
The mint() function allows the contract owner to create new tokens whenever they want. Keep in mind that this may be needed for some legitimate projects that for example have rewards or farming options.
- selfdestruct (this is a less common function, and likely to be removed in the future rollouts of solidity)
Selfdestruct will allow the contract to be destroyed and then replaced by another completely different contract. Meaning a developer could create a really nice looking contract with a selfdestruct function, and then replace it at any moment with a totally different contract that is set up to be a honeypot or rugpull.
We don’t see this selfdestruct function often, but it’s still something to be aware of.
Check the comment section for information in the contract (the head/top of the contract)
Legitimate tokens sometimes, but not always, have relevant information about the contract at the start of it. This information may explain WHY there is a mint function (for farms or rewards) or it may give you details about their website and other project info; (TG link, twitter, website links, etc).
NOTE: Many legitimate tokens don’t have this information at the top of their contract, so this is just a small thing to be aware of. It’s just nice to see that the developers or team took the extra step to put that information in there.
When you do see that kind of information in there, it should bolster your confidence in the project, however the links in such comments may also lead to fake websites, Telegram groups, etc.
Another thing to check is the date the contract was submitted for verification.
IF the contract has several dates(more than one), this can be a red flag to stay away. It means they basically copied another contract, and re-submitted it for verification, hence why it shows twice.
Check the Liquidity Pool
Here’s how you check to see whether or not the liquidity tokens/pool looks safe.
But first, why is liquidity important?
- Liquidity: Who owns the liquidity tokens? This is important because if someone has control over the LP tokens, the other token holders can be rugged.
- Top token holders: It’s useful to see if there are any large wallets holding a significant share of the tokens, for obvious reasons, as large token holders can easily rug, or tank the price by dumping all their tokens and pulling the other (more valuable token), from the trading pair.
Locked or Burned LP Tokens?
Having a look at whether the liquidity pool tokens are either locked, or burned are two of the best ways to avoid getting rugged on a project. What is Locking or burning you say?
Developers have two options to show that their projects are not rug pulls:
They can either lock the tokens for a specific time period, or burn all of and/or a percentage of the LP tokens that they own.
If you notice that a project has done either of these, you can feel more safe because they won’t be able to rug-pull on you, using their LP tokens (there are still other ways though!)
How LP Tokens Work —
When developers want to create liquidity for their project, so that people can trade their token, the developers must first provide a token against which their project can be traded. A common example of this is what we call a “trading pair”- SHIB/USDT, MYTOKEN/BNB, AAVE/ETH, and so on.
For example, a prospective project would have to provide both MYTOKEN and some BNB tokens, in order to create an LP token.
Therefore, the developer must put up some BNB tokens in conjunction with MYTOKEN in order to create a LP token and make their project tradable on a DEX such as PancakeSwap.
When the developer provides the funds that allow people to trade, they in turn receive some amount of LP tokens, which provides ownership over some part of the whole liquidity pool. In our example above, the developer provides MYTOKEN and BNB in exchange for an LP token that demonstrates ownership of what they put in.
Essentially, LP tokens are the “proof” that they own a portion of the liquidity pool, and they can exchange these LP tokens for their stake in the liquidity pool at any time, hence why it’s important that these tokens be locked or “burned” as it denies the developers the ability to rug the project and or remove liquidity at will.
Think of it sort of like when you go to a dry cleaner. When you bring your clothes in for cleaning, you’ll get a ticket or receipt saying which set of clothes are yours. When you come back to pick up your clothes, you show the ticket/receipt and then you get your clothes back!
LP tokens work similarly in that you put BNB+MYTOKEN in, and in exchange you get an LP token that says “this is how many BNB tokens and MYTOKEN tokens you put in.” There is also a very important topic of the impermanent loss which matters to all LP providers, stakers and yield farmers, but we’ll not discuss it here. Just keep in mind that if you own LP tokens — you can be rugged as well. If some Bob exchanges a huge amount of their worthless MYTOKEN for BNB, then all the LP providers would now own “almost zero BNB and way more MYTOKEN tokens than they put in”, and your LP tokens have now lost all the value, because Bob drained all BNB out of the pool.
With regards to our dry-cleaner example it’s the same as someone bringing a bunch of fake tickets and taking all other people’s clothes.
Locked liquidity and burned LP tokens in general are good because the developers/team no longer have access to the liquidity pool tokens, meaning they CAN NOT remove the liquidity from the DEX.
Burning LP tokens
The more secure way to avoid a rug pull is for the LP tokens to be burned. This is accomplished when developers send their LP tokens to a burn address.
A burn address that is often used is 0x000…00dEad. (note the dead at the end of the address). SOMETIMES, the burn address will just contain zeros and no “dEaD” at the end.
Below you can see an example of a token that burned 50% of their LP tokens
Note- If a developer burns 50% of the tokens but keeps the other 50% they’ll still essentially own 100% of the liquidity, which would make it very easy for them to rug the project.
Locking LP tokens
Another common way to show good faith is to lock the LP tokens into a smart contract. Typically, there is a time limit for how long the tokens are locked, and it is usually made known to the public (1 year, 6 months, etc.)
Note– Some project may “fake” lock their tokens by only locking them for a few days, so it’s important to verify this!
How to Check if the LP Tokens are Locked?
Check out https://deeplock.io/safe to see tokens that use the DeepLock liquidity locker.
