The world of cryptocurrency, DeFi, and decentralized exchanges (DEX) are unfortunately riddled with scams and tactics to swindle traders and investors out of their money.
Commonly these scams are referred to as Honeypots and Rugpulls.
The vast majority of these scams happen on either the Ethereum (Uniswap or SushiSwap) or the Binance Smart Chain (PancakeSwap).
In this article we’ll have a look at how these scams work and some tactics you can employ to avoid them.
Our main goal with this content is to help our community and ListingSpy users to avoid losing money. Education is a powerful tool, so let’s get into it and see how to avoid scams!
Table of contents
How the Scams Work
Rugpulls
When you buy a coin, it is usually attached to a Liquidity Pool.
A liquidity pool is a collection of funds which are locked in the contract and provide a “pool” for you to buy and sell coins from. Rather than waiting for someone to come along to match your buying or selling, the pools are used by the automatic market makers to allow fast and efficient trading.
What the scammers do is that they launch a new coin, attach a liquidity pool to it and wait for people to start buying coins. Once enough people have bought the coin, the scammer will pull the liquidity pool, run off with the money and leave you with a worthless coin.
You won’t find out until it’s too late. The rug has been pulled.
Honeypots
Are often less obvious to the untrained eye and therefore more difficult to detect, even for experienced crypto traders.
Experienced traders routinely fall victim to honeypots because they see a coin pumping and jump in without verifying everything first.
How do they work?
The scammers insert a piece of code into the contract which allows only their own wallets to withdraw from the coin/contract.
They launch the coin and people start buying. You see the coin pumping and think wow, this is amazing. It’s just going up and up. There’s little or no red candles on the chart. You will likely stay for a while until you think it’s enough and try to cash out. And that’s when you notice that you can’t, because the contract says nobody except specific wallets can cash out.
Your money is stuck forever and there is nothing you can do about it. The scammer can withdraw any time.
Note – some of these scams go on for days or weeks and people think they found a real gem of a coin that is going to the moon and will keep buying.
What You Can Do to Try and Avoid Scams
LEARN TO USE THE TOOLS
Beyond due diligence, there are tools to help you detect red flags and avoid common scams.
Etherscan and BscScan are two tools you can use to help you fight back against the scammers.
Here’s how they can be useful:
First, find the Token ID for your coin and enter it on the relevant blockchain scanner (BscScan/Etherscan).
On the next page, go to “Token Tracker”. You will see a tab that says “Holders”. There, you can see all the wallets holding tokens and the liquidity pools.
Token Sniffer
Another great resource is Token Sniffer. Enter the Token ID on the top right and look for the results of the “Automated Contract Audit”. If there are any alerts, stay away from the project.
The “No prior similar token contracts” is sometimes a false flag alert, because many projects use contract templates these days, and unique contract simply means it was written without using a template.
These custom contracts have additional risk of exploits though, because they were not thoroughly tested and can have unknown vulnerabilities.
Watch the Transactions
You can monitor transactions using Etherscan/BscScan, or can go to websites like PooCoin or DexTools, again enter the Token contract address, and examine the transaction list.
If you notice no wallets selling or only one or two wallets doing all the selling, stay away from it. It’s most likely a honeypot. If many wallets are selling, it’s probably safe and not a honeypot.
DO YOUR OWN DUE DILIGENCE / RESEARCH (aka DD / DYOR)
One of the best things you can do to avoid scams is to do proper due diligence.
What does that mean? It means looking at who created the token, inspecting the website, checking out the code, learning about the team, and so on.
It basically means do your research about the project before aping in.
This is what you should watch out for, some of the red flags are:
1. Scrutinize Their Website:
This should be fairly easy, if the website looks rushed and the development is subpar this is a red flag!
One trick is to check when the domain was registered for a website by heading over to whois.domaintools.com and type the domain name in.
If the domain was registered within 24 hours or less of the project launch you can be fairly sure it’s scam.
Scam projects often pop up like mushrooms, and generally within a day they’ve launched the following:
- A website
- Forked (copied) script of yield farm, NFT marketplace, etc.
- Thousands of followers on social media
- An airdrop/giveaway with a suspicious amount of followers
2. Check Their Social Media
Good projects will hire professional social media managers, writers, and other content creators.
The branding will be standardized and appealing.
The text will be clear and concise.
Generally, there will be links to good content, documentation, and informational articles about the projects as well.
Scam projects, on the other hand, will often fail to check any of these things.
They will have:
- Stolen and poor quality images
- Grammatical errors and unappealing “spammy messages” (Like and tag 2 friends, join our TG, drop your ETH address below! )
- No links to relevant information about their project, and so on.
3. Investigate Their Followers on Telegram and Twitter
Spotting bots and fake accounts is pretty easy.
The accounts are generally not very old, created within a week or maybe last few months.
They will have ridiculous handle names like “Ray12321dadafew”
- They will generally have the same name as their username
- No information or bio
- Fake photos, usually of women.
- Their tweets don’t make sense, usually lots of tagging and re-tweeting.
All these same things generally apply to Telegram accounts as well
- Lots of numbers and random crap in their usernames
- Fake photos, usually of women.
- Usernames that don’t make sense
4. Large Wallet Holders:
Stay away from tokens where one or a few wallets hold most of the tokens.
- Unlocked liquidity pools. Even if they have liquidity pools locked, they could unlock them if the contract allows them to. You could dig deeper into the contracts but that usually requires coding knowledge.
- No audit. If token contracts are not audited by a reputable company, the chance of a rugpull or honeypot is almost always there. Be careful!
5. Mint Function
A mint function allows the contract owner to create more tokens whenever they want!
Sometimes, the owner will mint himself a bunch of tokens and then sell them, tanking the price of the token and allowing him to run off with all the money.
Are mint functions always a bad thing?
No, not always, there are some use cases where they make sense and are needed.
A mint function is required, especially, when tokens are minted every block for rewards — think of yield farms on DEXs like Pancakeswap and Uniswap, rewards have to be minted from the function.
How to be safe when there is a mint function?
Always make sure there is a need for it.
Yield Farms and similar projects will have a need for a mint function, because farming requires this type of function in order to issue rewards.
NOTE- if you’re trading a token that is supposed to have a maximum supply but it has a “mint function” then it should raise alarm bells!
Slow RugPull
These are much harder to detect!
Typically the scammers create a perfectly legitimate looking coin with no other warning signs, but they distribute a large amount of coins across hundreds of wallets only they have access to.
For example, 20% of coins are distributed to 500 wallets of 0.04% each. As people start buying the coin and the price increases, they will slowly start dumping (selling) their coins in order to generate money. People will keep buying and they will keep dumping until all their wallets are empty.
These are super hard to detect, but the most reliable way to detect them is to use Etherscan or BscScan to check for many wallets with the same % amount of tokens.
Use ListingSpy’s New ‘Low Liquidity’ Filter
We continue to improve Scam Filter to make things even better for our users. So far it’s working well and is removing a huge amount of scam tokens.
These tokens are removed based upon low trading volume, transaction count, holders, and liquidity. This protects you from 90% of scams already!
The scam filter however is NOT perfect and many scams may still appear, so we always suggest you do your own research before considering any token.
NEW! Low Liquidity Filter
With the help of this filter you can quickly reduce the number of new tokens on PancakeSwap for you to analyze from ~2,600 to only a few hundred.
All of the $0 liquidity (and other low liquidity) tokens will not be displayed!
Contract Check Filter (coming soon!)
Next level improvement to the filter, where we scan the token contracts for various scammer tricks, is under testing now and will be released this month.
Wrap Up
The crypto world in a lot of ways is like the wild west; full of potential and amazing rewards but also somewhat lawless and riddled with scammers and potential threats.
Most new coins should be treated as buyer beware!
Although with some prudent due diligence and use of tools like ListingSpy, Token Sniffer and Etherscan/BscScan, you’ll be well on your way to avoid most of the scams out there.
If you are still using a Free version of ListingSpy, do consider upgrading to Standard, Premium or Exclusive to get access to more powerful features.
Don’t forget to check us out on Twitter for updates and promotions.
Feel free to join our community on Telegram to chat with us or other community members about hidden gem tokens.
Best of luck Spys!