This tool will tell you what percent of the token supply is locked and for how long.
Keep in mind this isn’t the only tool to see if tokens are locked or not.
How locked tokens look on BscScan/Etherscan
Sometimes you’ll see an icon(looks like a little piece of paper) next to a contract address, which may indicate that tokens are locked.
It might look like this:
NOTE- Locking and burning tokens takes some time. If you spot a token listed within the first few minutes but don’t see the LP tokens locked or burned yet, it does not necessarily mean it’s a scam! It could just mean the developer has yet to lock/burn the tokens, so just check back sometime later to verify.
It’s an outstanding tool that’s super easy to use! We highly suggest you make use of it when doing your research about a token.
Look at the Holders
First, head over to BscScan or Etherscan and check out the holder page.
Looking at the token holder page will give you a good idea of what the developers have done with the tokens, who holds a lot of the tokens, and other useful information.
In the example above you can see that a large portion of the tokens have been sent to a burn address, which is usually a good thing, reducing the number of available tokens and making the tokens that are left more valuable.
Below that (the second address) you can see a large number of tokens. It’s not clear what the wallet is for, but it may have some purpose such as swapping an older version of tokens to new ones.
When looking for best cryptocurrency to buy, it is always a good idea to scrutinize these holdings and transactions, because as mentioned above, developers can “fake” burn LP tokens. Meaning they’ll burn 50% of the LP tokens, but keep the other 50%, essentially still owning 100% of the liquidity and therefore can easily rug the project.
YOU CAN ALWAYS REACH OUT AND ASK
Feel free to find the project’s Discord or Telegram group and inquire with the developers and/or project members about what’s going on with a specific address and/or TX.
Hopefully, they can provide you with a satisfactory answer. Be suspicious of any sort of response that feels like disregard or trying to sweep it under the carpet, as this should make you distrustful of their intentions.
Address 3 in the image above are the LP tokens on Pancakeswap which are used for buying and selling.
The other addresses might be wallets that are used for “PR” purposes, “Dev funds”, or they may just be normal people who bought large shares of the tokens.
Top receivers (from developer wallets)
Sometimes, the developers will distribute their tokens across multiple wallets to obfuscate the fact they still own the tokens.
What to do?
Check to see if the developer wallet sent even or like-kind amounts of tokens to other wallets —- these transactions usually take place all at the same time or within a short period of one another.
Another trick is to see who made buys/purchases right after the LP token was created. If a large buy happens within the first few minutes of creating the LP token, it is probably one of the developer’s wallets and indicates a potential scam or rug.
You can use https://poocoin.app/rugcheck to check for top receivers.
Scam coin or not? Do a test (dip your toe in)
If you’re interested in a token and think it’s really gonna run and don’t want to be left behind, just do a simple test.
Buy the smallest amount possible and then try to sell it. If you’re able to buy and sell without any issues, this might indicate the project is not a honeypot.
This simple test is an easy and quick way to potentially save yourself from losing massive amounts of your funds to honeypots!
The Most Ideal Situation… and Tying it all Together
When researching newest cryptocurrency, ideally, the best tokens should have the following criteria:
- nearly 100% of the tokens turned into an LP token on the exchange
- no pre-sale
- no mint function
- no self destruct function
- renounced ownership of the contract
- burnt 100% of LP tokens/and or some type of liquidity lock for a period of time
Needless to say, even tokens that check all of these boxes may wind up flopping because they lack traction on social media, or basically, no one knows about them, and they never gain enough exposure.
So just because the token looks great may not mean it’ll run. This also applies to the opposite situation, where a token may not check all the safety guidelines but has a lot of hype and great social presence, therefore allowing it to gain a lot of traction and run hard.
That being said, these are just some ‘general’ guidelines, and the rules can be broken, of course. The next big cryptocurrency may have legitimate reasons for not renouncing ownership or keeping lots of tokens out of the LP pool for things like developer funds, promotions, early investors, and so on.
Just because something doesn’t meet these ideal conditions doesn’t mean it’s not a great project or a hidden gem, as we all know we don’t live in an ideal world.
The altcoin world in a lot of ways is like the Wild West — full of potential and amazing rewards, but also somewhat lawless and riddled with scammers and potential threats.
Hopefully, this two-part series has given you the tools you need to avoid scams, and get the most out of ListingSpy!
Once again, this isn’t a 100% comprehensive guide, and it’s impossible to fully avoid scams if you are active in the space, but by following part I and part II you’re likely to eliminate most scams. We say this because scammers are constantly coming up with new tricks and ideas to fool other crypto users!
Remember: All newest coins should be treated as buyer beware, and doing your own research is one of the best ways to protect from scams and keep your profits secure from the prying hands of swindlers and scammers!
Best crypto can be found early with prudent due diligence and tools like ListingSpy with its awesome scam filter, real time listings, sorting, and other features, and various tools like Token Sniffer and Etherscan/BscScan. Scam coins can be avoided (at least most of them!) when you use great crypto analytics tools and have a good process to follow.
If you are still using a Free version of ListingSpy, please consider upgrading to Standard, Premium or Exclusive to get access to more powerful features.
Don’t forget to check us out on Twitter for updates and promotions – https://twitter.com/ListingSpy
Join our community on Telegram to chat with us or other community members about hidden gem tokens – https://t.me/listingspynet
Best of luck Spys!